Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Crypt.ZPACK.Gen trotz combofix aktiv

TR/Crypt.ZPACK.Gen trotz combofix aktiv


Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen trotz combofix aktiv

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.07.2009, 01:26   #1
GEMI
 
TR/Crypt.ZPACK.Gen trotz combofix aktiv - Standard

TR/Crypt.ZPACK.Gen trotz combofix aktiv


Morjen !
Ich krieg einfach den Crypt.ZPACK nicht weg.
Habe die hier vorgeschlagenen Programme: CCleaner, ComboFix, RSIT
ausgeführt aber ohne Erfolg. Der Crypt befällt weiterhin die punkbuster-dateien, obwohl ich diese gelöscht und neu installiert habe.
Achso: nach cc und combo ließ sich kein Programm mehr starten: diese waren in der Reg zum löschen vorgemerkt; nach einem Neustart gabs aber keine Probleme mehr.

Hier mal die Logs von Combo und RSIT: vielleicht hat ja einer der Experten einen Rat ? Was habe ich falsch gemacht ?

RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by GMI at 2009-07-15 01:23:40
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 26 GB (6%) free of 456 GB
Total RAM: 3069 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:23:57, on 15.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\phonostar\ps_timer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\GMI\Desktop\PunkBuster\pbsetup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\GMI\Desktop\RSIT.exe
C:\Program Files\trend micro\GMI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-716375991-3775272090-3900088441-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-716375991-3775272090-3900088441-1003\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\Windows\system32\lxbycoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10447 bytes

Alt 15.07.2009, 01:28   #2
GEMI
 
TR/Crypt.ZPACK.Gen trotz combofix aktiv - Standard

TR/Crypt.ZPACK.Gen trotz combofix aktiv


Weiter gehts mit RSIT:

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-24 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-09 178712]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"TVEService"=C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [2007-10-19 155648]
"TVBroadcast"=C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [2007-08-08 797696]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2007-06-27 439512]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2007-06-27 215256]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-11-14 4706304]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-29 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-29 8530464]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-29 88608]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-24 185896]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-04-26 111928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PhonostarTimer"=C:\Program Files\phonostar\ps_timer.exe [2007-12-05 126976]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-15 202024]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-07-15 01:23:40 ----D---- C:\rsit
2009-07-15 01:23:40 ----D---- C:\Program Files\trend micro
2009-07-15 01:02:41 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-07-15 01:01:18 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-07-15 00:46:41 ----A---- C:\ComboFix.txt
2009-07-15 00:46:16 ----SHD---- C:\$RECYCLE.BIN
2009-07-15 00:40:49 ----SD---- C:\ComboFix
2009-07-15 00:09:53 ----A---- C:\Windows\system32\pbsvc.exe
2009-07-14 23:30:54 ----A---- C:\Windows\zip.exe
2009-07-14 23:30:54 ----A---- C:\Windows\SWXCACLS.exe
2009-07-14 23:30:54 ----A---- C:\Windows\SWSC.exe
2009-07-14 23:30:54 ----A---- C:\Windows\SWREG.exe
2009-07-14 23:30:54 ----A---- C:\Windows\sed.exe
2009-07-14 23:30:54 ----A---- C:\Windows\PEV.exe
2009-07-14 23:30:54 ----A---- C:\Windows\NIRCMD.exe
2009-07-14 23:30:54 ----A---- C:\Windows\grep.exe
2009-07-14 23:26:13 ----D---- C:\Program Files\CCleaner
2009-07-14 23:24:35 ----D---- C:\Windows\ERDNT
2009-07-14 23:24:31 ----D---- C:\Qoobox
2009-07-14 22:33:40 ----AD---- C:\ProgramData\TEMP
2009-07-13 22:05:16 ----D---- C:\Program Files\Atari
2009-06-17 01:40:48 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
__________________
Alt 15.07.2009, 01:32   #3
GEMI
 
TR/Crypt.ZPACK.Gen trotz combofix aktiv - Standard

TR/Crypt.ZPACK.Gen trotz combofix aktiv


Und dann noch das ComboFix Logfile:

ComboFix 09-07-13.01 - GMI 15.07.2009 0:41.4.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.2005 [GMT 2:00]
ausgeführt von:: c:\users\GMI\Desktop\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((( Dateien erstellt von 2009-06-14 bis 2009-07-14 ))))))))))))))))))))))))))))))
.

