|
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen / spyware.spyeyesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.11.2010, 14:15 | #1 |
| TR/Crypt.XPACK.Gen / spyware.spyeyes Hallo, ich bitte um Hilfe bzw. Unterstützung. Ich war drei Wochen im Ausland und bin über free WiFi im Netz unterwegs gewesen und habe mit dabei wohl etwas eingefangen. Antivir meldete mir heute den Fund von dem Trojaner TR/Crypt.XPACK.Gen . Den konnte Antivir in Quarantäne verschieben. Ein zweiter San führte zu keinem Resultat mehr. Ein Spybot Scan brachte ebenfalls keinen Fund. Malwarebytes Antimalware fand bei dem Quick Scan noch zwei Dateien: Infizierte Verzeichnisse: C:\extensions.exe (Spyware.SpyEyes) -> No action taken. Infizierte Dateien: C:\extensions.exe\config.bin (Spyware.SpyEyes) -> No action taken. Das Porblem konnte von Antimalware ebenfalls behoben worden. Ein erneuter Scan führte zu keinem Ergebnis mehr. Folgendes HijackThis Ergebnis ergibt sich nun: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:36:10, on 14.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Users\Christian\Downloads\HiJackThis204.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: SuperHybridEngine.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Senden an Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8406 bytes Ich hoffe Ihr könnt mir helfen und mir sagen, wie es nun um mein Netbook steht. Betriebssystem ist Windows 7. Vielen Dank. |
14.11.2010, 15:03 | #2 |
/// Malware-holic | TR/Crypt.XPACK.Gen / spyware.spyeyes kannst du mal den avira fund posten?
__________________machst du onlinebanking /einkäufe? oder sonstige wichtigen aktivitäten?
__________________ |
14.11.2010, 15:13 | #3 |
| TR/Crypt.XPACK.Gen / spyware.spyeyes Vielen Dank für die Antwort.
__________________Hier der Antivir log: Avira AntiVir Personal Report file date: Samstag, 13. November 2010 19:05 Scanning for 3043866 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Windows version : (plain) [6.1.7600] Boot mode : Normally booted Username : SYSTEM Computer name : CHRISTIAN-MOBIL Version information: BUILD.DAT : 10.0.0.592 31823 Bytes 09.08.2010 11:00:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 02.11.2010 14:13:47 AVSCAN.DLL : 10.0.3.0 46440 Bytes 01.04.2010 11:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 22:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 13:16:02 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 13:16:03 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 13:16:05 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 13:16:08 VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 14:33:23 VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 14:33:24 VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 14:33:24 VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 14:33:30 VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 12:56:22 VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 15:11:08 VBASE015.VDF : 7.10.13.180 123904 Bytes 09.11.2010 23:36:46 VBASE016.VDF : 7.10.13.211 122368 Bytes 11.11.2010 15:34:52 VBASE017.VDF : 7.10.13.212 2048 Bytes 11.11.2010 15:34:53 VBASE018.VDF : 7.10.13.213 2048 Bytes 11.11.2010 15:34:53 VBASE019.VDF : 7.10.13.214 2048 Bytes 11.11.2010 15:34:54 VBASE020.VDF : 7.10.13.215 2048 Bytes 11.11.2010 15:34:54 VBASE021.VDF : 7.10.13.216 2048 Bytes 11.11.2010 15:34:54 VBASE022.VDF : 7.10.13.217 2048 Bytes 11.11.2010 15:34:54 VBASE023.VDF : 7.10.13.218 2048 Bytes 11.11.2010 15:34:54 VBASE024.VDF : 7.10.13.219 2048 Bytes 11.11.2010 15:34:55 VBASE025.VDF : 7.10.13.220 2048 Bytes 11.11.2010 15:34:55 VBASE026.VDF : 7.10.13.221 2048 Bytes 11.11.2010 15:34:55 VBASE027.VDF : 7.10.13.222 2048 Bytes 11.11.2010 15:34:55 VBASE028.VDF : 7.10.13.223 2048 Bytes 11.11.2010 15:34:56 VBASE029.VDF : 7.10.13.224 2048 Bytes 11.11.2010 15:34:56 VBASE030.VDF : 7.10.13.225 2048 Bytes 11.11.2010 15:34:56 VBASE031.VDF : 7.10.13.237 73728 Bytes 13.11.2010 18:02:23 Engineversion : 8.2.4.98 AEVDF.DLL : 8.1.2.1 106868 Bytes 10.10.2010 13:16:17 AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 03.11.2010 14:37:15 AESCN.DLL : 8.1.6.1 127347 Bytes 10.10.2010 13:16:16 AESBX.DLL : 8.1.3.1 254324 Bytes 10.10.2010 13:16:18 AERDL.DLL : 8.1.9.2 635252 Bytes 10.10.2010 13:16:16 AEPACK.DLL : 8.2.3.11 471416 Bytes 13.10.2010 17:32:10 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10.10.2010 13:16:15 AEHEUR.DLL : 8.1.2.41 3043703 Bytes 12.11.2010 15:36:02 AEHELP.DLL : 8.1.14.0 246134 Bytes 13.10.2010 17:32:07 AEGEN.DLL : 8.1.3.24 401781 Bytes 03.11.2010 14:35:30 AEEMU.DLL : 8.1.2.0 393588 Bytes 10.10.2010 13:16:13 AECORE.DLL : 8.1.17.0 196982 Bytes 10.10.2010 13:16:13 AEBB.DLL : 8.1.1.0 53618 Bytes 10.10.2010 13:16:13 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 11:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 11:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 02.11.2010 14:13:47 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02.11.2010 14:13:47 AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 02.11.2010 14:13:46 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Samstag, 13. November 2010 19:05 Starting search for hidden objects. