Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Crypt.Xpack.gen bitte um Hilfe

TR/Crypt.Xpack.gen bitte um Hilfe


Plagegeister aller Art und deren Bekämpfung: TR/Crypt.Xpack.gen bitte um Hilfe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.03.2009, 03:33   #1
Stift
 
TR/Crypt.Xpack.gen bitte um Hilfe - Standard

TR/Crypt.Xpack.gen bitte um Hilfe


Hi erstmal hier im Forum habe ein großes Problem alles fing damit an das ich mir was runterladen wollte und auf einmal den genannten Trojaner auf dem Rechner habe und nun verzweifelt versuche ihn weg zu bekommen. Problem ist das kaum noch was reagiert mein Antivir tut gar nix mehr und runterladen von datein geht nur noch mit 5 kb deswegen konnt ich auch kein HijackThis runterladen und updaten und auch nicht mein spybot search and destroy sie lassen sich beide nicht updaten und danach starten . Habe dan das andere Programm benutz was ihr empfolen habt ComboFix verbessert hat sich aber nix , was empfehlt ihr mir , bitte um schnelle hilfe.

ComboFix 09-03-19.02 - Andre 2009-03-21 3:12:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3066.1810 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\****\AppData\Roaming\.#
c:\windows\system32\AutoRun.inf
d:\recycler\S-8-6-94-100021743-100012167-100001690-4016.com

.
((((((((((((((((((((((( Dateien erstellt von 2009-02-21 bis 2009-03-21 ))))))))))))))))))))))))))))))
.

2009-03-21 03:10 . 2009-03-21 03:10 <DIR> d-------- c:\program files\CCleaner
2009-03-21 03:02 . 2009-03-21 03:02 118 --a------ c:\windows\System32\MRT.INI
2009-03-20 00:31 . 2009-03-20 00:31 <DIR> d-------- c:\users\Andre\AppData\Roaming\S.A.D
2009-03-20 00:31 . 2009-03-20 00:31 <DIR> d-------- c:\program files\AudioJack 2
2009-03-19 22:57 . 2009-03-20 14:45 <DIR> d-------- c:\users\Andre\AppData\Roaming\Tobit
2009-03-19 22:44 . 2009-03-19 22:56 <DIR> d-------- c:\users\Andre\AppData\Roaming\phonostar-Player
2009-03-19 22:28 . 2009-03-19 22:56 <DIR> d-------- c:\program files\Messer
2009-03-17 18:42 . 2009-03-17 18:42 <DIR> d-------- c:\users\All Users\WEBREG
2009-03-17 18:42 . 2009-03-17 18:42 <DIR> d-------- c:\programdata\WEBREG
2009-03-17 18:41 . 2009-03-17 18:41 <DIR> d-------- c:\users\Andre\AppData\Roaming\HPAppData
2009-03-17 18:41 . 2009-03-17 18:41 <DIR> d-------- c:\users\All Users\HPSSUPPLY
2009-03-17 18:41 . 2009-03-17 18:41 <DIR> d-------- c:\programdata\HPSSUPPLY
2009-03-17 18:40 . 2009-03-17 18:40 <DIR> d-------- c:\users\All Users\HP Product Assistant
2009-03-17 18:40 . 2009-03-17 18:40 <DIR> d-------- c:\programdata\HP Product Assistant
2009-03-17 18:40 . 2009-03-17 18:40 <DIR> d-------- c:\program files\Hewlett-Packard