2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\GMI\AppData\Local\temp
2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\SpezialGast\AppData\Local\temp
2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\Gast\AppData\Local\temp
2009-07-14 20:20 . 2009-07-14 22:10 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-14 20:20 . 2009-07-14 22:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-14 20:20 . 2009-07-14 22:13 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-13 20:11 . 2009-07-13 20:11 -------- d-----w- c:\users\GMI\AppData\Local\GHOSTBUSTERS (tm)
2009-07-13 20:05 . 2009-07-13 20:05 -------- d-----w- c:\program files\Atari
2009-06-16 23:40 . 2009-06-16 23:41 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 22:40 . 2008-01-21 07:15 664044 ----a-w- c:\windows\system32\perfh007.dat
2009-07-14 22:40 . 2008-01-21 07:15 142416 ----a-w- c:\windows\system32\perfc007.dat
2009-07-14 22:10 . 2008-03-06 21:21 22328 ----a-w- c:\users\GMI\AppData\Roaming\PnkBstrK.sys
2009-07-14 22:10 . 2008-03-06 21:21 22328 ----a-w- c:\users\GMI\AppData\Roaming\PnkBstrK.sys
2009-07-14 22:09 . 2009-07-14 22:09 674600 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-14 22:04 . 2008-03-06 21:25 7592 ----a-w- c:\users\GMI\AppData\Local\d3d9caps.dat
2009-07-14 21:26 . 2009-07-14 21:26 -------- d-----w- c:\program files\CCleaner
2009-07-14 20:34 . 2009-04-04 19:07 -------- d-----w- c:\program files\Trojan Remover
2009-07-12 06:19 . 2008-10-10 22:53 98800 ----a-w- c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 22:38 . 2009-04-25 15:48 -------- d-----w- c:\users\GMI\AppData\Roaming\Grand Ages Rome
2009-06-26 21:40 . 2009-06-26 21:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-12 01:13 . 2008-03-06 20:01 98800 ----a-w- c:\users\GMI\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-11 20:16 . 2008-02-19 14:27 -------- d-----w- c:\programdata\Microsoft Help
2009-06-10 01:06 . 2008-02-19 13:41 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 19:07 . 2009-06-04 19:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-05 19:07 . 2009-06-04 19:06 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-04 19:06 . 2009-06-04 19:06 -------- d-----w- c:\programdata\Avira
2009-06-04 19:06 . 2009-06-04 19:06 -------- d-----w- c:\program files\Avira
2009-05-18 06:23 . 2009-05-18 06:23 -------- d-----w- c:\program files\SweetIM
2009-05-18 06:23 . 2009-05-18 06:23 -------- d-----w- c:\programdata\SweetIM
2009-05-18 06:15 . 2009-05-18 06:15 0 ----a-w- c:\windows\nsreg.dat
2009-05-18 04:49 . 2009-04-30 19:09 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-05-18 04:47 . 2009-04-30 19:09 -------- d-----w- c:\programdata\Logishrd
2009-04-30 12:37 . 2009-06-11 19:29 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-11 19:29 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-24 16:05 . 2009-06-09 20:36 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-09 20:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-09 20:36 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-09 20:36 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-09 20:36 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:55 . 2009-06-09 20:36 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-18 19:53 . 2008-08-31 21:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
__________________
Alt 15.07.2009, 01:35   #4
GEMI
 
TR/Crypt.ZPACK.Gen trotz combofix aktiv - Standard

TR/Crypt.ZPACK.Gen trotz combofix aktiv


ComboFix Teil2:

