| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen in directx.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.04.2008, 18:49
| #1 |
| |  TR/Crypt.XPACK.Gen in directx.exe hi zusammen! ich habe ein problem mit einem trojaner. AntiVir findet den trojaner TR/Crypt.XPACK.Gen in den dateien E:\WINDOWS\system32\directx.exe und E:\WINDOWS\Driver Cache\IEXPLORER.EXE danke fuer eure hilfe! möli hier mein HJT-Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:45:00, on 12.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\spoolsv.exe E:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe E:\WINDOWS\Explorer.EXE E:\Programme\AntiVir PersonalEdition Classic\sched.exe E:\Programme\AntiVir PersonalEdition Classic\avguard.exe E:\Programme\Digidesign\Drivers\MMERefresh.exe E:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe E:\Programme\MusicIP\MusicIP Mixer\MusicMagicServer.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Programme\Simese\Simese.exe E:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe E:\WINDOWS\System32\svchost.exe e:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe E:\Programme\DU Meter\DUMeter.exe E:\WINDOWS\system32\devldr32.exe E:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe E:\Programme\ATI Technologies\ATI.ACE\CLI.EXE E:\WINDOWS\system32\ctfmon.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe E:\Programme\SqueezeCenter\SqueezeTray.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe E:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~1.EXE E:\Programme\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe E:\Programme\MusicIP\MusicIP Mixer\mDNSResponder.exe E:\Programme\ATI Technologies\ATI.ACE\cli.exe E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe E:\Programme\Internet Explorer\iexplore.exe E:\Programme\AntiVir PersonalEdition Classic\avscan.exe E:\Programme\Internet Explorer\iexplore.exe E:\Dokumente und Einstellungen\Steff\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ch/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [DU Meter] E:\Programme\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [avgnt] "E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PinnacleDriverCheck] # E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] # E:\Programme\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] # "E:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [ATICCC] "E:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [WebCamRT.exe] : O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "E:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Pinnacle ShowCenter StreamServer.lnk = ? O4 - Global Startup: SqueezeCenter-Taskleisten-Tool.lnk = E:\Programme\SqueezeCenter\SqueezeTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll O15 - Trusted Zone: http://linktrader.cyberspacehq.com O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.dilas.ch/plugin/gvista30/gvista30.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124829689790 O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - E:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - E:\Programme\MusicIP\MusicIP Mixer\mDNSResponder.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - E:\Programme\Digidesign\Drivers\MMERefresh.exe O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - E:\Programme\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\Programme\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MusicIP Server - Unknown owner - E:\Programme\MusicIP\MusicIP Mixer\MusicMagicServer.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - e:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: SimeseServer - Mattic - E:\Programme\Simese\Simese.exe O23 - Service: SqueezeMySQL - Unknown owner - E:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe |
| Themen zu TR/Crypt.XPACK.Gen in directx.exe |
| adobe, avira, bho, bonjour, computer, desktop, drivers, einstellungen, excel, helper, hijack, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, magix, microsoft, mssql, object, pdf, problem, programme, shockwave, software, system, torrent.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner tr/crypt.xpack.gen, windows, windows xp |
Baum-Darstellung