| |
| |||||||
Log-Analyse und Auswertung: Infizierung mit TR/ATRAPS.Gen und TR/Crypt.XPACK.Gen3Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.10.2010, 20:22
| #16 |
 |  Infizierung mit TR/ATRAPS.Gen und TR/Crypt.XPACK.Gen3 Hey Inzwischen habe ich zuerst den Combofix und dann den RKUnhookerLE. Nach dem Combofix musste ich den Computer neu starten, weil ich kein Programm mehr öffnen konnte. Das Ergebnis ist das folgende: Code:
ATTFilter ComboFix 10-10-07.02 - Lisi 08.10.2010 17:53:24.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.3070.1614 [GMT 2:00]
ausgeführt von:: c:\users\Lisi\Desktop\ComboFix.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-08 bis 2010-10-08 ))))))))))))))))))))))))))))))
.
2010-10-08 16:07 . 2010-10-08 16:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-08 16:07 . 2010-10-08 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-06 14:15 . 2010-10-06 14:15 -------- d-----w- c:\users\Lisi\DoctorWeb
2010-10-06 13:39 . 2010-10-06 13:39 -------- d-----w- C:\_OTL
2010-10-05 08:37 . 2010-10-05 08:37 -------- d-----w- c:\windows\PCHEALTH
2010-10-05 08:37 . 2010-10-05 08:37 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-05 08:36 . 2010-10-05 08:36 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-05 08:35 . 2010-10-05 08:35 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-05 08:34 . 2010-10-05 08:34 -------- d-----r- C:\MSOCache
2010-10-04 08:47 . 2010-10-04 08:47 -------- d-----w- c:\users\Lisi\AppData\Roaming\Malwarebytes
2010-10-04 08:47 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-04 08:47 . 2010-10-04 08:47 -------- d-----w- c:\programdata\Malwarebytes
2010-10-04 08:47 . 2010-10-04 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-04 08:47 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-04 08:28 . 2010-10-04 08:28 -------- d-----w- c:\program files\Common Files\Java
2010-10-03 19:33 . 2010-10-03 19:33 -------- d-----w- c:\program files\JRE
2010-10-03 11:04 . 2010-08-26 09:39 68880 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-10-03 11:04 . 2010-08-26 09:39 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-10-03 11:04 . 2010-08-26 09:39 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-10-03 11:03 . 2010-09-02 13:00 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-10-03 11:03 . 2010-09-02 13:00 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-10-03 11:03 . 2010-08-30 11:57 767952 ----a-w- c:\windows\BDTSupport.dll
2010-10-03 11:03 . 2010-08-26 07:30 2074 ----a-w- c:\windows\UDB.zip
2010-10-03 11:03 . 2010-08-23 07:36 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-10-03 11:03 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip
2010-10-03 10:01 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-10-03 10:01 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-10-03 10:01 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-10-03 10:01 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-10-03 10:01 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-10-03 09:26 . 2010-10-03 09:27 -------- d-----w- c:\program files\Trojancheck 6
2010-09-29 20:00 . 2010-09-29 20:02 76016408 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-29 20:00 . 2010-10-03 11:04 -------- d-----w- c:\programdata\PC Tools
2010-09-29 13:15 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 11:39 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-25 17:39 . 2010-09-25 17:39 -------- d-----w- c:\program files\iTunes
2010-09-25 17:39 . 2010-09-25 17:39 -------- d-----w- c:\program files\iPod
2010-09-25 17:37 . 2010-09-25 17:37 -------- d-----w- c:\program files\QuickTime
2010-09-25 17:36 . 2010-09-25 17:36 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-22 17:56 . 2010-09-22 17:56 -------- d-----w- c:\program files\Tracker Software
2010-09-21 18:34 . 2010-09-21 18:34 89831 ----a-w- c:\users\Lisi\AppData\Roaming\Dropbox\bin\Uninstall.exe
2010-09-21 18:34 . 2010-10-08 12:29 -------- d-----w- c:\users\Lisi\AppData\Roaming\Dropbox
2010-09-15 14:08 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 12:29 . 2010-09-15 12:30 -------- d-----w- c:\users\Lisi\AppData\Roaming\PeaZip
2010-09-15 12:29 . 2010-09-15 12:29 -------- d-----w- c:\program files\PeaZip
2010-09-10 15:41 . 2010-09-10 15:41 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 12:49 . 2009-10-13 12:00 -------- d-----w- c:\users\Lisi\AppData\Roaming\Skype
2010-10-08 12:29 . 2009-10-13 12:00 -------- d-----w- c:\users\Lisi\AppData\Roaming\skypePM
2010-10-08 12:29 . 2010-09-29 20:04 -------- d-----w- c:\program files\PC Tools Security
2010-10-07 12:07 . 2009-10-08 12:36 -------- d-----w- c:\programdata\Microsoft Help
2010-10-05 20:05 . 2009-07-14 08:47 696124 ----a-w- c:\windows\system32\perfh007.dat
2010-10-05 20:05 . 2009-07-14 08:47 147426 ----a-w- c:\windows\system32\perfc007.dat
2010-10-05 14:32 . 2009-10-08 12:30 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2010-10-05 10:40 . 2010-08-24 08:35 -------- d-----w- c:\users\Lisi\AppData\Roaming\vlc
2010-10-05 08:48 . 2009-11-17 18:22 124872 ----a-w- c:\users\Lisi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-10-05 08:39 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-10-05 08:37 . 2009-11-17 19:10 -------- d-----w- c:\program files\Microsoft.NET
2010-10-04 16:34 . 2010-06-05 13:04 -------- d-----w- c:\program files\hMailServer
2010-10-04 11:07 . 2009-10-13 16:31 1 ----a-w- c:\users\Lisi\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-10-04 10:31 . 2010-09-29 20:04 1002460 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-10-04 08:29 . 2010-05-23 09:54 -------- d-----w- c:\program files\Defraggler
2010-10-04 08:25 . 2010-04-24 15:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-04 08:14 . 2010-04-07 08:22 -------- d-----w- c:\program files\Java
2010-10-03 19:33 . 2009-10-13 16:07 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-01 09:27 . 2010-02-03 10:12 -------- d-----w- c:\program files\JDownloader
2010-09-30 01:37 . 2010-01-04 19:58 -------- d-----w- c:\program files\Google
2010-09-29 20:08 . 2010-09-29 20:04 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-29 20:04 . 2010-09-29 20:04 -------- d-----w- c:\users\Lisi\AppData\Roaming\PC Tools
2010-09-25 17:39 . 2010-04-12 19:12 -------- d-----w- c:\program files\Common Files\Apple
2010-09-17 13:28 . 2009-10-08 12:41 -------- d-----w- c:\programdata\McAfee
