|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen trotz combofix aktivWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.07.2009, 01:26 | #1 |
| TR/Crypt.ZPACK.Gen trotz combofix aktiv Morjen ! Ich krieg einfach den Crypt.ZPACK nicht weg. Habe die hier vorgeschlagenen Programme: CCleaner, ComboFix, RSIT ausgeführt aber ohne Erfolg. Der Crypt befällt weiterhin die punkbuster-dateien, obwohl ich diese gelöscht und neu installiert habe. Achso: nach cc und combo ließ sich kein Programm mehr starten: diese waren in der Reg zum löschen vorgemerkt; nach einem Neustart gabs aber keine Probleme mehr. Hier mal die Logs von Combo und RSIT: vielleicht hat ja einer der Experten einen Rat ? Was habe ich falsch gemacht ? RSIT: Logfile of random's system information tool 1.06 (written by random/random) Run by GMI at 2009-07-15 01:23:40 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 26 GB (6%) free of 456 GB Total RAM: 3069 MB (76% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:23:57, on 15.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HomeCinema\TV Enhance\TVEService.exe C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\rundll32.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\phonostar\ps_timer.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Users\GMI\Desktop\PunkBuster\pbsetup.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\GMI\Desktop\RSIT.exe C:\Program Files\trend micro\GMI.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-21-716375991-3775272090-3900088441-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-716375991-3775272090-3900088441-1003\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: lxby_device - Lexmark International, Inc. - C:\Windows\system32\lxbycoms.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10447 bytes |
15.07.2009, 01:28 | #2 |
| TR/Crypt.ZPACK.Gen trotz combofix aktiv Weiter gehts mit RSIT:
__________________======Scheduled tasks folder====== C:\Windows\tasks\1-Klick-Wartung.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-24 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-09 178712] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] "TVEService"=C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [2007-10-19 155648] "TVBroadcast"=C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [2007-08-08 797696] "NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2007-06-27 439512] "CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2007-06-27 215256] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-11-14 4706304] "NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-29 92704] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-29 8530464] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-29 88608] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-24 185896] "SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-04-26 111928] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "PhonostarTimer"=C:\Program Files\phonostar\ps_timer.exe [2007-12-05 126976] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-15 202024] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-07-15 01:23:40 ----D---- C:\rsit 2009-07-15 01:23:40 ----D---- C:\Program Files\trend micro 2009-07-15 01:02:41 ----A---- C:\Windows\system32\PnkBstrB.exe 2009-07-15 01:01:18 ----A---- C:\Windows\system32\PnkBstrA.exe 2009-07-15 00:46:41 ----A---- C:\ComboFix.txt 2009-07-15 00:46:16 ----SHD---- C:\$RECYCLE.BIN 2009-07-15 00:40:49 ----SD---- C:\ComboFix 2009-07-15 00:09:53 ----A---- C:\Windows\system32\pbsvc.exe 2009-07-14 23:30:54 ----A---- C:\Windows\zip.exe 2009-07-14 23:30:54 ----A---- C:\Windows\SWXCACLS.exe 2009-07-14 23:30:54 ----A---- C:\Windows\SWSC.exe 2009-07-14 23:30:54 ----A---- C:\Windows\SWREG.exe 2009-07-14 23:30:54 ----A---- C:\Windows\sed.exe 2009-07-14 23:30:54 ----A---- C:\Windows\PEV.exe 2009-07-14 23:30:54 ----A---- C:\Windows\NIRCMD.exe 2009-07-14 23:30:54 ----A---- C:\Windows\grep.exe 2009-07-14 23:26:13 ----D---- C:\Program Files\CCleaner 2009-07-14 23:24:35 ----D---- C:\Windows\ERDNT 2009-07-14 23:24:31 ----D---- C:\Qoobox 2009-07-14 22:33:40 ----AD---- C:\ProgramData\TEMP 2009-07-13 22:05:16 ----D---- C:\Program Files\Atari 2009-06-17 01:40:48 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE |
15.07.2009, 01:32 | #3 |
| TR/Crypt.ZPACK.Gen trotz combofix aktiv Und dann noch das ComboFix Logfile:
