Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden

Tine2209 · 18.09.2013, 13:20

sooo, das kam bei raus

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-09-17.01 - johanna 18.09.2013  14:03:43.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.1937 [GMT 2:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\84487744.pad
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-18 bis 2013-09-18  ))))))))))))))))))))))))))))))
.
.
2013-09-18 12:12 . 2013-09-18 12:12	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EA9D4F3-E1F3-47AE-9B23-1922DF6DD093}\offreg.dll
2013-09-18 12:11 . 2013-09-18 12:11	--------	d-----w-	c:\users\johanna\AppData\Local\temp
2013-09-18 12:11 . 2013-09-18 12:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-18 10:28 . 2013-09-18 10:28	--------	d-----w-	C:\FRST
2013-09-18 09:19 . 2013-09-18 09:24	--------	d-----w-	C:\AdwCleaner
2013-09-17 17:22 . 2013-09-05 05:02	7328304	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EA9D4F3-E1F3-47AE-9B23-1922DF6DD093}\mpengine.dll
2013-09-16 19:24 . 2009-09-01 03:31	19968	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\ssp2mpc.dll
2013-09-16 18:34 . 2013-09-16 19:22	--------	d-----w-	c:\users\johanna\AppData\Roaming\Nitro PDF
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 18:39 . 2013-05-02 08:27	66144	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-09-16 18:39 . 2012-11-28 18:25	88840	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-09-16 18:39 . 2012-11-28 18:25	136672	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-08-07 02:22 . 2010-10-10 14:19	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-14 20:48	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 16:41	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-14 20:48	3968960	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03 . 2013-08-14 20:48	3913664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53 . 2013-08-14 20:48	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-14 20:48	175104	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-14 20:48	652800	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-14 20:48	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 20:48	1166848	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-14 20:48	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-14 20:48	1293760	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"starter4g"="c:\windows\starter4g.exe" [2010-07-08 160992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-16 347192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 13:02	15141768	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-16 22:25	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R2 0096401286719054mcinstcleanup;McAfee Application Installer Cleanup (0096401286719054);c:\users\johanna\AppData\Local\Temp\009640~1.EXE [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-10-20 103424]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-04 37352]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-02 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-09-16 84024]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [2013-06-18 196624]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-07-08 145120]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AGLIRFOD
*Deregistered* - aglirfod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs	REG_MULTI_SZ   	yksvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 19:32]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 19:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-18  14:16:49
ComboFix-quarantined-files.txt  2013-09-18 12:16
.
Vor Suchlauf: 9 Verzeichnis(se), 205.007.966.208 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 205.719.449.600 Bytes frei
.
- - End Of File - - 1933F10BE237B6EC3EE6A4D333F955ED

--- --- ---
2E5DEBB2116B3417023E0D6562D7ED07

Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden

Plagegeister aller Art und deren Bekämpfung: Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden

Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden

Ähnliche Themen: Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden