|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen in AppDataWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.12.2010, 00:43 | #46 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Mach mal einen neuen Durchgang mit CF, die cofi.exe neu runterladen!! ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
14.01.2011, 18:48 | #47 |
| TR/Crypt.XPACK.Gen in AppData Combofix Logfile:
__________________Code:
ATTFilter ComboFix 11-01-14.01 - Michelle 14.01.2011 18:15:36.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2037.880 [GMT 1:00] ausgeführt von:: c:\users\Michelle\Desktop\cofi.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\ICQ6.5\ICQLRun.exe c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2 c:\users\Michelle\FAVORI~1\mxfilerelatedcache.mxc2 c:\users\Michelle\Favorites\mxfilerelatedcache.mxc2 c:\windows\system32\fldlckun.exe . ((((((((((((((((((((((( Dateien erstellt von 2010-12-14 bis 2011-01-14 )))))))))))))))))))))))))))))) . 2011-01-14 17:37 . 2011-01-14 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-14 17:06 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF858DFE-4CD5-476B-A5A5-935110992833}\mpengine.dll 2011-01-12 20:44 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe 2010-12-26 02:49 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys 2010-12-26 02:49 . 2010-12-26 02:49 -------- d-----w- c:\program files\LogMeIn Hamachi 2010-12-24 02:08 . 2010-12-24 02:08 -------- d--h--w- c:\windows\msdownld.tmp 2010-12-24 01:28 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-24 01:07 . 2010-11-09 00:10 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-24 23:50 . 2009-03-24 21:00 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-10-19 09:41 . 2010-10-30 01:02 222080 ------w- c:\windows\system32\MpSigStub.exe 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840] "Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-09-03 4013511] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-24 2424560] "ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "NDSTray.exe"="NDSTray.exe" [BU] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-06 366400] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-18 1836544] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-08 185896] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368] c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 135664] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2008-05-27 50560] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968] S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-09-21 2368] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304] . Inhalt des "geplante Tasks" Ordners 2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 11:56] 2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 11:56] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: Free YouTube to Mp3 Converter - c:\users\Michelle\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - eine der größten deutschen Shopping-Websites IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\05xg1xwj.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.lovin-girls.bplaced.de/Forum/ FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=101447&l=dis&q= FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Red Cats (blue flavor): {ff356687-aa08-463d-a46c-11c451824939} - %profile%\extensions\{ff356687-aa08-463d-a46c-11c451824939} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Neopets Toolbar: {2cb97724-d789-4f43-8888-a763cbb8df6f} - %profile%\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-TOSCDSPD - TOSCDSPD.EXE HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-01-14 18:37 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2011-01-14 18:42:54 ComboFix-quarantined-files.txt 2011-01-14 17:42 Vor Suchlauf: 11 Verzeichnis(se), 44.704.993.280 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 42.973.061.120 Bytes frei - - End Of File - - 015E9E98AA2C74274EA09BA2671BDD76 |
14.01.2011, 22:31 | #49 |
| TR/Crypt.XPACK.Gen in AppData Beim GMER-Scan hat mein PC leider beschlossen einen Neustart zu machen, den ich nicht schnell genug verhindern konnte, also kommt erst mal nur der Log von OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 20:24:27 on 14.01.2011 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.0.19 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Michelle\AppData\Local\Temp\catchme.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "mbr" (mbr) - ? - C:\cofi17786c\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SVKP" (SVKP) - "AntiCracking" - C:\Windows\system32\SVKP.