__________________ComboFix 09-07-13.01 - GMI 15.07.2009 0:41.4.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.2005 [GMT 2:00] ausgeführt von:: c:\users\GMI\Desktop\ComboFix.exe SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2009-06-14 bis 2009-07-14 )))))))))))))))))))))))))))))) . 2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\GMI\AppData\Local\temp 2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\SpezialGast\AppData\Local\temp 2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2009-07-14 22:45 . 2009-07-14 22:45 -------- d-----w- c:\users\Gast\AppData\Local\temp 2009-07-14 20:20 . 2009-07-14 22:10 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-14 20:20 . 2009-07-14 22:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-07-14 20:20 . 2009-07-14 22:13 189672 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-13 20:11 . 2009-07-13 20:11 -------- d-----w- c:\users\GMI\AppData\Local\GHOSTBUSTERS (tm) 2009-07-13 20:05 . 2009-07-13 20:05 -------- d-----w- c:\program files\Atari 2009-06-16 23:40 . 2009-06-16 23:41 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-14 22:40 . 2008-01-21 07:15 664044 ----a-w- c:\windows\system32\perfh007.dat 2009-07-14 22:40 . 2008-01-21 07:15 142416 ----a-w- c:\windows\system32\perfc007.dat 2009-07-14 22:10 . 2008-03-06 21:21 22328 ----a-w- c:\users\GMI\AppData\Roaming\PnkBstrK.sys 2009-07-14 22:10 . 2008-03-06 21:21 22328 ----a-w- c:\users\GMI\AppData\Roaming\PnkBstrK.sys 2009-07-14 22:09 . 2009-07-14 22:09 674600 ----a-w- c:\windows\system32\pbsvc.exe 2009-07-14 22:04 . 2008-03-06 21:25 7592 ----a-w- c:\users\GMI\AppData\Local\d3d9caps.dat 2009-07-14 21:26 . 2009-07-14 21:26 -------- d-----w- c:\program files\CCleaner 2009-07-14 20:34 . 2009-04-04 19:07 -------- d-----w- c:\program files\Trojan Remover 2009-07-12 06:19 . 2008-10-10 22:53 98800 ----a-w- c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-28 22:38 . 2009-04-25 15:48 -------- d-----w- c:\users\GMI\AppData\Roaming\Grand Ages Rome 2009-06-26 21:40 . 2009-06-26 21:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-06-12 01:13 . 2008-03-06 20:01 98800 ----a-w- c:\users\GMI\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-11 20:16 . 2008-02-19 14:27 -------- d-----w- c:\programdata\Microsoft Help 2009-06-10 01:06 . 2008-02-19 13:41 -------- d-----w- c:\program files\Microsoft Works 2009-06-05 19:07 . 2009-06-04 19:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-05 19:07 . 2009-06-04 19:06 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-04 19:06 . 2009-06-04 19:06 -------- d-----w- c:\programdata\Avira 2009-06-04 19:06 . 2009-06-04 19:06 -------- d-----w- c:\program files\Avira 2009-05-18 06:23 . 2009-05-18 06:23 -------- d-----w- c:\program files\SweetIM 2009-05-18 06:23 . 2009-05-18 06:23 -------- d-----w- c:\programdata\SweetIM 2009-05-18 06:15 . 2009-05-18 06:15 0 ----a-w- c:\windows\nsreg.dat 2009-05-18 04:49 . 2009-04-30 19:09 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-05-18 04:47 . 2009-04-30 19:09 -------- d-----w- c:\programdata\Logishrd 2009-04-30 12:37 . 2009-06-11 19:29 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-04-30 12:37 . 2009-06-11 19:29 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-04-24 16:05 . 2009-06-09 20:36 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-09 20:36 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-09 20:36 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-23 12:43 . 2009-06-09 20:36 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-09 20:36 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll 2009-04-21 11:55 . 2009-06-09 20:36 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-18 19:53 . 2008-08-31 21:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . |
15.07.2009, 01:35 | #4 |
| TR/Crypt.ZPACK.Gen trotz combofix aktiv ComboFix Teil2: ((((((((((((((((((((((((((((( SnapShot@2009-07-14_21.36.24 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-07-14 22:41 52344 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-03-06 20:24 . 2009-07-14 22:41 13776 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-716375991-3775272090-3900088441-1004_UserData.bin - 2008-02-19 12:59 . 2009-07-14 21:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-02-19 12:59 . 2009-07-14 22:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-02-19 12:59 . 2009-07-14 21:26 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-02-19 12:59 . 2009-07-14 22:34 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-02-19 12:59 . 2009-07-14 21:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-02-19 12:59 . 2009-07-14 22:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 22:33 . 2009-07-14 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-07-14 19:35 . 2009-07-14 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-07-14 19:35 . 