((((((((((((((((((((((((((((( SnapShot@2009-07-14_21.36.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-14 22:41 52344 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-06 20:24 . 2009-07-14 22:41 13776 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-716375991-3775272090-3900088441-1004_UserData.bin
- 2008-02-19 12:59 . 2009-07-14 21:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-02-19 12:59 . 2009-07-14 22:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-19 12:59 . 2009-07-14 21:26 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-19 12:59 . 2009-07-14 22:34 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-02-19 12:59 . 2009-07-14 21:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-02-19 12:59 . 2009-07-14 22:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 22:33 . 2009-07-14 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-14 19:35 . 2009-07-14 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-14 19:35 . 2009-07-14 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 22:33 . 2009-07-14 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-07-14 22:41 121408 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 10:33 . 2009-07-14 19:42 625384 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-14 22:40 625384 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-14 19:42 116946 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-14 22:40 116946 c:\windows\System32\perfc009.dat
- 2006-11-02 10:22 . 2009-07-14 19:40 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-07-14 21:47 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2007-12-05 126976]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"TVEService"="c:\program files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 155648]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-29 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-29 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-29 88608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-24 185896]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-11-14 4706304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FB0CBA55-13A8-40B5-8221-598E452745FE}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{73C75508-F1BD-4A28-BB67-56C57C79A573}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{20028EB4-015E-45BB-9BF4-0FA2400C87E5}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{700753F8-0BC6-469F-8CAE-6069CDCC0371}"= c:\program files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{F16DA657-8928-4778-8937-BB90910F5002}"= c:\program files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{65ECE68D-C836-4729-888B-BA24EF75C71B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1190CFDC-5B6F-4E95-BE59-A322F2877102}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F3ECBA52-9DCC-47F6-A021-9E923C2C2B01}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{C6812261-0A3C-43C2-8949-9AE5157D671F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{850CBDDC-B319-41D0-828D-5B182D38EBCB}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A96BB2BD-409A-42B9-A526-2B3717225E15}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{9D595453-CD4A-4CFF-9FFD-136623996ED8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{7BF2D859-36AA-4EB2-B71E-A471BCEF5539}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{8F2DF4FC-FD1C-4C40-8622-BE3D64349693}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{16DA6AE4-DBA7-4F58-91FD-C8AACA268B63}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{0AD3A5BA-ED65-4F3D-A796-50DD8A471722}"= UDP:c:\spiele\Battlefield 2\BF2.exe:Battlefield 2
"{E56A0E35-2723-4833-B132-AF416D9B8FD2}"= TCP:c:\spiele\Battlefield 2\BF2.exe:Battlefield 2
"{434AF4EC-CDD2-4791-9CAB-7B3225323F2E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3BAF419C-2331-4751-8386-142AA6449428}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{11191B2D-7403-4D78-A62E-93A46D75BE76}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F35E59C9-ED11-46C1-83A2-58E76FAA0728}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{47AEF931-2955-4BF1-813A-707A795F0DE1}"= UDP:c:\spiele\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{641A4DBD-3952-4884-8E34-1D726B5AD25F}"= TCP:c:\spiele\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{D391A3BA-E53E-4266-A498-E7803A7F30CC}"= UDP:c:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3DF1E111-93F2-40E9-8631-217B09DA572D}"= TCP:c:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3733F27C-31BD-4E2A-A6C9-11BBF0F05EF6}"= UDP:c:\spiele\Crysis\Bin32\Crysis.exe:Crysis_32
"{33822369-92FB-4170-91E2-B7A75D92EC81}"= TCP:c:\spiele\Crysis\Bin32\Crysis.exe:Crysis_32