2009-03-17 18:40 . 2009-03-17 18:40 <DIR> d-------- c:\program files\Common Files\HP
2009-03-17 18:40 . 2009-03-17 18:40 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-03-17 18:39 . 2009-03-17 18:39 <DIR> d-------- c:\users\All Users\Hewlett-Packard
2009-03-17 18:39 . 2009-03-17 18:39 <DIR> d-------- c:\programdata\Hewlett-Packard
2009-03-17 18:38 . 2009-03-17 18:41 <DIR> d-------- c:\program files\HP
2009-03-17 18:38 . 2007-03-17 17:11 675,840 --a------ c:\windows\System32\hpowiax3.dll
2009-03-17 18:38 . 2007-03-17 17:11 569,344 --a------ c:\windows\System32\hpotscl3.dll
2009-03-17 18:38 . 2007-03-08 05:20 364,544 --a------ c:\windows\System32\hppldcoi.dll
2009-03-17 18:38 . 2007-03-17 17:11 303,104 --a------ c:\windows\System32\hpovst10.dll
2009-03-17 18:38 . 2007-03-30 16:07 267,864 --a------ c:\windows\System32\hpzids01.dll
2009-03-17 18:38 . 2007-03-28 14:01 117,760 --a------ c:\windows\System32\hpzll5ha.dll
2009-03-17 18:37 . 2009-03-17 18:42 <DIR> d-------- c:\users\All Users\HP
2009-03-17 18:37 . 2009-03-17 18:42 <DIR> d-------- c:\programdata\HP
2009-03-17 18:37 . 2009-03-17 18:42 160,154 --a------ c:\windows\hpoins14.dat
2009-03-13 19:29 . 2009-03-13 19:29 <DIR> d-------- c:\windows\Sun
2009-03-11 00:31 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 00:31 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 00:31 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 00:31 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 00:29 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 00:29 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-08 21:33 . 2009-03-11 21:33 <DIR> d-------- c:\program files\PokerStars.NET
2009-03-08 20:50 . 2009-03-08 20:53 <DIR> d--h----- c:\windows\Icons
2009-03-08 16:49 . 2009-03-08 16:49 <DIR> d-------- c:\users\Andre\AppData\Roaming\TuneUp Software
2009-03-08 16:49 . 2009-03-08 16:49 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-03-08 16:49 . 2009-03-08 16:49 <DIR> d-------- c:\programdata\TuneUp Software
2009-03-08 16:49 . 2009-03-08 16:49 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-03-08 16:49 . 2009-03-08 16:49 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-03-08 16:49 . 2009-03-08 16:49 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-03-08 16:49 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-03-08 16:49 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-03-08 16:48 . 2009-03-08 16:48 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-08 16:48 . 2009-03-08 16:48 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-02 10:15 . 2009-03-02 10:15 20,480 --a------ c:\windows\System32\H@tKeysH@@k.DLL