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {727A317F-21BE-47C3-B1B2-3F3ED1428DA7} "FtpOleHook Class" - "WeOnlyDo! Inc." - C:\Windows\system32\wodFtpDLX.OCX {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Neopets" - "Velocity Services, Inc." - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll <binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Amazon.de" - ? - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr (HTTP value) "eBay - Der weltweite Online Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites (HTTP value) "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll <binary data> "Neopets" - "Velocity Services, Inc." - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {CD292324-974F-4224-D074-CACA427AA030} "Neopets" - "Velocity Services, Inc." - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Privoxy.lnk" - "The Privoxy team - www.privoxy.org" - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "EA Core" - "Electronic Arts" - "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ6.5\ICQ.exe" silent "MsnMsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "Vidalia" - ? - "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "NDSTray.exe" - ? - NDSTray.exe (File not found) "Picasa Media Detector" - "Google Inc." - C:\Program Files\Picasa2\PicasaMediaDetector.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup "Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "Lavasoft Ad-Aware Service" (aawservice) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ===[ Logfile end ]=========================================[ Logfile end ]=== |
14.01.2011, 23:28 | #50 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData MBRCheck brauch ich nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
16.01.2011, 03:11 | #51 |
| TR/Crypt.XPACK.Gen in AppData MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: Intel Corp. BIOS Manufacturer: INSYDE System Manufacturer: TOSHIBA System Product Name: Satellite L350 Logical Drives Mask: 0x00000034 Kernel Drivers (total 156): 0xE2046000 \SystemRoot\system32\ntkrnlpa.exe 0xE2013000 \SystemRoot\system32\hal.dll 0xC5E0E000 \SystemRoot\system32\kdcom.dll 0xC5E16000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0xC5E76000 \SystemRoot\system32\PSHED.dll 0xC5E87000 \SystemRoot\system32\BOOTVID.dll 0xC5E8F000 \SystemRoot\system32\CLFS.SYS 0xC5ED0000 \SystemRoot\system32\CI.dll 0xC6009000 \SystemRoot\system32\drivers\Wdf01000.sys 0xC6085000 \SystemRoot\system32\drivers\WDFLDR.SYS 0xC6092000 \SystemRoot\system32\drivers\acpi.sys 0xC60D8000 \SystemRoot\system32\drivers\WMILIB.SYS 0xC60E1000 \SystemRoot\system32\drivers\msisadrv.sys 0xC60E9000 \SystemRoot\system32\drivers\pci.sys 0xC6110000 \SystemRoot\System32\drivers\partmgr.sys 0xC611F000 \SystemRoot\system32\DRIVERS\compbatt.sys 0xC6122000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0xC612C000 \SystemRoot\system32\drivers\volmgr.sys 0xC613B000 \SystemRoot\System32\drivers\volmgrx.sys 0xC6185000 \SystemRoot\system32\drivers\intelide.sys 0xC618C000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0xC619A000 \SystemRoot\System32\drivers\mountmgr.sys 0xC6206000 \SystemRoot\system32\DRIVERS\iaStor.sys 0xC62CE000 \SystemRoot\system32\drivers\atapi.sys 0xC62D6000 \SystemRoot\system32\drivers\ataport.SYS 0xC62F4000 \SystemRoot\system32\drivers\msahci.sys 0xC62FE000 \SystemRoot\system32\drivers\fltmgr.sys 0xC6330000 \SystemRoot\system32\drivers\fileinfo.sys 0xC6340000 \SystemRoot\System32\Drivers\PxHelp20.sys 0xC6349000 \SystemRoot\System32\Drivers\ksecdd.sys 0xC640E000 \SystemRoot\system32\drivers\ndis.sys 0xC6519000 \SystemRoot\system32\drivers\msrpc.sys 0xC6544000 \SystemRoot\system32\drivers\NETIO.SYS 0xC6605000 \SystemRoot\System32\Drivers\Ntfs.sys 0xC6714000 \SystemRoot\system32\drivers\volsnap.sys 0xC674D000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS 0xC6752000 \SystemRoot\system32\DRIVERS\tos_sps32.sys 0xC679D000 \SystemRoot\System32\Drivers\spldr.sys 0xC67A5000 \SystemRoot\System32\Drivers\mup.sys 0xC67B4000 \SystemRoot\System32\drivers\ecache.sys 0xC67DB000 \SystemRoot\system32\drivers\disk.sys 0xC657E000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0xC67EC000 \SystemRoot\system32\drivers\crcdisk.sys 0xC9ECC000 \SystemRoot\system32\DRIVERS\tunnel.sys 0xC9ED7000 \SystemRoot\system32\DRIVERS\tunmp.sys 0xC9EE0000 \SystemRoot\system32\DRIVERS\FwLnk.sys 0xC9EE8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xC9EF7000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xCA808000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0xCAE3F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0xCAEDE000 \SystemRoot\System32\drivers\watchdog.sys 