Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Crypt.ZPACK.Gen2

TR/Crypt.ZPACK.Gen2


Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen2

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 03.04.2012, 17:36   #1
Jouhan
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


Hallo,

habe folgendes Problem auf meinem Rechner. Nach jedem Neustart bekomme ich von Avira folgenden Fund in der Datei C:\Windows\System32\jpgvnfv5.dll

TR/Crypt.ZPACK.Gen2


DDS Scan ergab folgendes:

DDS.txt

Code:
ATTFilter
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19190  BrowserJavaVersion: 1.6.0_31
Run by Joe at 17:32:43 on 2012-04-03
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1633 [GMT 2:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Fraps\fraps.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = about:blank
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
uWindow Title = Microsoft Internet Explorer
mStart Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = fritz.box;local;*.local
uURLSearchHooks: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll
mURLSearchHooks: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll
TB: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [AVMWlanClient] c:\program files\avmwlanstick\wlangui.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} - hxxp://www.n2030.com/atlas_activex.dll
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1D42570E-8085-4D83-A283-A99C07E67A2D} : DhcpNameServer = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u6t2bqpz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\downloader\npdd.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\joe\appdata\local\octoshape\octoshape streaming services\octoprogram-l03-nms0810164_sua_900\npoctoshape.dll
FF - plugin: c:\users\joe\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-10-23 40840]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-25 207280]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-27 36000]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-10-23 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-10-23 81288]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-27 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-27 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-25 74640]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-24 21504]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-3 652360]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-16 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-10-23 358600]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-10-23 1141200]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [2009-2-4 419328]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-3 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-6 122984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-6 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-6-5 4352]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-6 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2012-04-03 12:25:05	--------	d-----w-	c:\users\joe\appdata\roaming\Malwarebytes
2012-04-03 12:24:30	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-03 12:24:29	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-03 12:24:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-03 12:22:46	6582328	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{db5733e7-224a-4a95-b844-2ec494534e7d}\mpengine.dll
2012-04-01 18:06:05	--------	d-----w-	c:\users\joe\appdata\roaming\.minecraft
2012-04-01 08:12:15	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-03-30 20:57:56	--------	d-----w-	c:\windows\system32\xlive
2012-03-30 20:57:35	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2012-03-24 08:19:08	463872	----a-w-	c:\windows\system32\ntqe0mnu.sys
2012-03-18 08:46:07	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 08:46:07	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-14 17:09:55	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 17:09:53	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 17:09:53	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 17:09:53	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 17:09:53	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 17:09:53	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 17:09:51	2409784	----a-w-	c:\program files\windows mail\OESpamFilter.dat
2012-03-14 11:30:38	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 11:30:38	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M  ====================
.
2012-04-01 18:12:57	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-01 09:04:07	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-23 08:11:00	221184	----a-w-	c:\windows\system32\aptws6t6e.dll
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
.