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 02:11 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-21 01:29 27,839 ----a-w c:\users\All Users\nvModes.dat
2009-03-21 01:29 27,839 ----a-w c:\programdata\nvModes.dat
2009-03-21 01:29 --------- d-----w c:\program files\Warcraft III
2009-03-21 01:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-21 00:56 --------- d-----w c:\program files\Launch Manager
2009-03-21 00:16 --------- d-----w c:\users\Andre\AppData\Roaming\Winamp
2009-03-21 00:16 --------- d-----w c:\program files\Steam
2009-03-21 00:16 --------- d-----w c:\program files\Common Files\Steam
2009-03-12 01:42 --------- d-----w c:\program files\Windows Mail
2009-03-09 21:14 --------- d-----w c:\program files\ICQ6.5
2009-03-08 19:24 --------- d-----w c:\program files\Google
2009-03-08 16:07 --------- d-----w c:\program files\Acer GameZone
2009-03-08 16:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 16:34 --------- d-----w c:\users\Andre\AppData\Roaming\CyberLink
2009-02-16 20:40 --------- d-----w c:\users\Andre\AppData\Roaming\Skype
2009-02-16 15:08 --------- d-----w c:\users\Andre\AppData\Roaming\skypePM
2009-02-13 21:23 --------- d-----w c:\program files\EA Games
2009-02-09 08:37 --------- d-----w c:\programdata\Nero
2009-02-08 20:00 --------- d-----w c:\program files\Nero
2009-01-31 16:04 --------- d-----w c:\program files\KaloMa
2009-01-27 19:03 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-23 19:49 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-01-23 19:36 --------- d-----w c:\program files\Bethesda Softworks
2009-01-22 00:10 --------- d-----w c:\programdata\CyberLink
2009-01-21 00:56 --------- d-----w c:\program files\Azureus
2009-01-18 17:38 2,829 ----a-w c:\windows\War3Unin.pif
2009-01-18 17:38 139,264 ----a-w c:\windows\War3Unin.exe
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-14 17:46 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-01-14 17:46 22,328 ----a-w c:\users\Andre\AppData\Roaming\PnkBstrK.sys
2009-01-14 17:46 2,250,024 ----a-w c:\windows\System32\pbsvc.exe
2009-01-14 17:46 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-08 17:21 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"MRT"="c:\windows\system32\MRT.exe" [2009-02-25 24768960]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-01-16 10:06 1410296 c:\program files\Steam\Steam.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"PLFSetI"=c:\windows\PLFSetI.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F76B449B-026D-4A3F-89ED-1FF673FBDAF6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{36136249-3502-4D13-B6F0-524D22EB1BDA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6D41BBC8-3313-46DE-AE4A-8441CFF5CF1E}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{E7BC0F42-8139-48E4-A226-EE254FD3E9F0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{7F40A20A-ECCF-4B08-AAE4-34BB517B06C5}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{86AB5221-F056-4E52-9DC5-F94A59240ECC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{5D000235-4036-425E-9F37-5759E5E48319}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{0D8AEE10-96C2-498F-AEB7-7902F449EFB9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{752D16C6-99C9-4B06-8BD1-5813BC6C3EEE}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{15DA2A09-5B39-4A15-89B5-8E90FA690BDD}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{5C955116-8F5F-46CF-8557-9C0665820430}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{C74DF51B-BBA8-41E1-9B3D-1F8963739CEB}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{EDB08CC0-9FD8-4DD9-8389-6BD58415A979}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"TCP Query User{90FCBFF0-25EB-42BF-BD41-691B81AB10E0}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{EBAF54C6-ECF6-4984-9B20-895D1D9964D6}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"{5A3076CB-9B10-466F-90B8-240C5168D045}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AADBD855-267A-49E8-A556-0FA69B66D8F5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7DD129C1-D0E6-4A01-AC82-D5FA4222B6B7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7C244378-7DA9-4D2D-8ABF-90C1E80B98EA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{CAC9137B-2CD3-41BB-AA76-B277D712FC80}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{6E5E9B69-B79E-4B7E-9349-CAFE4BBC30F4}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{FB4E8756-91F4-416C-977A-B3D4803AABB8}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{A3C731F5-7BE6-4A20-9A17-412B80D41733}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{00D89774-7EA4-4B68-96D4-CE17B0E1EBFC}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{795708F0-23BA-4B57-9F4C-3E1AC9174C6C}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{5292A1E3-F83E-4452-8A73-3AC263806CDC}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0ED30DF5-6FCF-490A-A48A-7854C4DE482A}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2697B13F-8655-4E85-9C1C-5BB6BD010057}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{66036C2A-96EF-482C-8C28-785296912E6B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E43B9CC2-892F-46C3-8E6D-8D475A4869A1}"= UDP:c:\sierra\Half-Life\hl.exe:Half-Life
"{F24779AB-E043-4240-BC52-ED0249C22397}"= TCP:c:\sierra\Half-Life\hl.exe:Half-Life
"TCP Query User{8A703933-5E83-42B9-8851-CCD1C60356D1}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{32F9610F-1451-42DF-812B-0EB9007C089B}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{57A265B1-BCA4-46C5-8758-2CB8CEACCD71}c:\\program files\\steam\\steamapps\\punisherdcow\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\punisherdcow\counter-strike source\hl2.exe:hl2
"UDP Query User{DA1BF73E-BA7B-4B65-8D8F-ECE119427D56}c:\\program files\\steam\\steamapps\\punisherdcow\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\punisherdcow\counter-strike source\hl2.exe:hl2
"{DA08AB34-DDF2-4970-A2B9-CDD4B15CB3B0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B3C392E3-8EF2-4B00-9C81-F3C40D6FFFF1}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{C38FC950-222B-41CD-BD36-9DEBBB207FAF}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{1BA2F2E3-6126-4DEC-9FF5-7C54AD121567}c:\\program files\\steam\\steamapps\\punisherdcow\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\punisherdcow\counter-strike source\hl2.exe:hl2
"UDP Query User{C24D5074-EA21-4921-8432-2016D8DFF457}c:\\program files\\steam\\steamapps\\punisherdcow\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\punisherdcow\counter-strike source\hl2.exe:hl2