0xCAEEB000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xCAEF6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xCAF34000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xCAF43000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xCAF55000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0xCAF72000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xCAF85000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xCAF90000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xCAFBF000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xCAFC1000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xCAFCC000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys 0xCAFD0000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xC9EFB000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0xC9F29000 \SystemRoot\system32\DRIVERS\storport.sys 0xCAFE8000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xC9F6A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xCAFF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xC9F81000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xC9FA4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xC9FB3000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xC9FC7000 \SystemRoot\system32\DRIVERS\rassstp.sys 0xCA800000 \SystemRoot\system32\DRIVERS\hamachi.sys 0xC9FDC000 \SystemRoot\system32\DRIVERS\termdd.sys 0xCA805000 \SystemRoot\system32\DRIVERS\swenum.sys 0xC65AC000 \SystemRoot\system32\DRIVERS\ks.sys 0xC9FEC000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xC65D6000 \SystemRoot\system32\DRIVERS\umbus.sys 0xC63BA000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xCA400000 \SystemRoot\system32\drivers\RTKVHDA.sys 0xC61AA000 \SystemRoot\system32\drivers\portcls.sys 0xC61D7000 \SystemRoot\system32\drivers\drmk.sys 0xC5FB0000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0xCB008000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0xCB10B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0xCB1C0000 \SystemRoot\system32\drivers\modem.sys 0xCB1CD000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xCB1DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xCB1E7000 \SystemRoot\System32\Drivers\Null.SYS 0xCB1EE000 \SystemRoot\System32\Drivers\Beep.SYS 0xCB000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xC65E3000 \SystemRoot\System32\drivers\vga.sys 0xCB400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0xCB421000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xCB429000 \SystemRoot\system32\drivers\rdpencdd.sys 0xCB431000 \SystemRoot\System32\Drivers\Msfs.SYS 0xCB43C000 \SystemRoot\System32\Drivers\Npfs.SYS 0xCB44A000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xCB453000 \SystemRoot\System32\drivers\tcpip.sys 0xCB53C000 \SystemRoot\System32\drivers\fwpkclnt.sys 0xCB557000 \SystemRoot\system32\DRIVERS\tdx.sys 0xCB56D000 \SystemRoot\system32\DRIVERS\smb.sys 0xCB581000 \SystemRoot\system32\drivers\afd.sys 0xCB5C9000 \SystemRoot\System32\DRIVERS\netbt.sys 0xCB20E000 \SystemRoot\system32\DRIVERS\pacer.sys 0xCB224000 \SystemRoot\system32\DRIVERS\rtlprot.sys 0xCB22E000 \SystemRoot\system32\DRIVERS\netbios.sys 0xCB23C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xCB24F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xCB255000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0xCB277000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0xCB27D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xCB2B9000 \SystemRoot\system32\drivers\nsiproxy.sys 0xCB2C3000 \SystemRoot\System32\Drivers\dfsc.sys 0xCB2DA000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xCB300000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xCB317000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS 0xCB320000 \SystemRoot\System32\Drivers\usbvideo.sys 0xCB341000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xCB34A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xCB35A000 \SystemRoot\system32\DRIVERS\RTL8187B.sys 0xCB3AA000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xCB3B2000 \SystemRoot\System32\Drivers\crashdmp.sys 0xC9E00000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xD0640000 \SystemRoot\System32\win32k.sys 0xCB3BF000 \SystemRoot\System32\drivers\Dxapi.sys 0xCB3C9000 \SystemRoot\system32\DRIVERS\monitor.sys 0xD0860000 \SystemRoot\System32\TSDDD.dll 0xD0880000 \SystemRoot\System32\cdd.dll 0xCB3D8000 \SystemRoot\system32\drivers\luafv.sys 0xD7403000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xD7418000 \SystemRoot\system32\drivers\spsys.sys 0xD74C7000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xD74D7000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xD7501000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xD750B000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xD751E000 \SystemRoot\system32\drivers\HTTP.sys 0xD758B000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xD75A8000 \SystemRoot\system32\DRIVERS\bowser.sys 0xD75C1000 \SystemRoot\System32\drivers\mpsdrv.sys 0xD75D6000 \SystemRoot\system32\drivers\mrxdav.sys 0xDA40B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xDA42A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xDA463000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xDA47B000 \SystemRoot\System32\DRIVERS\srv2.sys 0xDA4A3000 \SystemRoot\System32\DRIVERS\srv.sys 0xDA4F1000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xDA534000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xDA539000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xDBE01000 \SystemRoot\system32\drivers\peauth.sys 0xDBEDF000 \SystemRoot\System32\Drivers\secdrv.SYS 0xDBEE9000 \??