Attach.txt

Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 22.10.2008 23:24:25
System Uptime: 03.04.2012 17:06:00 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5B
Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz | Socket 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 263,842 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP854: 09.03.2012 15:54:14 - Windows Update
RP855: 13.03.2012 13:43:27 - Windows Update
RP856: 15.03.2012 08:54:32 - Windows Update
RP857: 16.03.2012 11:42:38 - Windows Update
RP858: 19.03.2012 03:10:12 - Geplanter Prüfpunkt
RP859: 20.03.2012 08:21:41 - Windows Update
RP860: 23.03.2012 09:12:10 - Windows Update
RP861: 27.03.2012 15:08:18 - Windows Update
RP862: 30.03.2012 12:51:00 - Geplanter Prüfpunkt
RP863: 30.03.2012 13:30:27 - Windows Update
RP864: 30.03.2012 22:52:09 - DirectX wurde installiert
RP865: 30.03.2012 22:57:58 - DirectX wurde installiert
RP866: 01.04.2012 20:09:41 - Removed Java(TM) 6 Update 31
RP867: 01.04.2012 20:12:36 - Installed Java(TM) 6 Update 31
RP868: 03.04.2012 14:21:44 - Windows Update
RP869: 03.04.2012 17:01:33 - Removed UltraEdit 15.10
RP870: 03.04.2012 17:02:54 - Removed UltraCompare v6.30
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.5.0 - Deutsch
Age of Empires Online
AliceHilfe
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
AVM FRITZ!WLAN
Bonjour
Canon MP Navigator EX 1.0
Canon MP610 series
Canon MP610 series Benutzerregistrierung
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CD-LabelPrint
CDDRV_Installer
DAoC Portal
Dark Age of Camelot
DivX-Setup
Downloader
Fraps
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 7
KhalInstallWrapper
League of Legends
Logitech GamePanel Software 3.06.109
Logitech SetPoint
Malwarebytes Anti-Malware Version 1.60.1.1000
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 de)
NVIDIA 3D Vision Treiber 266.58
NVIDIA Grafiktreiber 266.58
NVIDIA HD-Audiotreiber 1.1.13.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 266.58
OpenOffice.org 3.0
Opera 11.11
Pando Media Booster
PVSonyDll
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Toolbars
Skype™ 4.2
SopCast 3.2.4
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyware Doctor 7.0
Steam
System Requirements Lab
TeamSpeak 3 Client
Terraria
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Veetle TV
Ventrilo Client
Vista Codec Package
VoiceOver Kit
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
Windows Mobile-Gerätecenter
Windows Mobile-Ressourcen
Windows Mobile Device Center Driver Update
WinRAR
ZoneAlarm-Sicherheit Toolbar
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== End Of File ===========================
Gmer Scan war bisher nicht möglich, da das Programm ständig abstürzt.

Alt 04.04.2012, 09:53   #2
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 04.04.2012, 12:15   #3
Jouhan
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


Beide Datein im Anhang
__________________
Alt 04.04.2012, 15:49   #4
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



[CODE]
:OTL
SRV - [2012.03.23 10:11:00 | 000,221,184 | ---- | M] (Works Ltd.) [Auto | Running] -- C:\Windows\System32\aptws6t6e.dll -- (LanmanWorkstation)
[2012.03.24 10:19:08 | 000,463,872 | ---- | C] (New Technology Quality, Ltd.) -- C:\Windows\System32\ntqe0mnu.sys
:Files
C:\Windows\System32\aptws6t6e.dll
C:\Windows\System32\jpgvnfv5.dll
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]



• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.04.2012, 16:07   #5
Jouhan
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


Dokument:

[CODE]All processes killed
Error: Unable to interpret <
Code:
ATTFilter
> in the current context!
========== OTL ==========
Error: Unable to stop service LanmanWorkstation!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation deleted successfully.
C:\Windows\System32\aptws6t6e.dll moved successfully.
C:\Windows\System32\ntqe0mnu.sys moved successfully.
========== FILES ==========
File\Folder C:\Windows\System32\aptws6t6e.dll not found.
File\Folder C:\Windows\System32\jpgvnfv5.dll not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 41620 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Joe
->Flash cache emptied: 3128401 bytes
 
User: Public
 
Total Flash Files Cleaned = 3,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Joe
->Temp folder emptied: 1982379 bytes
->Temporary Internet Files folder emptied: 1957015 bytes
->Java cache emptied: 22856305 bytes
->FireFox cache emptied: 1149701681 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 97112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 1412956 bytes
RecycleBin emptied: 328656 bytes
 
Total Files Cleaned = 1.124,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 04042012_165646

Files\Folders moved on Reboot...
C:\Users\Joe\AppData\Local\Temp\~DF5BE0.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT06a9e.TMP not found!

Registry entries deleted on Reboot...