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\downloadexpirationtime [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Teredo\PreviousState\00-1f-3f-28-93-c8\clientlocalport [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Teredo\PreviousState\00-1f-3f-28-93-c8\addresscreationtimestamp [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Teredo\PreviousState\00-1f-3f-28-93-c8\teredoaddress [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\usezerobroadcast [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\enabledeadgwdetect [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\enabledhcp [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\nameserver [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\nameserver HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\registrationenabled [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\registeradaptername [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpipaddress [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpsubnetmask [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpserver [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpserver HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\lease [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\leaseobtainedtime [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\t1 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\t2 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\leaseterminatestime [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\addresstype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\isservernapaware [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpconnforcebroadcastflag [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpnetworkhint [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpinterfaceoptions [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpgatewayhardware [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpgatewayhardwarecount [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpdomain [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpdefaultgateway [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{44140F89-66DF-4399-8410-7D86156E39CF}\64259445A51224F6870264F6E60275C414E40273237303\dhcpsubnetmaskopt [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'MsiExec.exe' - '50' Module(s) have been scanned Scan process 'msiexec.exe' - '81' Module(s) have been scanned Scan process 'Setup.exe' - '64' Module(s) have been scanned Scan process 'dotNetFx40_Client_x86.exe' - '28' Module(s) have been scanned Scan process 'wuauclt.exe' - '46' Module(s) have been scanned Scan process 'SearchFilterHost.exe' - '58' Module(s) have been scanned Scan process 'UI0Detect.exe' - '27' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '47' Module(s) have been scanned Scan process 'wuauclt.exe' - '44' Module(s) have been scanned Scan process 'SearchProtocolHost.exe' - '47' Module(s) have been scanned Scan process 'svchost.exe' - '28' Module(s) have been scanned Scan process 'svchost.exe' - '28' Module(s) have been scanned Scan process 'vssvc.exe' - '52' Module(s) have been scanned Scan process 'avscan.exe' - '82' Module(s) have been scanned Scan process 'svchost.exe' - '57' Module(s) have been scanned Scan process 'avcenter.exe' - '77' Module(s) have been scanned Scan process 'DllHost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '59' Module(s) have been scanned Scan process 'iPodService.exe' - '33' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '115' Module(s) have been scanned Scan process 'SuperHybridEngine.exe' - '23' Module(s) have been scanned Scan process 'SSScheduler.exe' - '20' Module(s) have been scanned Scan process 'BTTray.exe' - '50' Module(s) have been scanned Scan process 'TeaTimer.exe' - '74' Module(s) have been scanned Scan process 'SMSMngr.exe' - '85' Module(s) have been scanned Scan process 'sidebar.exe' - '95' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '65' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned Scan process 'ETDCtrl.exe' - '33' Module(s) have been scanned Scan process 