\C:\Windows\system32\SVKP.sys 0xDBEEA000 \SystemRoot\System32\drivers\tcpipreg.sys 0xDBEF6000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xDBEFE000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77150000 \Windows\System32\ntdll.dll Processes (total 86): 0 System Idle Process 4 System 460 C:\Windows\System32\smss.exe 592 csrss.exe 636 csrss.exe 644 C:\Windows\System32\wininit.exe 680 C:\Windows\System32\services.exe 696 C:\Windows\System32\lsass.exe 704 C:\Windows\System32\lsm.exe 752 C:\Windows\System32\winlogon.exe 892 C:\Windows\System32\svchost.exe 956 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 1000 C:\Windows\System32\svchost.exe 1036 C:\Windows\System32\svchost.exe 1128 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\svchost.exe 1224 C:\Windows\System32\svchost.exe 1300 C:\Windows\System32\audiodg.exe 1324 C:\Windows\System32\svchost.exe 1348 C:\Windows\System32\SLsvc.exe 1416 C:\Windows\servicing\TrustedInstaller.exe 1456 C:\Windows\System32\svchost.exe 1600 C:\Windows\System32\svchost.exe 1736 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1900 C:\Windows\System32\spoolsv.exe 1924 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1936 C:\Windows\System32\svchost.exe 476 C:\Windows\System32\taskeng.exe 640 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 700 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 1376 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 1944 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1984 C:\Program Files\ICQ6Toolbar\ICQ Service.exe 1540 C:\Windows\System32\svchost.exe 852 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 676 C:\Windows\System32\svchost.exe 1532 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe 2068 C:\Windows\System32\TODDSrv.exe 2092 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 2116 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe 2196 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 2224 C:\Windows\System32\svchost.exe 2256 C:\Windows\System32\SearchIndexer.exe 2276 C:\Windows\System32\drivers\XAudio.exe 3124 C:\Windows\System32\dwm.exe 3132 C:\Windows\System32\taskeng.exe 3184 C:\Windows\explorer.exe 3580 C:\Windows\System32\igfxtray.exe 3588 C:\Windows\System32\hkcmd.exe 3604 C:\Windows\System32\igfxsrvc.exe 3660 C:\Windows\System32\igfxpers.exe 3716 C:\Windows\RtHDVCpl.exe 3764 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3772 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe 3824 C:\Program Files\Picasa2\PicasaMediaDetector.exe 3852 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe 3872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3920 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3932 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3968 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe 4004 C:\Program Files\Windows Sidebar\sidebar.exe 4012 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 4036 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe 1220 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe 2252 C:\Program Files\Skype\Phone\Skype.exe 2520 C:\Program Files\Windows Media Player\wmpnscfg.exe 556 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE 1552 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe 1764 C:\Program Files\ICQ6.5\ICQ.exe 2816 C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe 2860 C:\Program Files\Windows Media Player\wmpnetwk.exe 2800 C:\Program Files\OpenOffice.org 3\program\soffice.exe 3536 C:\Program Files\OpenOffice.org 3\program\soffice.bin 3884 C:\Windows\System32\WerFault.exe 1972 C:\Program Files\Vidalia Bundle\Tor\tor.exe 4160 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4328 C:\Program Files\Windows Live\Contacts\wlcomm.exe 4512 C:\Program Files\Skype\Plugin Manager\skypePM.exe 4252 C:\Windows\System32\wuauclt.exe 5720 C:\Program Files\Mozilla Firefox\firefox.exe 4944 C:\Windows\System32\SearchProtocolHost.exe 4228 C:\Windows\System32\SearchFilterHost.exe 2780 dllhost.exe 4284 dllhost.exe 5116 C:\Users\Michelle\Desktop\MBRCheck.exe 1916 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001d`75800000 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK2546GSX, Rev: LB013M Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