Upload der ZIP erfolgreich


Alt 04.04.2012, 16:34   #6
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> TR/Crypt.ZPACK.Gen2

Alt 05.04.2012, 19:29   #7
Jouhan
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


Ergebnis:

Code:
ATTFilter
ComboFix 12-04-04.02 - Joe 05.04.2012  20:04:16.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1786 [GMT 2:00]
ausgeführt von:: c:\users\Joe\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-05 bis 2012-04-05  ))))))))))))))))))))))))))))))
.
.
2012-04-05 18:17 . 2012-04-05 18:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-04 14:56 . 2012-04-04 15:09	--------	d-----w-	C:\_OTL
2012-04-04 11:13 . 2012-04-04 11:13	--------	d-----w-	c:\program files\7-Zip
2012-04-03 12:25 . 2012-04-03 12:25	--------	d-----w-	c:\users\Joe\AppData\Roaming\Malwarebytes
2012-04-03 12:24 . 2012-04-03 12:24	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-03 12:24 . 2012-04-03 12:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-03 12:24 . 2011-12-10 13:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-03 12:22 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB5733E7-224A-4A95-B844-2EC494534E7D}\mpengine.dll
2012-04-01 18:06 . 2012-04-01 18:33	--------	d-----w-	c:\users\Joe\AppData\Roaming\.minecraft
2012-04-01 08:12 . 2012-04-01 09:04	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-03-30 20:57 . 2012-03-30 20:57	--------	d-----w-	c:\windows\system32\xlive
2012-03-30 20:57 . 2012-03-30 20:57	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2012-03-18 08:46 . 2012-03-18 08:46	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 08:46 . 2012-03-18 08:46	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 17:09 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 17:09 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 17:09 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 17:09 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 17:09 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 17:09 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 17:09 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 11:30 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 11:30 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 18:12 . 2010-05-03 03:53	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-01 09:04 . 2011-06-13 18:58	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-30 21:32 . 2009-08-18 09:30	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-03-30 21:32 . 2009-08-18 09:24	19352	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2009-10-02 23:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 12:04 . 2011-10-27 13:18	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-18 08:46 . 2011-05-03 12:32	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2011-05-09 09:49	176936	----a-w-	c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2008-09-05 1794048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-23 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:04]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 21:33]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 21:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = fritz.box;local;*.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} - hxxp://www.n2030.com/atlas_activex.dll
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\u6t2bqpz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
------- Dateityp-Verknüpfung -------
.
.txt=UltraEdit.txt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-05 20:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\Joe\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1769992358-4173282101-2793672938-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,1e,1a,99,eb,7c,53,73,cb,3b,b7,62,6f,c3,0b,fb,79,48,d3,3f,de,
   02,3b,a2,e9,ed,fe,46,49,52,82,19,40,9b,ac,5c,32,62,52,b0,0b,cc,3e,b3,9a,91,\
"rkeysecu"=hex:ce,68,c6,9b,01,0e,5d,78,c2,08,f6,59,5a,ce,37,1b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0aece2c2-be98-4b72-9e75-6830eb9a51e3}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11020054
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{34407e69-1570-4998-8bd0-4bc9d653ce4e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001d60
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5fca2b8b-e872-4c27-b048-356d06ad3c2f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f00184d
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7ae3005f-0163-4097-9b53-0020ba3a069c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(5600)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2012-04-05  20:22:07
ComboFix-quarantined-files.txt  2012-04-05 18:22
.
Vor Suchlauf: 14 Verzeichnis(se), 283.774.533.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 283.538.419.712 Bytes frei
.
- - End Of File - - 4F03AB646296B9C887C12F037D199A2A

Alt 06.04.2012, 18:42   #8
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


teste mal bitte ob alle browser vernünftig laufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.04.2012, 16:01   #9
Jouhan
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


Zitat:
Zitat von markusg Beitrag anzeigen
teste mal bitte ob alle browser vernünftig laufen.
Funktioniert alles.

Alt 12.04.2012, 14:52   #10
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


öffne malwarebytes, logdateien, poste alle berichte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.04.2012, 09:17   #11
Jouhan
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
Joe :: JOE-PC [Administrator]

