| |
| |||||||
Log-Analyse und Auswertung: TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.03.2012, 18:57
| #1 |
 |  TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hallo zusammen, das Problem mit meinem Computer begann mit der Meldung von Avira TR/crypt.zpack.gen8 gefunden zu haben. Leider habe ich mir weitere Details nicht notiert und eine Log Datei von Avira finde ich nicht. Nur soviel: Nachdem ich die Avira Meldung quittiert habe poppten ~20 Windowsmeldungen auf. Nachdem ich diese geschlossen habe, startete der Compi automatisch neu. Vom Desktop sind eine Vielzahl von Dateien und Ordner verschwunden, der Hintergrund ist schwarz. Auch mein Start Menu ist leer, wobei die Ordnerstruktur darin noch vorhanden ist. Die gleichen Avira und Windows Meldungen kamen erneut. Nach dem folgenden automatischen Neustart bekam ich nur noch einen Bluescreen. Danach habe in Windows im abgesicherten Modus mit Netwerkunterstützung gestartet - so läuft er jetzt erstmal. Im Board habe ich einige Einträge zu TR/crypt.xpack.gen mit ähnlichen Symptomen gefunden - aber keinen konkreten Lösungsweg um das Problem zu beheben. Anbei noch die Log Dateien - ich hoffe, dass mir jemand helfen kann! Danke schonmal vorab! .DDS Logfile: DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by ***** at 17:40:16 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1790.1357 [GMT 2:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [rmIhrYfwFjUdy.exe] c:\programdata\rmIhrYfwFjUdy.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRunOnce: [ Malwarebytes Anti-Malware ] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}\377796373736F6D6534376 : DhcpNameServer = 192.168.48.1
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}\75962756C6563737F5E65647 : DhcpNameServer = 193.162.153.164 194.239.134.83
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}\75F627C64636F666665656D22333730323D274F656474796E67656E6 : DhcpNameServer = 192.168.44.1 192.168.44.1
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}\845696D6C416E6 : DhcpNameServer = 192.168.2.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\*****\appdata\roaming\mozilla\firefox\profiles\mejxpefa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 rtl819xp;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) PCI NIC-NT-Treiber;c:\windows\system32\drivers\rtl819xp.sys [2011-1-6 559208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-13 11608]
S1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2011-1-1 9600]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-11-4 10752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2010-2-13 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-13 269480]
S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-3-4 748440]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-13 66616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-9-14 94880]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-2-14 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-2-14 144704]
S2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-11-4 311296]
S2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2012-2-15 2016504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-13 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-14 54632]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-2-14 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-4 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-4 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-4 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-4 40552]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-5 64032]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-28 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-20 1343400]
.
=============== Created Last 30 ================
.
2012-03-31 14:52:05 -------- d-----w- c:\users\*****\appdata\roaming\Malwarebytes
2012-03-31 14:51:56 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 14:51:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 14:51:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-31 14:14:37 220672 ----a-w- c:\programdata\ZOtq0h1R1Ftiig.exe
2012-03-31 14:01:20 300032 ----a-w- c:\programdata\rmIhrYfwFjUdy.exe
2012-03-27 19:22:47 -------- d-----w- c:\users\*****\appdata\roaming\FreeCommander
2012-03-27 19:22:45 -------- d-----w- c:\program files\FreeCommander
2012-03-21 22:40:53 -------- d-----w- c:\program files\Application Updater
2012-03-21 22:40:50 -------- d-----w- c:\program files\pdfforge Toolbar
2012-03-21 22:40:50 -------- d-----w- c:\program files\common files\Spigot
2012-03-18 12:22:38 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 12:22:38 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-18 10:30:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 10:30:20 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-17 12:55:52 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 12:55:40 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 12:54:02 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 12:54:02 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 12:54:01 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 12:53:44 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 12:53:42 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-17 12:53:42 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-03-18 10:24:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
============= FINISH: 17:41:19,62 ===============
--- --- --- --- --- --- attach Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 13.02.2010 22:31:53
System Uptime: 31.03.2012 16:35:51 (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N510
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 164,028 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: BCM2046 Bluetooth Module
Device ID: USB\VID_0A5C&PID_2151\0C6076BC0CD9
Manufacturer: Broadcom
Name: BCM2046 Bluetooth Module
PNP Device ID: USB\VID_0A5C&PID_2151\0C6076BC0CD9
Service: BTHUSB
.