16.01.2011, 20:44 | #52 |
| TR/Crypt.XPACK.Gen in AppData GMER ist mir jetzt schon öfter abgestürzt. Das Programm reagiert nicht mehr, stand in der Meldung. Dann konnte man es nur noch schließen. Ist der Log sehr wichtig? Dann versuche ich es noch ein paar mal. |
16.01.2011, 21:23 | #53 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
20.01.2011, 00:24 | #54 |
| TR/Crypt.XPACK.Gen in AppData SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 11/04/2010 at 07:32 PM Application Version : 4.45.1000 Core Rules Database Version : 5810 Trace Rules Database Version: 3622 Scan type : Complete Scan Total Scan Time : 02:09:03 Memory items scanned : 830 Memory threats detected : 0 Registry items scanned : 8496 Registry threats detected : 12 File items scanned : 174105 File threats detected : 8 Neopets Toolbar HKLM\Software\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030} HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030} HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030} HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32 HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32#ThreadingModel HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ProgID HKCR\Toolbar.Neopets HKCR\Toolbar.Neopets\Clsid C:\PROGRA~1\NEOPETS\TOOLBAR\TOOLBAR.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD292324-974F-4224-D074-CACA427AA030} HKU\S-1-5-21-2050151488-740253392-1122047962-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD292324-974F-4224-D074-CACA427AA030} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CD292324-974F-4224-D074-CACA427AA030} HKU\S-1-5-21-2050151488-740253392-1122047962-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{CD292324-974F-4224-D074-CACA427AA030} Adware.Tracking Cookie C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Cookies\michelle@doubleclick[2].txt C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Cookies\michelle@atdmt[1].txt C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Cookies\michelle@serving-sys[2].txt C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Cookies\michelle@bs.serving-sys[1].txt C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Cookies\michelle@revsci[1].txt Trojan.Agent/Gen C:\COFI717C\MBR.CFXXE Trojan.Agent/Gen-Cryptor[Virut] C:\TOSHIBA\WEBSHOPS\ADDEBAYTOOLBARBUTTON.EXE |
20.01.2011, 09:32 | #55 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Ein paar Überreste, Fehlalarme und Cookies. Noch Probleme offen oder alles ok jetzt?
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2011, 18:52 | #56 |
| TR/Crypt.XPACK.Gen in AppData Und muss ich noch was machen, die Objekte sind ja jetzt erst nur in Quarantäne, muss ich die noch löschen? Momentan scheint alles okay zu sein. Bis auf mein FF, den ich aber durch Google Chrome ersetzt habe. Und irgendein Update scheint mein PC nicht vervollständigen zu können. Immer beim Hochfahren kommt da Schritt 3 zu 0 % erledigt. Und das kommt seit Tagen und klappt wohl nicht so richtig. Davon abgesehen ist alles gut und auch keine Antivir-Meldungen mehr. |
25.01.2011, 20:16 | #57 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Du weißt, was eine Quarantäne ist? Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
__________________ Logfiles bitte immer in CODE-Tags posten |
26.01.2011, 18:23 | #58 |
| TR/Crypt.XPACK.Gen in AppData Okay! Aber eben gerade kam eine neue Meldung: In der Datei 'C:\Users\Michelle\AppData\Local\Temp\EAD587B.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. |
26.01.2011, 19:35 | #59 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Ich hab mal auf das Erstellungsdatum eben geachtet, seit Mitte Oktober bis du da jetzt am rumfrickeln. Willst du nicht lieber Daten sichern und alles neu installieren?
__________________ Logfiles bitte immer in CODE-Tags posten |
01.02.2011, 17:43 | #60 |
| TR/Crypt.XPACK.Gen in AppData Das traue ich mich selbst nicht. Da würde ich dann lieber einen Fachmann drüber gucken lassen, bzw. das erledigen lassen. Aber ja, darüber habe ich letztens auch nachgedacht. Ob das nicht sinnvoller wäre. :/ |
Themen zu TR/Crypt.XPACK.Gen in AppData |
acroiehelper.dll, ad-aware, antivir, avgntflt.sys, avira, bho, components, converter, corp./icp, desktop, druck, error, firefox, firefox.exe, flash player, google, home, home premium, iastor.sys, install.exe, intranet, local\temp, location, logfile, microsoft office word, mp3, nvstor.sys, object, oldtimer, otl logfile, otl.exe, phishing, picasa, plug-in, programdata, realtek, registry, rojaner gefunden, saver, sched.exe, searchplugins, security, shell32.dll, skype.exe, software, start menu, studio, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trojaner gefunden, uleadburninghelper, updates, usb 2.0, vista, vlc media player, wireless lan, worm.p2p |