Schutz: Aktiviert

03.04.2012 14:26:18
mbam-log-2012-04-03 (14-26-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 188645
Laufzeit: 6 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\AppID\activex.DLL (Adware.180Solutions) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
2012/04/03 14:26:08 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 14:26:09 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/03 14:26:10 +0200	JOE-PC	Joe	MESSAGE	Database already up-to-date
2012/04/03 14:26:11 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 14:26:14 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 14:26:15 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 16:38:58 +0200	JOE-PC	Joe	IP-BLOCK	85.183.254.9 (Type: outgoing, Port: 50923, Process: avnotify.exe)
2012/04/03 17:07:27 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 17:07:33 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 17:07:36 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 17:07:39 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 17:43:09 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 17:43:11 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 17:43:14 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 17:43:16 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 17:51:04 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 17:51:06 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 17:51:09 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 17:51:11 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 18:08:34 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 18:08:36 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 18:08:39 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 18:08:41 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 18:22:07 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 18:22:09 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 18:22:12 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 18:22:14 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
Code:
ATTFilter
2012/04/04 12:21:30 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/04 12:21:31 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/04 12:21:32 +0200	JOE-PC	Joe	ERROR	Scheduled update failed:  No address found failed with error code 11004
2012/04/04 12:21:32 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/04 12:21:35 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/04 12:21:37 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/04 17:03:50 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/04 17:03:54 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/04 17:03:57 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/04 17:03:59 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/04 21:20:46 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 50428, Process: firefox.exe)
2012/04/04 21:22:15 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 50430, Process: firefox.exe)
2012/04/04 21:22:15 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 50431, Process: firefox.exe)
Code:
ATTFilter
2012/04/05 08:59:36 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/05 08:59:38 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/05 08:59:39 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/05 08:59:42 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/05 08:59:43 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/05 08:59:57 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.03.06 to version v2012.04.05.03
2012/04/05 08:59:57 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/05 08:59:57 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/05 08:59:58 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/05 09:00:00 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/05 09:00:00 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/05 09:00:01 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/05 19:57:03 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/05 19:57:05 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/05 19:57:08 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/05 19:57:10 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/05 19:58:15 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/05 19:58:16 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/05 20:28:13 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/05 20:28:16 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/05 20:28:19 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/05 20:28:21 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
Code:
ATTFilter
2012/04/06 04:31:49 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/06 04:31:51 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/06 04:31:52 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/06 04:31:55 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/06 04:31:57 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/06 04:32:03 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/06 04:32:03 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.05.03 to version v2012.04.06.01
2012/04/06 04:32:03 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/06 04:32:05 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/06 04:32:07 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/06 04:32:07 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/06 04:32:09 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/06 12:57:47 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/06 12:57:49 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/06 12:57:52 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/06 12:57:54 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/06 18:19:48 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/06 18:19:50 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/06 18:19:53 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/06 18:19:54 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
Code:
ATTFilter
2012/04/07 06:31:15 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/07 06:31:17 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/07 06:31:20 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/07 06:31:21 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/07 06:35:27 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/07 06:35:38 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.06.01 to version v2012.04.07.01
2012/04/07 06:35:38 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/07 06:35:38 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/07 06:35:40 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/07 06:35:42 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/07 06:35:42 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/07 06:35:43 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/07 12:44:38 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/07 12:44:40 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/07 12:44:43 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/07 12:44:44 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
Code:
ATTFilter
2012/04/08 16:04:16 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/08 16:04:17 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/08 16:04:19 +0200	JOE-PC	Joe	ERROR	Scheduled update failed:  No address found failed with error code 11004
2012/04/08 16:04:19 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/08 16:04:22 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/08 16:04:23 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/08 21:54:18 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 51938, Process: firefox.exe)
2012/04/08 21:54:26 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 51957, Process: firefox.exe)
2012/04/08 21:54:26 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 51958, Process: firefox.exe)
2012/04/08 21:58:02 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 52049, Process: firefox.exe)
2012/04/08 21:58:02 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 52052, Process: firefox.exe)
2012/04/08 22:02:26 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 52158, Process: firefox.exe)
2012/04/08 22:02:26 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 52159, Process: firefox.exe)
2012/04/08 22:39:48 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 53048, Process: firefox.exe)
2012/04/08 22:39:48 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 53049, Process: firefox.exe)
Code:
ATTFilter
2012/04/09 10:41:43 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/09 10:41:45 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/09 10:41:48 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/09 10:41:49 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/09 10:53:15 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/09 10:53:35 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.07.01 to version v2012.04.09.02