==== System Restore Points ===================
.
RP159: 30.12.2011 14:00:58 - Windows Update
RP160: 30.12.2011 14:39:43 - Windows Update
RP161: 20.01.2012 11:19:46 - Windows Update
RP162: 20.01.2012 11:49:53 - Installed Java(TM) 6 Update 30
RP163: 29.01.2012 19:41:41 - Windows Update
RP164: 11.02.2012 19:40:24 - Geplanter Prüfpunkt
RP165: 16.02.2012 20:27:06 - Windows Update
RP166: 18.03.2012 11:27:10 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0 - Deutsch
Amazon MP3-Downloader 1.0.9
AndreaMosaic 3.32.3
AnyPC Client
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
Avira AntiVir Personal - Free Antivirus
BatteryLifeExtender
Bonjour
ChargeableUSB
Compatibility Pack für 2007 Office System
CyberLink PowerDVD 8
CyberLink YouCam
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
eReg
FreeCommander 2009.02b
GIMP 2.6.8
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
iCloud
Iomega Product Registration
Iomega Storage Manager
IrfanView (remove only)
ISODisk 1.1
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Malwarebytes Anti-Malware Version 1.60.1.1000
Marvell Miniport Driver
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 de)
Mozilla Thunderbird (3.0.1)
Mp3tag v2.49a
MSVCRT
NVIDIA Drivers
OpenOffice.org 3.2
PDFCreator
pdfforge Toolbar v5.1
QuickTime
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Safari
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
SCHLECKER Foto Digital Service
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Skype™ 4.2
Spelling Dictionaries Support For Adobe Reader 9
SRIM
Sweet Home 3D version 3.4
Synaptics Pointing Device Driver
Total Commander (Remove or Repair)
UltraVnc
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
VLC media player 1.0.5
VoiceOver Kit
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
WISO Sparbuch 2010
WISO Steuer-Sparbuch 2011
WISO Steuer-Sparbuch 2012
.
==== End Of File ===========================
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-31 19:01:45
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0001SDM1
Running: gmer.exe; Driver: C:\Users\*****\AppData\Local\Temp\pxldrpod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13BD 8246C979 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8248C4F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\******\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cda6c4a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e975c9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bc0cd9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bc0cd9@001e45cb5727 0xCF 0xD4 0x08 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 18299
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10574
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xB4 0x9B 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0xDE 0x20 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x47 0xAE 0x27 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cda6c4a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e975c9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076bc0cd9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076bc0cd9@001e45cb5727 0xCF 0xD4 0x08 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xB4 0x9B 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0xDE 0x20 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x47 0xAE 0x27 0xAD ...
---- EOF - GMER 1.0.15 ----
mbam Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.31.07 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 ***** :: ******[Administrator] 31.03.2012 16:55:05 mbam-log-2012-03-31 (17-02-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 183568 Laufzeit: 6 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rmIhrYfwFjUdy.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\rmIhrYfwFjUdy.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\ProgramData\rmIhrYfwFjUdy.exe (Rogue.FakeHDD) -> Keine Aktion durchgeführt. C:\ProgramData\ZOtq0h1R1Ftiig.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt. C:\Users\******\AppData\Local\Temp\7xaec2JW.exe.part (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\******\AppData\Local\Temp\QJf5MyeYXNvARG.exe.tmp (Rogue.FakeHDD) -> Keine Aktion durchgeführt. (Ende) Geändert von antonio_2 (31.03.2012 um 19:03 Uhr) |
| Themen zu TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust |
| antivir, antivir guard, avgnt, avira, avira meldung, backdoor.agent.rcgen, computer, cpu, dateisystem, daten verlust, desktop, error, firefox, flash player, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, installation, locker, mozilla, pdfforge toolbar, phishing, plug-in, problem, realtek, registry, rundll, security, siteadvisor, software, sparbuch, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.zpack.gen8, windows 7 home, windows 7 home premium |
Baum-Darstellung