"{D72640A4-2A2A-43C1-9F63-D1B39EBDA022}"= UDP:c:\spiele\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{A338C6E0-92A5-4ECE-92FE-1529C50A37BF}"= TCP:c:\spiele\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{D83E3303-E345-45B6-B59F-01EB30A5B241}"= UDP:c:\spiele\Assasins\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{CF141010-90C0-4905-9666-F2D2DCE03D0A}"= TCP:c:\spiele\Assasins\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{1722D684-12D5-44CB-AA25-35867D2D4B40}"= UDP:c:\spiele\Assasins\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F50C219C-F4DD-4889-8E9D-125B316D7D86}"= TCP:c:\spiele\Assasins\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{00C02A76-2B2A-4767-B650-A5127D462E14}"= UDP:c:\spiele\Assasins\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{CA4185AA-FABB-4596-A497-CEB2A9561943}"= TCP:c:\spiele\Assasins\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{DC121801-92FC-4420-BF3D-6981996001AF}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{CBD353C5-33A3-4836-8A4A-4D0606FB179D}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{BBC2D56A-32A2-43A8-B470-22DB4E173F8A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B9F85F6C-5620-43D6-A25A-EE357C45DB85}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E10C6888-17D8-4290-8391-79ECC162075E}"= UDP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{FBA592A8-548E-4E35-ADFD-ED0C68DEB563}"= TCP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{34E2D115-FEEC-43B6-AEF3-C24D51AD8349}"= UDP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{246CFF7E-251D-4612-8B41-E03D663D423F}"= TCP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{7A39F28A-90CE-4D5F-A0E2-28E4E7C07009}"= UDP:c:\spiele\WiC\wic.exe:WORLD IN CONFLICT
"{75FF97AD-4417-42C5-9CA8-E68A6D69CC36}"= TCP:c:\spiele\WiC\wic.exe:WORLD IN CONFLICT
"{1BD96B6F-17B0-4F1B-BA9A-2B90E9B80A39}"= UDP:c:\spiele\WiC\wic_online.exe:WORLD IN CONFLICT - Nur Online
"{AA201D48-A9D0-4AA1-A246-81CB95278E82}"= TCP:c:\spiele\WiC\wic_online.exe:WORLD IN CONFLICT - Nur Online
"{1E6DFB2D-EFD8-47F5-8BE6-F05A50ABCC59}"= UDP:c:\spiele\WiC\wic_ds.exe:WORLD IN CONFLICT - Dedizierter Server
"{C8AB2FFB-C02A-4888-85CD-18F5C2F450C6}"= TCP:c:\spiele\WiC\wic_ds.exe:WORLD IN CONFLICT - Dedizierter Server
"TCP Query User{E6588DCE-F0DC-48DF-93F4-EFF8012196F2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{834BF720-9FC8-49DD-A6DF-54BF5B3169B1}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{598B4DAC-1605-4B62-A5FB-4C9D97BD92D7}c:\\program files\\torrent\\utorrent.exe"= UDP:c:\program files\torrent\utorrent.exe:utorrent
"UDP Query User{9DC14E74-8C6E-4EF5-900F-DC068C562713}c:\\program files\\torrent\\utorrent.exe"= TCP:c:\program files\torrent\utorrent.exe:utorrent
"TCP Query User{733EC402-A205-4600-AA0B-4BC7894974BF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C51286CD-62DA-4FAA-912E-093AD8BEC882}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{3FC1A814-3DCE-45CE-A1B6-DA2B53A15155}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{83FF9E94-2571-4043-95E8-9DA1D6941775}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"TCP Query User{9CBCFED2-71F5-4D48-9D79-56E3BB3F6336}c:\\program files\\winscp\\winscp.exe"= UDP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client
"UDP Query User{48B983D7-96ED-4133-85D4-C2F1A4FB4DDF}c:\\program files\\winscp\\winscp.exe"= TCP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client
"TCP Query User{BC96106C-CDB8-423C-B8A2-6215D69099A7}c:\\spiele\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\spiele\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{BCF2D20D-C4E4-41B1-97E3-A63F1533CC5E}c:\\spiele\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\spiele\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{F0F0FAE2-16C0-4643-90B5-F7AB38A82BAC}"= UDP:c:\spiele\farcry2\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{DFFB84F5-5A83-436E-AF00-7E08D7D071CF}"= TCP:c:\spiele\farcry2\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{44E2C64E-0110-41BD-99D1-10A583DB67CD}"= UDP:c:\spiele\farcry2\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{0DC0C4B5-17B1-4ABA-8069-2AE782CA4E5C}"= TCP:c:\spiele\farcry2\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{DA74B066-8ED8-493C-8850-25E5651FB7E8}"= UDP:c:\spiele\farcry2\Far Cry 2\bin\FC2Editor.exe:Editor
"{D93421DA-13B9-403F-9EAA-DAAC10E48D99}"= TCP:c:\spiele\farcry2\Far Cry 2\bin\FC2Editor.exe:Editor
"{1CA68054-33E9-4026-8687-D81B812FAEC1}"= UDP:c:\spiele\endwar\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{2DD00D91-2C1B-4E06-893D-CD3DF44A3E55}"= TCP:c:\spiele\endwar\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{8DEBE988-6D26-48F2-8D74-6D2F4F274B2F}"= UDP:c:\spiele\endwar\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{7C5910A7-FCBF-4FEF-8C97-6A9568192C69}"= TCP:c:\spiele\endwar\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{B67D0282-8029-4056-B051-1AED70B5A6FF}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{7AF95326-01BF-4B39-856B-EB837EB119F1}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{5EC9F2FA-1E49-4D58-B80B-F8E8D7D48F23}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{A515D09C-6557-44E8-B622-9C484047484B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{D95D3124-5348-46E9-AFCC-6D0A57F5199E}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{F6071593-A99A-47A5-BCD7-9F535139A869}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"TCP Query User{FB4F130F-1100-4DB1-A92E-2D4135562EA3}c:\\spiele\\pacific\\bsp.exe"= UDP:c:\spiele\pacific\bsp.exe:Battlestations: Pacific
"UDP Query User{6E36D3FE-C9B5-4D28-B492-8C585CAC0AF1}c:\\spiele\\pacific\\bsp.exe"= TCP:c:\spiele\pacific\bsp.exe:Battlestations: Pacific