2012/04/09 10:53:35 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/09 10:53:35 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/09 10:53:37 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/09 10:53:40 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/09 10:53:40 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/09 10:53:42 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/09 19:55:49 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/09 19:55:52 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/09 19:55:55 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/09 19:55:56 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/09 21:50:55 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 49580, Process: pmb.exe)
2012/04/09 22:34:15 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 52661, Process: pmb.exe)
2012/04/09 22:57:37 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 50327, Process: pmb.exe)
2012/04/09 23:33:47 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 60163, Process: pmb.exe)
Code:
ATTFilter
2012/04/10 04:37:39 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/10 04:37:41 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/10 04:37:44 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/10 04:37:45 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/10 13:34:46 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/10 13:34:48 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/10 13:34:51 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/10 13:34:53 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/10 13:35:13 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/10 13:35:39 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/10 13:35:39 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.09.02 to version v2012.04.10.03
2012/04/10 13:35:39 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/10 13:35:41 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/10 13:35:44 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/10 13:35:44 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/10 13:35:45 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/10 18:23:37 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/10 18:23:39 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/10 18:23:43 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/10 18:23:44 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
Code:
ATTFilter
2012/04/11 06:57:02 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/11 06:57:04 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/11 06:57:07 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/11 06:57:08 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/11 07:07:30 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/11 07:07:41 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.10.03 to version v2012.04.11.01
2012/04/11 07:07:41 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/11 07:07:41 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/11 07:07:42 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/11 07:07:44 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/11 07:07:44 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/11 07:07:45 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/11 12:34:44 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/11 12:34:46 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/11 12:34:49 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/11 12:34:51 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/11 12:38:00 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/11 12:38:03 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/11 12:38:06 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/11 12:38:10 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/11 17:03:33 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 53538, Process: pmb.exe)
2012/04/11 17:08:22 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 53614, Process: pmb.exe)
2012/04/11 17:25:18 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 65325, Process: pmb.exe)
2012/04/11 17:56:27 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 54621, Process: pmb.exe)
2012/04/11 18:42:48 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 53967, Process: pmb.exe)
2012/04/11 19:08:51 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 59699, Process: pmb.exe)
2012/04/11 19:27:57 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 49454, Process: pmb.exe)
2012/04/11 19:33:41 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 61074, Process: pmb.exe)
2012/04/11 19:49:51 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 53036, Process: firefox.exe)
2012/04/11 19:51:36 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 53114, Process: firefox.exe)
2012/04/11 19:52:08 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 55996, Process: pmb.exe)
2012/04/11 19:53:21 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 19:53:21 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 19:53:21 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 19:53:29 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 19:53:37 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 20:36:51 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 20:36:59 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:24:44 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:24:52 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:25:00 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:25:08 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:41:25 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:41:33 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:41:33 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:41:41 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
Code:
ATTFilter
2012/04/12 00:33:11 +0200	JOE-PC	Joe	IP-BLOCK	77.78.212.237 (Type: outgoing, Port: 63403, Process: pmb.exe)
2012/04/12 00:33:43 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 63419, Process: pmb.exe)
2012/04/12 00:55:23 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 61494, Process: pmb.exe)
2012/04/12 11:53:25 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/12 11:53:27 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/12 11:53:30 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/12 11:53:31 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/12 12:05:30 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/12 12:05:44 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.04.08 to version v2012.04.12.02
2012/04/12 12:05:44 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/12 12:05:44 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/12 12:05:46 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/12 12:05:49 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/12 12:05:49 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/12 12:05:50 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/12 13:40:09 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 50494, Process: pmb.exe)
2012/04/12 13:45:38 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 50666, Process: pmb.exe)
2012/04/12 16:13:19 +0200	JOE-PC	Joe	IP-BLOCK	83.128.56.166 (Type: outgoing, Port: 51735, Process: pmb.exe)
2012/04/12 16:14:08 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 51811, Process: pmb.exe)
2012/04/12 16:23:06 +0200	JOE-PC	Joe	IP-BLOCK	83.128.56.166 (Type: outgoing, Port: 52165, Process: pmb.exe)
2012/04/12 16:23:38 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 52177, Process: pmb.exe)
2012/04/12 17:31:58 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 52723, Process: pmb.exe)
2012/04/12 17:45:03 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 53018, Process: pmb.exe)
Code:
ATTFilter
2012/04/13 10:07:20 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/13 10:07:23 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/13 10:07:24 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/13 10:07:26 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/13 10:07:27 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/13 10:07:42 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.12.02 to version v2012.04.13.02
2012/04/13 10:07:42 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/13 10:07:42 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/13 10:07:43 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/13 10:07:46 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/13 10:07:46 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/13 10:07:47 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully

Alt 13.04.2012, 10:40   #12
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.04.2012, 22:22   #13
Jouhan
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


Code:
ATTFilter
7-Zip 9.20		03.04.2012	3,54MB	
Adobe AIR	Adobe Systems Inc.	20.02.2010	30,7MB	1.5.3.9130				benötigt
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.04.2012		11.2.202.233	benötigt
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.04.2012		11.2.202.233	benötigt
Adobe Photoshop Elements 5.0	Adobe Systems, Inc.	11.02.2009	291MB	5.0 			benötigt
Adobe Reader 9.5.1 - Deutsch	Adobe Systems Incorporated	18.04.2012	118,3MB	9.5.1 		benötigt

Age of Empires Online	Microsoft	29.03.2012	4.143MB 					benötigt
AliceHilfe		18.11.2010		1.0.0.1							unnötig
Apple Application Support	Apple Inc.	06.01.2012	61,1MB	2.1.6				unbekannt
Apple Mobile Device Support	Apple Inc.	25.06.2011	22,1MB	3.4.1.2				unbekannt	
Apple Software Update	Apple Inc.	25.06.2011	2,25MB	2.1.3.127				unbekannt

Avira Free Antivirus	Avira	14.02.2012	77,5MB	12.0.0.898					benötigt
AVM FRITZ!WLAN	AVM Berlin	04.06.2010								benötigt
Bonjour	Apple Inc.	04.08.2011	0,73MB	3.0.0.2							unbekannt	
Canon MP Navigator EX 1.0		05.12.2008	66,0MB						benötigt
Canon MP610 series		05.12.2008								benötigt

Canon MP610 series Benutzerregistrierung		05.12.2008	0,52MB				benötigt
Canon My Printer		05.12.2008	2,14MB							benötigt
Canon Utilities Easy-PhotoPrint EX		05.12.2008	209MB					benötigt	
Canon Utilities Solution Menu		05.12.2008	1,59MB						benötigt
CCleaner	Piriform	12.04.2012	4,46MB	3.17						benötigt

CD-LabelPrint		05.12.2008	11,7MB								unbekannt
DAoC Portal	DAoC Portal	01.12.2011	0,87MB	2.1.0						benötigt
Dark Age of Camelot	Electronic Arts	01.12.2011	5.545MB						benötigt
DivX-Setup	DivX, LLC	27.02.2012	3,53MB	2.6.1.8						benötigt
Downloader		12.11.2010	5,61MB								benötigt

Fraps		05.02.2012	32,6MB									benötigt
Google Chrome	Google Inc.	05.02.2011	163,6MB	18.0.1025.162					unnötig	
Google Earth Plug-in	Google	11.11.2011	40,9MB	6.1.0.5001					unbekannt
iTunes	Apple Inc.	04.08.2011	141,9MB	10.4.0.80						benötigt
Java(TM) 6 Update 31	Oracle	31.03.2012	95,1MB	6.0.310						benötigt

Java(TM) 6 Update 7	Sun Microsystems, Inc.	05.12.2008	138,0MB	1.6.0.70			benötigt	
League of Legends	Riot Games	26.08.2011	2.521MB	1.02.0000				benötigt
League of Legends	Riot Games	08.04.2012	2.051MB	1.3					benötigt
Logitech GamePanel Software 3.06.109	Logitech Inc.	10.10.2010	17,0MB	3.06.109		benötigt
Logitech SetPoint	Logitech	22.11.2008	17,6MB	4.60					benötigt

Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	10.04.2012	11,5MB	1.61.0.1400			benötigt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	18.08.2009	37,0MB					unbekannt
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	12.11.2011	27,8MB							unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.06.2010	120,3MB	4.0.30319				unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	25.06.2010	24,5MB	4.0.30319		unbekannt

