Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Agent.47104.L und TR/Crypt.XPACK.Gen

TR/Agent.47104.L und TR/Crypt.XPACK.Gen


Plagegeister aller Art und deren Bekämpfung: TR/Agent.47104.L und TR/Crypt.XPACK.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.02.2009, 17:59   #1
Koso86
 
TR/Agent.47104.L und TR/Crypt.XPACK.Gen - Standard

TR/Agent.47104.L und TR/Crypt.XPACK.Gen


Hallo,

ich habe heute morgen AntiVir durchlaufen lassen und es hat 2 Trojaner gefunden.
1. den Trojaner TR/Agent.47104.L in
Code:
ATTFilter
C:\Program Files\ACD Systems\ACD See\8.0\Patch
Seltsam ist, dass ich das programm ACD See eigentlich schon seit längerer Zeit deinstalliert habe. Es können also nur überreste des Programms sein.
2. den Trojaner TR/Crypt.XPACK.Gen in
Code:
ATTFilter
K:\Spiele\gta-vc.exe
wobei "K:\" meine Externe Festplatte ist.

Beide Trojaner habe ich in Quaratäne gelegt. Trotzdem bin ich nicht sicher, ob die Trojaner nun keinen Schaden mehr anrichten können oder irgendwelche Programme installiert haben, die im Hintergrund laufen.

Wie in den Foren-Regeln habe ich bereits den CCleaner und Malware durchlaufen lassen und schicke euch nun folgende Reports.
1. Report von Antivir
2. Report von Malware
3. Report von HiJack This

Leider habe ich von dem, was in diesen Reports steht keine Ahnung, kann also nichts damit anfangen. ich habe mir schon ähnliche Posts durchgelesen, aber ich weiß trotzdem nicht, welche Einträge ich nun löschen muss, bzw. ob das überhaupt notwendig ist. ich möchte nichts löschen, von dem ich keine Ahnung habe und wäre deswegen für eure Hilfe wirklich sehr dankbar.

1.Avira Report
Code:
ATTFilter
Avira AntiVir Personal
Report file date: Dienstag, 24. Februar 2009  10:47

Scanning for 1262312 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    000014****-AD***-00**
Platform:         Windows Vista
Windows version:  (Service Pack 1)  [6.0.6001]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    ***-PC

Version information:
BUILD.DAT     : 8.2.0.337      16934 Bytes  18.11.2008 13:05:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  25.11.2008 15:13:32
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  18.07.2008 15:43:43
LUKE.DLL      : 8.1.4.5       164097 Bytes  18.07.2008 15:43:43
LUKERES.DLL   : 8.1.4.0        12033 Bytes  18.07.2008 15:43:43
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  27.10.2008 07:37:52
ANTIVIR1.VDF  : 7.1.2.12     3336192 Bytes  11.02.2009 09:14:24
ANTIVIR2.VDF  : 7.1.2.55      248832 Bytes  20.02.2009 17:17:56
ANTIVIR3.VDF  : 7.1.2.67       61440 Bytes  23.02.2009 15:37:33
Engineversion : 8.2.0.87  
AEVDF.DLL     : 8.1.1.0       106868 Bytes  31.01.2009 14:42:41
AESCRIPT.DLL  : 8.1.1.47      348539 Bytes  14.02.2009 09:14:13
AESCN.DLL     : 8.1.1.7       127347 Bytes  14.02.2009 09:14:13
AERDL.DLL     : 8.1.1.3       438645 Bytes  07.11.2008 06:29:27
AEPACK.DLL    : 8.1.3.8       397684 Bytes  05.02.2009 08:19:39
AEOFFICE.DLL  : 8.1.0.33      196987 Bytes  11.12.2008 15:56:28
AEHEUR.DLL    : 8.1.0.97     1610103 Bytes  23.02.2009 15:37:36
AEHELP.DLL    : 8.1.2.0       119159 Bytes  18.11.2008 18:56:36
AEGEN.DLL     : 8.1.1.20      336245 Bytes  23.02.2009 15:37:34
AEEMU.DLL     : 8.1.0.9       393588 Bytes  16.10.2008 14:21:06
AECORE.DLL    : 8.1.6.6       176501 Bytes  18.02.2009 17:18:18
AEBB.DLL      : 8.1.0.3        53618 Bytes  16.10.2008 14:21:02
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  18.07.2008 15:43:43
AVPREF.DLL    : 8.0.2.0        38657 Bytes  18.07.2008 15:43:43
AVREP.DLL     : 8.0.0.2        98344 Bytes  31.07.2008 16:24:25
AVREG.DLL     : 8.0.0.1        33537 Bytes  18.07.2008 15:43:43
AVARKT.DLL    : 1.0.0.23      307457 Bytes  19.04.2008 16:08:15
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  18.07.2008 15:43:42
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  19.04.2008 16:08:29
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  18.07.2008 15:43:43
NETNT.DLL     : 8.0.0.1         7937 Bytes  19.04.2008 16:08:28
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  18.07.2008 15:43:39
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  18.07.2008 15:43:39

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, K:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Dienstag, 24. Februar 2009  10:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'Integrator.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'IGDCTRL.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'MailCheck.exe' - '1' Module(s) have been scanned
Scan process 'StCenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!
Boot sector 'K:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Program Files\ACD Systems\ACDSee\8.0\patch.exe
    [DETECTION] Is the TR/Agent.47104.L Trojan
    [NOTE]      The file was moved to '4a17c599.qua'!
C:\Windows\System32\drivers\sptd.sys
    [WARNING]   The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'K:\' <My Book>
K:\Spiele\gta-vc.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4a04d82b.qua'!