'fpassist.exe' - '85' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '29' Module(s) have been scanned Scan process 'AsEPCMon.exe' - '16' Module(s) have been scanned Scan process 'AsAcpiSvr.exe' - '35' Module(s) have been scanned Scan process 'avgnt.exe' - '70' Module(s) have been scanned Scan process 'jusched.exe' - '26' Module(s) have been scanned Scan process 'igfxpers.exe' - '32' Module(s) have been scanned Scan process 'hkcmd.exe' - '28' Module(s) have been scanned Scan process 'igfxtray.exe' - '29' Module(s) have been scanned Scan process 'Explorer.EXE' - '169' Module(s) have been scanned Scan process 'Dwm.exe' - '32' Module(s) have been scanned Scan process 'taskhost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'conhost.exe' - '14' Module(s) have been scanned Scan process 'avshadow.exe' - '31' Module(s) have been scanned Scan process 'btwdins.exe' - '30' Module(s) have been scanned Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned Scan process 'WLIDSVC.EXE' - '78' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '69' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '40' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned Scan process 'avguard.exe' - '67' Module(s) have been scanned Scan process 'svchost.exe' - '62' Module(s) have been scanned Scan process 'sched.exe' - '50' Module(s) have been scanned Scan process 'spoolsv.exe' - '103' Module(s) have been scanned Scan process 'svchost.exe' - '95' Module(s) have been scanned Scan process 'svchost.exe' - '83' Module(s) have been scanned Scan process 'svchost.exe' - '176' Module(s) have been scanned Scan process 'svchost.exe' - '115' Module(s) have been scanned Scan process 'svchost.exe' - '94' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'lsm.exe' - '16' Module(s) have been scanned Scan process 'lsass.exe' - '68' Module(s) have been scanned Scan process 'winlogon.exe' - '31' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'csrss.exe' - '16' Module(s) have been scanned Scan process 'wininit.exe' - '26' Module(s) have been scanned Scan process 'csrss.exe' - '16' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '380' files ). Starting the file scan: Begin scan in 'C:\' C:\System Volume Information\_restore{4E6033BC-2E0B-41AA-A598-1B4507984BBE}\RP128\A0042191.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan Begin scan in 'D:\' Beginning disinfection: C:\System Volume Information\_restore{4E6033BC-2E0B-41AA-A598-1B4507984BBE}\RP128\A0042191.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '490413dd.qua'. End of the scan: Sonntag, 14. November 2010 11:17 Used time: 3:19:07 Hour(s) The scan has been done completely. 19399 Scanned directories 318364 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 318363 Files not concerned 1928 Archives were scanned 0 Warnings 1 Notes 574748 Objects were scanned with rootkit scan 30 Hidden objects were found Ich betreibe online banking und kaufe hin und wieder auch online. Sonst keine wichtigen Aktivitäten. |
14.11.2010, 15:18 | #4 |
/// Malware-holic | TR/Crypt.XPACK.Gen / spyware.spyeyes naja ist onlinebanking nicht wichtig :d du musst die bank anrufen, es muss gesperrt werden, der trojaner mit dem du es zu tun hast, mit dem ist nicht zu spaßen :-) ich persönlich würde neu aufsetzen, damit du wieder sicher onlinebanking etc betreiben kannst. ich werde dir helfen das system abzusichern, dazu gehört auch ein backup, damit du das nächste mal das system bei befall innerhalb von 5 minuten zurücksichern kannst.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.11.2010, 15:30 | #5 |
| TR/Crypt.XPACK.Gen / spyware.spyeyes Online Banking ist bereits gesperrt. Der erste Hinweis kam auch von meinem Bankberater. Es wurde vorsorglich gesperrt, da versucht wurde Daten auszuspähen. Antivir hat dies aber erst mit Abstand von mehreren Tagen gemeldet. Spybot hat nichts gefunden. Ich werde wohl neu aufsetzen. Bootkits Checks habe gemacht und keine Probleme erkannt. Das Neuaufsetzen ist mit dem Netbook immer so mühseelig ohne DVD/CD Laufwerk. |
14.11.2010, 16:00 | #6 |
/// Malware-holic | TR/Crypt.XPACK.Gen / spyware.spyeyes du hast doch ne recovery partition nehme ich an, was für n netbook ists? den genauen typ bitte.
__________________ --> TR/Crypt.XPACK.Gen / spyware.spyeyes |
Themen zu TR/Crypt.XPACK.Gen / spyware.spyeyes |
adobe, antivir, antivir guard, avg, avira, bho, bitte um hilfe, bonjour, desktop, eeepc, excel, explorer, hijack, hijackthis, internet, internet explorer, object, plug-in, safer networking, scan, security, security scan, senden, software, spyware.spyeye, spyware.spyeyes, super, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trojaner tr/crypt.xpack.gen, windows |