Microsoft .NET Framework 4 Extended	Microsoft Corporation	22.12.2010	46,0MB	4.0.30319					unbekannt
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	29.03.2012	31,3MB	3.5.92.0			unbekannt
Microsoft Games for Windows Marketplace	Microsoft Corporation	29.03.2012	6,04MB	3.5.50.0					unbekannt
Microsoft Silverlight	Microsoft Corporation	16.02.2012	14,9MB	4.1.10111.0							unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.10.2009	0,25MB	8.0.50727.4053	unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	0,29MB	8.0.61001				unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	24.10.2009	0,19MB	9.0.30729.4148	unbekannt

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	23.04.2011	0,58MB	9.0.30729.5570	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	01.04.2010	1,41MB	9.0.21022			unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218	Microsoft Corporation	12.11.2010	0,22MB	9.0.21022.218			unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	04.06.2010	0,58MB	9.0.30729			unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	24.09.2009	0,58MB	9.0.30729			unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,58MB	9.0.30729.6161			unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	28.10.2011	16,5MB	10.0.40219			unbekannt
Microsoft XNA Framework Redistributable 4.0	Microsoft Corporation	23.02.2012	8,03MB	4.0.20823.0					unbekannt
MobileMe Control Panel	Apple Inc.	08.05.2011	11,3MB	3.1.6.0										unbekannt
	
Mozilla Firefox 11.0 (x86 de)	Mozilla	17.03.2012	36,4MB	11.0					benötigt
NVIDIA 3D Vision Treiber 266.58	NVIDIA Corporation	06.02.2011	21,1MB	266.58			benötigt
NVIDIA Grafiktreiber 266.58	NVIDIA Corporation	06.02.2011	90,1MB	266.58			benötigt
NVIDIA HD-Audiotreiber 1.1.13.1	NVIDIA Corporation	06.02.2011	3,20MB	1.1.13.1		benötigt
NVIDIA PhysX-Systemsoftware 9.10.0514	NVIDIA Corporation	06.02.2011	73,3MB	9.10.0514	benötigt

OpenOffice.org 3.0	OpenOffice.org	02.03.2009	348MB	3.0.9379				benötigt
Opera 11.11	Opera Software ASA	19.05.2011	34,2MB	11.11.2109				unnötig
Pando Media Booster	Pando Networks Inc.	08.04.2012	7,18MB	2.6.0.7				unbekannt	
QuickTime	Apple Inc.	25.01.2012	73,3MB	7.71.80.42					unbekannt
Skype Toolbars	Skype Technologies S.A.	23.07.2010	5,25MB	1.0.4051				benötigt

Skype™ 4.2	Skype Technologies S.A.	23.07.2010	31,8MB	4.2.169					benötigt
SopCast 3.2.4	SopCast.com	07.11.2009	11,2MB	3.2.4						benötigt

Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	06.12.2009	29,7MB	9.0.0				unbekannt
Spybot - Search & Destroy	Safer Networking Limited	15.09.2010	62,0MB	1.6.2							benötigt
Spyware Doctor 7.0	PC Tools	03.12.2009	75,3MB	7.0										benötigt

Steam	Valve Corporation	15.06.2011	35,5MB	1.0.0.0
System Requirements Lab		06.08.2009	0,38MB							unbekannt
TeamSpeak 3 Client	TeamSpeak Systems GmbH	15.09.2010	30,6MB					benötigt	
TERA	Frogster Online Gaming GmbH	18.04.2012	1.855MB	16.04					benötigt
Ubisoft Game Launcher	UBISOFT	01.04.2010	22,2MB	1.0.0.0						benötigt
Unity Web Player	Unity Technologies ApS	25.11.2011	0,20MB					unbekannt

Veetle TV	Veetle, Inc	12.08.2011	9,89MB	0.9.18						unnötig
Ventrilo Client	Flagship Industries, Inc.	21.10.2010	4,43MB	3.0.5				benötigt
Vista Codec Package	Shark007	06.06.2009	46,4MB	5.2.9					unbekannt
VoiceOver Kit	Apple Inc.	07.02.2011	41,8MB	1.40.128.0					unbekannt	
Windows Live ID Sign-in Assistant	Microsoft Corporation	29.03.2012	4,69MB	6.500.3165.0	unbekannt
	