2009-07-14 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 22:33 . 2009-07-14 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 13:05 . 2009-07-14 22:41 121408 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2006-11-02 10:33 . 2009-07-14 19:42 625384 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-07-14 22:40 625384 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-07-14 19:42 116946 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-07-14 22:40 116946 c:\windows\System32\perfc009.dat - 2006-11-02 10:22 . 2009-07-14 19:40 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2006-11-02 10:22 . 2009-07-14 21:47 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2007-12-05 126976] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "TVEService"="c:\program files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 155648] "TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696] "NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512] "CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-29 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-29 8530464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-29 88608] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-24 185896] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-11-14 4706304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{FB0CBA55-13A8-40B5-8221-598E452745FE}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc "{73C75508-F1BD-4A28-BB67-56C57C79A573}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector "{20028EB4-015E-45BB-9BF4-0FA2400C87E5}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{700753F8-0BC6-469F-8CAE-6069CDCC0371}"= c:\program files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance "{F16DA657-8928-4778-8937-BB90910F5002}"= c:\program files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program "{65ECE68D-C836-4729-888B-BA24EF75C71B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1190CFDC-5B6F-4E95-BE59-A322F2877102}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F3ECBA52-9DCC-47F6-A021-9E923C2C2B01}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C6812261-0A3C-43C2-8949-9AE5157D671F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{850CBDDC-B319-41D0-828D-5B182D38EBCB}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{A96BB2BD-409A-42B9-A526-2B3717225E15}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{9D595453-CD4A-4CFF-9FFD-136623996ED8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{7BF2D859-36AA-4EB2-B71E-A471BCEF5539}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{8F2DF4FC-FD1C-4C40-8622-BE3D64349693}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery "{16DA6AE4-DBA7-4F58-91FD-C8AACA268B63}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery "{0AD3A5BA-ED65-4F3D-A796-50DD8A471722}"= UDP:c:\spiele\Battlefield 2\BF2.exe:Battlefield 2 "{E56A0E35-2723-4833-B132-AF416D9B8FD2}"= TCP:c:\spiele\Battlefield 2\BF2.exe:Battlefield 2 "{434AF4EC-CDD2-4791-9CAB-7B3225323F2E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{3BAF419C-2331-4751-8386-142AA6449428}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{11191B2D-7403-4D78-A62E-93A46D75BE76}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{F35E59C9-ED11-46C1-83A2-58E76FAA0728}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{47AEF931-2955-4BF1-813A-707A795F0DE1}"= UDP:c:\spiele\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{641A4DBD-3952-4884-8E34-1D726B5AD25F}"= TCP:c:\spiele\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{D391A3BA-E53E-4266-A498-E7803A7F30CC}"= UDP:c:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{3DF1E111-93F2-40E9-8631-217B09DA572D}"= TCP:c:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{3733F27C-31BD-4E2A-A6C9-11BBF0F05EF6}"= UDP:c:\spiele\Crysis\Bin32\Crysis.exe:Crysis_32 "{33822369-92FB-4170-91E2-B7A75D92EC81}"= TCP:c:\spiele\Crysis\Bin32\Crysis.exe:Crysis_32 "{D72640A4-2A2A-43C1-9F63-D1B39EBDA022}"= UDP:c:\spiele\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{A338C6E0-92A5-4ECE-92FE-1529C50A37BF}"= TCP:c:\spiele\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{D83E3303-E345-45B6-B59F-01EB30A5B241}"= UDP:c:\spiele\Assasins\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{CF141010-90C0-4905-9666-F2D2DCE03D0A}"= TCP:c:\spiele\Assasins\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{1722D684-12D5-44CB-AA25-35867D2D4B40}"= UDP:c:\spiele\Assasins\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{F50C219C-F4DD-4889-8E9D-125B316D7D86}"= TCP:c:\spiele\Assasins\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{00C02A76-2B2A-4767-B650-A5127D462E14}"= UDP:c:\spiele\Assasins\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{CA4185AA-FABB-4596-A497-CEB2A9561943}"= TCP:c:\spiele\Assasins\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{DC121801-92FC-4420-BF3D-6981996001AF}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{CBD353C5-33A3-4836-8A4A-4D0606FB179D}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{BBC2D56A-32A2-43A8-B470-22DB4E173F8A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{B9F85F6C-5620-43D6-A25A-EE357C45DB85}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{E10C6888-17D8-4290-8391-79ECC162075E}"= UDP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{FBA592A8-548E-4E35-ADFD-ED0C68DEB563}"= TCP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{34E2D115-FEEC-43B6-AEF3-C24D51AD8349}"= UDP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{246CFF7E-251D-4612-8B41-E03D663D423F}"= TCP:c:\spiele\RainbowSix2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{7A39F28A-90CE-4D5F-A0E2-28E4E7C07009}"= UDP:c:\spiele\WiC\wic.exe:WORLD IN CONFLICT "{75FF97AD-4417-42C5-9CA8-E68A6D69CC36}"= TCP:c:\spiele\WiC\wic.exe:WORLD IN CONFLICT "{1BD96B6F-17B0-4F1B-BA9A-2B90E9B80A39}"= UDP:c:\spiele\WiC\wic_online.exe:WORLD IN CONFLICT - Nur Online "{AA201D48-A9D0-4AA1-A246-81CB95278E82}"= TCP:c:\spiele\WiC\wic_online.exe:WORLD IN CONFLICT - Nur Online "{1E6DFB2D-EFD8-47F5-8BE6-F05A50ABCC59}"= UDP:c:\spiele\WiC\wic_ds.exe:WORLD IN CONFLICT - Dedizierter Server "{C8AB2FFB-C02A-4888-85CD-18F5C2F450C6}"= TCP:c:\spiele\WiC\wic_ds.exe:WORLD IN CONFLICT - Dedizierter Server "TCP Query User{E6588DCE-F0DC-48DF-93F4-EFF8012196F2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{834BF720-9FC8-49DD-A6DF-54BF5B3169B1}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{598B4DAC-1605-4B62-A5FB-4C9D97BD92D7}c:\\program files\\torrent\\utorrent.exe"= UDP:c:\program files\torrent\utorrent.exe:utorrent "UDP Query User{9DC14E74-8C6E-4EF5-900F-DC068C562713}c:\\program files\\torrent\\utorrent.exe"= TCP:c:\program files\torrent\utorrent.exe:utorrent "TCP Query User{733EC402-A205-4600-AA0B-4BC7894974BF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{C51286CD-62DA-4FAA-912E-093AD8BEC882}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{3FC1A814-3DCE-45CE-A1B6-DA2B53A15155}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator "{83FF9E94-2571-4043-95E8-9DA1D6941775}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator "TCP Query User{9CBCFED2-71F5-4D48-9D79-56E3BB3F6336}c:\\program files\\winscp\\winscp.exe"= UDP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client "UDP Query User{48B983D7-96ED-4133-85D4-C2F1A4FB4DDF}c:\\program files\\winscp\\winscp.exe"= TCP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client "TCP Query User{BC96106C-CDB8-423C-B8A2-6215D69099A7}c:\\spiele\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\spiele\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "UDP Query User{BCF2D20D-C4E4-41B1-97E3-A63F1533CC5E}c:\\spiele\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\spiele\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "{F0F0FAE2-16C0-4643-90B5-F7AB38A82BAC}"= UDP:c:\spiele\farcry2\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{DFFB84F5-5A83-436E-AF00-7E08D7D071CF}"= TCP:c:\spiele\farcry2\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{44E2C64E-0110-41BD-99D1-10A583DB67CD}"= UDP:c:\spiele\farcry2\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{0DC0C4B5-17B1-4ABA-8069-2AE782CA4E5C}"= TCP:c:\spiele\farcry2\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{DA74B066-8ED8-493C-8850-25E5651FB7E8}"= UDP:c:\spiele\farcry2\Far Cry 2\bin\FC2Editor.exe:Editor "{D93421DA-13B9-403F-9EAA-DAAC10E48D99}"= TCP:c:\spiele\farcry2\Far Cry 2\bin\FC2Editor.exe:Editor "{1CA68054-33E9-4026-8687-D81B812FAEC1}"= UDP:c:\spiele\endwar\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar "{2DD00D91-2C1B-4E06-893D-CD3DF44A3E55}"= TCP:c:\spiele\endwar\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar "{8DEBE988-6D26-48F2-8D74-6D2F4F274B2F}"= UDP:c:\spiele\endwar\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher "{7C5910A7-FCBF-4FEF-8C97-6A9568192C69}"= TCP:c:\spiele\endwar\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher "{B67D0282-8029-4056-B051-1AED70B5A6FF}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{7AF95326-01BF-4B39-856B-EB837EB119F1}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{5EC9F2FA-1E49-4D58-B80B-F8E8D7D48F23}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{A515D09C-6557-44E8-B622-9C484047484B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{D95D3124-5348-46E9-AFCC-6D0A57F5199E}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{F6071593-A99A-47A5-BCD7-9F535139A869}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "TCP