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-12-05 09:19:50 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-05 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-10-31 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-12-05 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-08 603904]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-11-01 81296]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-01 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-11-01 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2009-03-21 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1208&m=aspire_7730g
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\1os4e0a4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 03:13:37
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\users\Andre\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
Zeit der Fertigstellung: 2009-03-21 3:14:48
ComboFix-quarantined-files.txt 2009-03-21 02:14:46

Vor Suchlauf: 20 Verzeichnis(se), 29.338.435.584 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 29,307,117,568 Bytes frei

251 --- E O F --- 2009-03-21 02:03:47

Alt 21.03.2009, 03:53   #2
Stift
 
TR/Crypt.Xpack.gen bitte um Hilfe - Standard

TR/Crypt.Xpack.gen bitte um Hilfe


Dies ist von hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:46:21, on 21.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Andre\Downloads\Neuer Ordner (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1208&m=aspire_7730g
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 10043 bytes
__________________
Antwort

Themen zu TR/Crypt.Xpack.gen bitte um Hilfe
32-bit, antivir, auf einmal, avgnt, avgnt.exe, avira, bitte um hilfe, bonjour, combofix, components, counter-strike source, desktop, firefox, hijack, hijackthis, home, home premium, installation, internet, internet explorer, jusched.exe, kein hijackthis, launch, local\temp, malware, mozilla, popup, problem, programdata, programm, richtlinie, scan, service pack 1, sierra, starten, suchlauf, svchost, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, windows


« Trojaner Dropper.gen gefunden/Wechseldatenträger können nicht göffnet werden | Startseite lässt sich nicht entfernen und unerwünschte Werbeseiten »


Ähnliche Themen: TR/Crypt.Xpack.gen bitte um Hilfe


  1. Ich bitte um Hilfe für TR/Crypt.XPACK.Gen.
    Plagegeister aller Art und deren Bekämpfung - 13.12.2011 (14)
  2. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  3. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  4. PC infiziert von "TR/Crypt.XPACK.Gen" Bitte um Hilfe
    Log-Analyse und Auswertung - 24.10.2009 (1)
  5. tr crypt.xpack.gen Bitte um Hilfe.
    Log-Analyse und Auswertung - 22.09.2009 (15)
  6. TR/Crypt:Xpack.gen bitte helft mir
    Log-Analyse und Auswertung - 13.06.2009 (1)
  7. TR/Crypt.XPACK.Gen bitte Logfile auswerten
    Mülltonne - 16.12.2008 (0)
  8. Brauch hilfe bei, tr crypt.xpack.gen
    Mülltonne - 06.11.2008 (0)
  9. TR/Crypt.XPACK.Gen Hilfe
    Mülltonne - 06.11.2008 (1)
  10. Hilfe....TR/Crypt.XPACK.Gen
    Mülltonne - 03.09.2008 (0)
  11. TR/Crypt.XPACK.Gen eingefangen bitte um hilfe
    Log-Analyse und Auswertung - 08.08.2008 (1)
  12. HILFE TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 18.07.2008 (4)
  13. TR/Crypt.XPACK.Gen HJT Log bitte prüfen
    Log-Analyse und Auswertung - 07.07.2008 (4)
  14. Hilfe habe: VundO.gen & Crypt.XPack.gen drauf bitte mal Log-Flie checken.danke.
    Mülltonne - 04.07.2008 (0)
  15. Hilfe! TR/Crypt.XPACK.Gen
    Mülltonne - 27.06.2008 (0)
  16. Hilfe! TR/Crypt.XPACK.Gen
    Mülltonne - 26.06.2008 (0)
  17. Bitte um Hilfe bei Crypt.XPACK.GEN
    Mülltonne - 10.04.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Crypt.Xpack.gen bitte um Hilfe - Hi erstmal hier im Forum habe ein großes Problem alles fing damit an das ich mir was runterladen wollte und auf einmal den genannten Trojaner auf dem Rechner habe und - TR/Crypt.Xpack.gen bitte um Hilfe...
Archiv
Du betrachtest: TR/Crypt.Xpack.gen bitte um Hilfe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129