Windows Media Player Firefox Plugin	Microsoft Corp	06.06.2009	0,29MB	1.0.0.8			benötigt
WinRAR		28.07.2009	3,73MB									benötigt
ZoneAlarm Free	Check Point	21.11.2011	24,8MB	10.1.065.000					benötigt	
ZoneAlarm-Sicherheit Toolbar	ZoneAlarm-Sicherheit	21.11.2011	4,79MB				benötigt

Alt 20.04.2012, 09:05   #14
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
AliceHilfe
CD-LabelPrint
Google : beide
Java(TM) 6 Update 7
Microsoft Games : beide
Microsoft Silverlight
Opera
Skype Toolbars

Kostenlose Internetanrufe mit Skype. Telefone online billig anrufen
skype 5 instalieren.

deinstaliere:

deinstaliere:
Spelling Dictionaries
Spybot : nutze lieber, nach update, von zeit zu zeit, malwarebytes.
Spyware Doctor
Unity
Veetle
Vista Codec
Windows Live
ZoneAlarm: kann ebenfalls weg, desktop firewalls sind unzuverlässig und zu 99 % sowieso unnütz.

öffne otl bereinigen, pc startet neu.
öffne ccleaner, analysieren, ccleaner starten, pc neustarten, testen wie das system läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2012, 11:01   #15
Jouhan
 
TR/Crypt.ZPACK.Gen2 - Standard

TR/Crypt.ZPACK.Gen2


Alles soweit erledigt. System läuft bisher stabil.

Antwort
Seite 1 von 2 1 2

Themen zu TR/Crypt.ZPACK.Gen2
.com, adobe, antivirus, avira, bonjour, canon, computer, cpu, defender, desktop, device driver, downloader, firefox, flash player, fontcache, google earth, home, mozilla, nicht möglich, plug-in, problem, programm, scan, security, software, spyware, stick, svchost.exe, system, usb, windows


« wieder Dateien verschlüsselt Windows XP | Trojaner-Mailanhang »


Ähnliche Themen: TR/Crypt.ZPACK.Gen2


  1. Windows 7 Webseiten werden auf Werbung umgeleitet. Avira fund "adware/multiPlug.Gen2" und 2 TR/Crypt.ZPACK.gen2
    Log-Analyse und Auswertung - 16.12.2014 (16)
  2. TR/Crypt.ZPACK.Gen2, Adware/InstallCore.Gen, TR/black.Gen2: Wie kann ich diese Trojaner entfernen?
    Log-Analyse und Auswertung - 12.07.2013 (3)
  3. TR/Crypt.ZPACK.Gen2 in Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (17)
  4. TR/Crypt.ZPACK.Gen2 gefunden!
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (2)
  5. TR/Crypt.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (2)
  6. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  7. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  8. TR/CRYPT.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (7)
  9. TR/Crypt.ZPACK.Gen2 Trojaner
    Log-Analyse und Auswertung - 07.03.2012 (15)
  10. TR/Crypt.ZPACK.Gen2 in TR/Crypt.ZPACK.Gen2
    Log-Analyse und Auswertung - 01.03.2012 (17)
  11. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  12. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  13. TR/Crypt.ZPACK.Gen2
    Log-Analyse und Auswertung - 19.05.2011 (20)
  14. tr/crypt.zpack.gen2
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (29)
  15. TR/Crypt.ZPACK.Gen sowie -Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (18)
  16. TR/Crypt.ZPack.Gen2
    Antiviren-, Firewall- und andere Schutzprogramme - 30.11.2010 (3)
  17. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Crypt.ZPACK.Gen2 - Hallo, habe folgendes Problem auf meinem Rechner. Nach jedem Neustart bekomme ich von Avira folgenden Fund in der Datei C:\Windows\System32\jpgvnfv5.dll TR/Crypt.ZPACK.Gen2 DDS Scan ergab folgendes: DDS.txt Code: Alles auswählen Aufklappen - TR/Crypt.ZPACK.Gen2...
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131