Query User{FB4F130F-1100-4DB1-A92E-2D4135562EA3}c:\\spiele\\pacific\\bsp.exe"= UDP:c:\spiele\pacific\bsp.exe:Battlestations: Pacific "UDP Query User{6E36D3FE-C9B5-4D28-B492-8C585CAC0AF1}c:\\spiele\\pacific\\bsp.exe"= TCP:c:\spiele\pacific\bsp.exe:Battlestations: Pacific [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [04.06.2009 21:06 108289] R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [12.02.2007 12:46 208896] R2 GnabService;GnabService;c:\program files\Common Files\Gnab\Service\ServiceController.exe [19.02.2008 15:14 36864] R2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [27.06.2007 11:14 317656] R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [18.02.2007 21:34 5376] R2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe [27.06.2007 11:17 272600] R2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe [19.02.2008 16:49 1681408] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [19.02.2008 15:33 290909] R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [19.02.2008 15:33 114779] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [19.02.2008 11:28 1302368] R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [20.02.2008 14:05 5632] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [19.02.2008 11:28 554496] R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [19.02.2008 13:39 13976] S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [27.06.2007 11:15 39640] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [19.02.2008 15:07 1527900] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2009-03-13 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-14 11:17] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.yahoo.de/ mSearch Bar = hxxp://www.google.com/ie IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\GMI\AppData\Roaming\Mozilla\Firefox\Profiles\0ylfsh8v.default\ FF - prefs.js: browser.startup.homepage - Yahoo! Deutschland FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-15 00:45 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... c:\users\GMI\AppData\Local\Temp\catchme.dll 53248 bytes executable Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-716375991-3775272090-3900088441-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:fc,78,83,ca,28,3b,b2,fc,35,d7,6b,9a,9e,50,f9,ec,12,0b,47,dc,17,87,92, 8d,b0,c1,62,b0,c9,12,a8,b6,9e,3a,eb,53,62,04,ef,63,04,37,2d,ec,7d,f7,16,af,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-716375991-3775272090-3900088441-1004\Software\SecuROM\License information*] "datasecu"=hex:52,af,34,92,19,40,95,dd,68,7d,26,99,c4,7f,d5,9c,50,ac,80,01,e8, 4b,84,09,f6,e2,1f,fa,92,e7,c7,c5,cd,cd,4b,99,5a,1c,60,c7,d8,cd,5a,10,4a,82,\ "rkeysecu"=hex:80,f1,2d,bc,7b,6a,c4,33,9e,a6,66,8b,1e,d3,1b,fb . Zeit der Fertigstellung: 2009-07-14 0:46 ComboFix-quarantined-files.txt 2009-07-14 22:46 ComboFix2.txt 2009-07-14 21:57 ComboFix3.txt 2009-07-14 21:37 Vor Suchlauf: 14 Verzeichnis(se), 27.598.749.696 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 27.570.884.608 Bytes frei 284 --- E O F --- 2009-07-13 18:59 |
15.07.2009, 01:37 | #5 |
| TR/Crypt.ZPACK.Gen trotz combofix aktiv Hallo GEMI Dann lade die Datei, die Avira bemängelt mal bei Virustotal.com hoch. Poste bitte das gesamte Ergebnis hier. mfg, Kaos |
15.07.2009, 01:46 | #6 |
| TR/Crypt.ZPACK.Gen trotz combofix aktiv *klinkt* da ich das gleiche prob hab, und wohl gerade im netz ne welle los geht: es gibt mehrmals diese meldung. siehe hier. zusammenhang zu mir. gruss, cotton |
15.07.2009, 15:50 | #7 |
| TR/Crypt.ZPACK.Gen trotz combofix aktiv UPDATE: FORUM ANTIVIR |
15.07.2009, 23:46 | #8 |
| TR/Crypt.ZPACK.Gen trotz combofix aktiv Huhu !!! Mein Kumpel hat gestern noch gelacht, heute hat er denselben Mist. Alle Aufregung umsonst. Scheint ein Fehler von Avira zu sein. Ich hab nochmal n scan gemacht und ein avira update. Ausserdem hab ich bei avira alle pb-dateien und prozesse aus dem scan und guard rausgenommen. PB funzt, ich kann bf2 zocken :aplaus: Ich hoff mal das wars DANKE für die schnelle Hilfe |
Themen zu TR/Crypt.ZPACK.Gen trotz combofix aktiv |
adobe, alert, antivir, antivir guard, avira, bho, combofix, defender, desktop, ebay, explorer, firefox, gservice, hijack, hijackthis, home, home premium, internet, internet explorer, magix, mozilla, rundll, senden, server, software, starten, sweetim, system, toolbars, tracker, tuneup.defrag, windows |