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [04.06.2009 21:06 108289]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [12.02.2007 12:46 208896]
R2 GnabService;GnabService;c:\program files\Common Files\Gnab\Service\ServiceController.exe [19.02.2008 15:14 36864]
R2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [27.06.2007 11:14 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [18.02.2007 21:34 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe [27.06.2007 11:17 272600]
R2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe [19.02.2008 16:49 1681408]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [19.02.2008 15:33 290909]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [19.02.2008 15:33 114779]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [19.02.2008 11:28 1302368]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [20.02.2008 14:05 5632]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [19.02.2008 11:28 554496]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [19.02.2008 13:39 13976]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [27.06.2007 11:15 39640]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [19.02.2008 15:07 1527900]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2009-03-13 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-14 11:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.yahoo.de/
mSearch Bar = hxxp://www.google.com/ie
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\GMI\AppData\Roaming\Mozilla\Firefox\Profiles\0ylfsh8v.default\
FF - prefs.js: browser.startup.homepage - Yahoo! Deutschland
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-15 00:45
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\users\GMI\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-716375991-3775272090-3900088441-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:fc,78,83,ca,28,3b,b2,fc,35,d7,6b,9a,9e,50,f9,ec,12,0b,47,dc,17,87,92,
8d,b0,c1,62,b0,c9,12,a8,b6,9e,3a,eb,53,62,04,ef,63,04,37,2d,ec,7d,f7,16,af,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-716375991-3775272090-3900088441-1004\Software\SecuROM\License information*]
"datasecu"=hex:52,af,34,92,19,40,95,dd,68,7d,26,99,c4,7f,d5,9c,50,ac,80,01,e8,
4b,84,09,f6,e2,1f,fa,92,e7,c7,c5,cd,cd,4b,99,5a,1c,60,c7,d8,cd,5a,10,4a,82,\
"rkeysecu"=hex:80,f1,2d,bc,7b,6a,c4,33,9e,a6,66,8b,1e,d3,1b,fb
.
Zeit der Fertigstellung: 2009-07-14 0:46
ComboFix-quarantined-files.txt 2009-07-14 22:46
ComboFix2.txt 2009-07-14 21:57
ComboFix3.txt 2009-07-14 21:37