End of the scan: Dienstag, 24. Februar 2009  12:31
Used time:  1:43:20 Hour(s)

The scan has been done completely.

  28015 Scanning directories
 548058 Files were scanned
      2 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      2 files were moved to quarantine
      0 files were renamed
      3 Files cannot be scanned
 548053 Files not concerned
   6986 Archives were scanned
      3 Warnings
      2 Notes
2. Malware Report
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1798
Windows 6.0.6001 Service Pack 1

24.02.2009 17:54:28
mbam-log-2009-02-24 (17-54-28).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|K:\|)
Durchsuchte Objekte: 270655
Laufzeit: 3 hour(s), 9 minute(s), 5 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Neoact\Carom3D\cwebpage.dll (Adware.NewWeb) -> Quarantined and deleted successfully.
C:\Windows\System32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
3. HiJack This Report
Code:
ATTFilter
Logfile of HijackThis v1.99.1
Scan saved at 17:55:50, on 24.02.2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\MailCheck\MailCheck.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studivz.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: MailCheck 2.lnk = C:\Program Files\MailCheck\MailCheck.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix: 
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (AUTODESKVAULT) (MSSQL$AUTODESKVAULT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Antwort

Themen zu TR/Agent.47104.L und TR/Crypt.XPACK.Gen
0 bytes, 1.exe, antivir, audiodg.exe, avg, avgnt.exe, bho, cmdow.exe, dllhost.exe, dsl, dwm.exe, festplatte, firefox, hijack, hijackthis, igdctrl.exe, integrator.exe, internet, internet explorer, jusched.exe, konvertieren, launch, logfile, logon.exe, malware, malware.tool, malwarebytes' anti-malware, moved, mozilla, mssql, nicht sicher, nt.dll, pdf-datei, programm, registrierungsschlüssel, sched.exe, senden, server, service pack 1, services.exe, software, svchost.exe, symantec, tr/agent.47104.l, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trojaner tr/crypt.xpack.gen, tuneup.defrag, virus, windows, windows defender


« RECYCLER: Festplatte öffnet sich nicht | Hilfe! Google leitet auf falsche Seiten weiter und Log-In Buttons funktionieren nicht »


Ähnliche Themen: TR/Agent.47104.L und TR/Crypt.XPACK.Gen


  1. tr/drop.agent tr/crypt.xpack.gen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (3)
  2. TR/Agent.47104.L und TR/Spy.79360.15 läßt sich nicht löschen!
    Log-Analyse und Auswertung - 21.01.2011 (1)
  3. TR/Crypt.XPACK.Gen und JAVA/Agent.BH
    Log-Analyse und Auswertung - 30.09.2010 (3)
  4. TR/Crypt.XPACK.Gen + JAVA/Agent.M.1
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (1)
  5. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  6. TR/Crypt.XPACK.Gen2 und TR/Agent.193536 gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (5)
  7. Trojaner TR/Agent.47104.l
    Log-Analyse und Auswertung - 08.02.2010 (29)
  8. TR/Crypt.XPACK.Gen und TR/Agent.284160.C
    Plagegeister aller Art und deren Bekämpfung - 25.01.2010 (1)
  9. TR/Crypt.XPack.Gen und TR/Agent.AG.1267
    Log-Analyse und Auswertung - 05.11.2009 (11)
  10. TR/agent.47104.L+HJT Log-File
    Log-Analyse und Auswertung - 01.07.2009 (0)
  11. Trojaner:tr/agent.47104.l / Logfile check
    Log-Analyse und Auswertung - 12.04.2009 (0)
  12. TR/Agent.47104.L
    Plagegeister aller Art und deren Bekämpfung - 08.04.2009 (6)
  13. TR/CRYPT.XPACK.GEN und tr/agent.8704.76
    Plagegeister aller Art und deren Bekämpfung - 27.03.2009 (19)
  14. TR/Agent.47104.L
    Plagegeister aller Art und deren Bekämpfung - 24.02.2009 (1)
  15. TR/Crypt.XPACK.Gen und TR/Agent.331776.F
    Plagegeister aller Art und deren Bekämpfung - 22.02.2009 (0)
  16. TR.Vundo.Gen/TR.Agent.VB.H.1/TR.Crypt.XPack.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.08.2008 (4)
  17. TR/Crypt.XPACK.Gen TR/Trash.Gen TR/Agent.57344
    Plagegeister aller Art und deren Bekämpfung - 18.05.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Agent.47104.L und TR/Crypt.XPACK.Gen - Hallo, ich habe heute morgen AntiVir durchlaufen lassen und es hat 2 Trojaner gefunden. 1. den Trojaner TR/Agent.47104.L in Code: Alles auswählen Aufklappen ATTFilter C:\Program Files\ACD Systems\ACD See\8.0\Patch Seltsam ist, - TR/Agent.47104.L und TR/Crypt.XPACK.Gen...
Archiv
Du betrachtest: TR/Agent.47104.L und TR/Crypt.XPACK.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19