Vor Suchlauf: 14 Verzeichnis(se), 27.598.749.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 27.570.884.608 Bytes frei

284 --- E O F --- 2009-07-13 18:59

Alt 15.07.2009, 01:37   #5
Kaos
 
TR/Crypt.ZPACK.Gen trotz combofix aktiv - Standard

TR/Crypt.ZPACK.Gen trotz combofix aktiv


Hallo GEMI

Dann lade die Datei, die Avira bemängelt mal bei Virustotal.com hoch. Poste bitte das gesamte Ergebnis hier.

mfg, Kaos


Alt 15.07.2009, 01:46   #6
cotton
 
TR/Crypt.ZPACK.Gen trotz combofix aktiv - Standard

TR/Crypt.ZPACK.Gen trotz combofix aktiv


*klinkt*

da ich das gleiche prob hab, und wohl gerade im netz ne welle los geht:

es gibt mehrmals diese meldung. siehe hier.

zusammenhang zu mir.

gruss, cotton

Alt 15.07.2009, 15:50   #7
cotton
 
TR/Crypt.ZPACK.Gen trotz combofix aktiv - Standard

TR/Crypt.ZPACK.Gen trotz combofix aktiv


UPDATE:
FORUM ANTIVIR

Alt 15.07.2009, 23:46   #8
GEMI
 
TR/Crypt.ZPACK.Gen trotz combofix aktiv - Standard

TR/Crypt.ZPACK.Gen trotz combofix aktiv


Huhu !!!
Mein Kumpel hat gestern noch gelacht, heute hat er denselben Mist.
Alle Aufregung umsonst. Scheint ein Fehler von Avira zu sein.
Ich hab nochmal n scan gemacht und ein avira update.
Ausserdem hab ich bei avira alle pb-dateien und prozesse aus dem
scan und guard rausgenommen. PB funzt, ich kann bf2 zocken :aplaus:
Ich hoff mal das wars

DANKE für die schnelle Hilfe

Antwort

Themen zu TR/Crypt.ZPACK.Gen trotz combofix aktiv
adobe, alert, antivir, antivir guard, avira, bho, combofix, defender, desktop, ebay, explorer, firefox, gservice, hijack, hijackthis, home, home premium, internet, internet explorer, magix, mozilla, rundll, senden, server, software, starten, sweetim, system, toolbars, tracker, tuneup.defrag, windows


« Vermute Trojaner | Hilfe...Anwendungen funktionieren nur noch im abgesicherten Modus »


Ähnliche Themen: TR/Crypt.ZPACK.Gen trotz combofix aktiv


  1. Windows8: Virus trotz Neuinstallation des OS noch immer aktiv
    Log-Analyse und Auswertung - 16.08.2015 (3)
  2. Positive Finds trotz Googleanleitung noch aktiv
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (7)
  3. TR/Crypt.Zpack.96184 und TR/Crypt.Zpack.96450 entgültig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2014 (13)
  4. Vermute TR/Crypt.ZPACK.47328 und TR/Crypt.ZPACK.56424 auf dem Rechner
    Log-Analyse und Auswertung - 12.05.2014 (10)
  5. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  6. snap.do aktiv trotz Löschen des Programms
    Log-Analyse und Auswertung - 24.11.2013 (19)
  7. snap.do-Prozess aktiv trotz Löschen der Toolbar
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (7)
  8. GVU Trojaner 2.07 trotz Kaspersky Rescue Disc etc. nach Internetverbindung wieder aktiv.
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (14)
  9. GVU Trojaner (sperrt Computer) und ist trotz Kaspersky Rescue noch aktiv
    Log-Analyse und Auswertung - 14.08.2012 (9)
  10. TR/Crypt.ZPACK.Gen8 leere Ordner trotz Beseitigung
    Log-Analyse und Auswertung - 26.05.2012 (7)
  11. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  12. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  13. Trojan ADH trotz format C: immer noch aktiv
    Log-Analyse und Auswertung - 14.02.2011 (1)
  14. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  15. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  16. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  17. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Crypt.ZPACK.Gen trotz combofix aktiv - Morjen ! Ich krieg einfach den Crypt.ZPACK nicht weg. Habe die hier vorgeschlagenen Programme: CCleaner, ComboFix, RSIT ausgeführt aber ohne Erfolg. Der Crypt befällt weiterhin die punkbuster-dateien, obwohl ich diese - TR/Crypt.ZPACK.Gen trotz combofix aktiv...
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen trotz combofix aktiv auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130