2010-09-14 15:21 . 2010-09-01 02:37 378856 ------w- c:\programdata\Dell\DSL\DSLCheck.exe
2010-09-04 13:48 . 2009-10-08 12:40 -------- d-----w- c:\programdata\Dell
2010-09-04 09:25 . 2010-06-12 13:43 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-04 09:21 . 2010-09-04 09:21 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-04 09:21 . 2010-09-04 09:21 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-04 09:21 . 2010-06-12 13:13 -------- d-----w- c:\programdata\DivX
2010-09-04 09:21 . 2010-01-06 17:42 -------- d-----w- c:\program files\DivX
2010-09-04 09:21 . 2010-09-04 09:21 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-04 09:21 . 2010-09-04 09:21 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-09-04 09:20 . 2010-09-04 09:20 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-09-04 09:20 . 2010-09-04 09:20 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-09-04 09:20 . 2010-09-04 09:21 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-04 09:20 . 2010-09-04 09:20 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-04 09:20 . 2010-06-12 13:34 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-04 09:20 . 2010-06-12 13:34 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-03 21:32 . 2010-04-07 10:05 -------- d-----w- c:\users\Lisi\AppData\Roaming\SoftGrid Client
2010-09-03 09:28 . 2010-09-29 20:04 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-01 20:37 . 2009-12-09 08:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-01 09:21 . 2010-09-29 20:04 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-01 08:13 . 2010-09-29 20:04 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-30 12:34 . 2010-09-08 08:22 1496064 ----a-w- c:\users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 12:33 . 2010-09-08 08:22 43008 ----a-w- c:\users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 12:33 . 2010-09-08 08:22 338944 ----a-w- c:\users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 12:33 . 2010-09-08 08:22 346112 ----a-w- c:\users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-28 09:28 . 2010-09-29 20:04 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-08-27 06:26 . 2010-09-29 20:04 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-27 06:26 . 2010-09-29 20:04 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-08-24 13:29 . 2009-11-17 18:28 -------- d--h--w- c:\program files\Temp
2010-08-24 13:28 . 2009-11-17 16:59 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-08-24 13:15 . 2010-01-04 19:58 -------- d-----w- c:\program files\Common Files\Real
2010-08-24 13:10 . 2010-06-12 13:40 -------- d-----w- c:\program files\Azureus
2010-08-24 13:09 . 2010-07-16 09:44 -------- d-----w- c:\users\Lisi\AppData\Roaming\uTorrent
2010-08-23 10:02 . 2010-08-23 10:02 -------- d-----w- c:\program files\Album Cover Finder
2010-08-23 09:19 . 2010-04-12 19:15 -------- d-----w- c:\users\Lisi\AppData\Roaming\Apple Computer
2010-08-18 11:51 . 2010-09-29 20:04 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-17 09:35 . 2009-10-31 17:28 -------- d-----w- c:\users\Lisi\AppData\Roaming\dvdcss
2010-08-11 15:38 . 2009-10-08 12:25 -------- d-----w- c:\program files\Microsoft Works
2010-08-10 14:58 . 2010-09-29 20:04 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-07-29 06:30 . 2010-08-11 13:56 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:56 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-16 12:59 . 2010-09-29 20:04 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-07-16 12:59 . 2010-09-29 20:04 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2003-03-21 12:45 . 2009-11-19 15:48 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lisi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lisi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lisi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-18 494064]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-04 6609440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
c:\users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-10-08 12:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKLM\~\startupfolder\C:^Users^Lisi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSUpdateLauncher]
2009-04-24 12:52 18160 ----a-w- c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-09-23 07:47 1588184 ----a-w- c:\program files\PC Tools Security\pctsGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-04-29 10:19 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
2010-09-02 12:48 108496 ----a-w- c:\program files\PC Tools Security\BDT\FGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
R2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [2009-10-07 129856]
R2 gupdate1ca8d7850e80a72;Google Update Service (gupdate1ca8d7850e80a72);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [2009-10-07 752984]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-18 237632]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-08-26 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-08-26 68880]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-09-01 247824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2008-09-25 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2010-09-02 235472]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.exe [2010-03-04 658656]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-08-27 70536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-08-26 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service [x]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - CPUZ132
*Deregistered* - cpuz132
*Deregistered* - PCTSDInjDriver32
.
Inhalt des "geplante Tasks" Ordners
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 19:58]
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 19:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\
FF - prefs.js: browser.search.selectedEngine - Google Österreich
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=
FF - component: c:\program files\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - component: c:\users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\FFExternalAlert.dll
FF - component: c:\users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(580)
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
- - - - - - - > 'lsass.exe'(632)
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
- - - - - - - > 'Explorer.exe'(4712)
c:\program files\PC Tools Security\TFEngine\TfWah.dll
c:\program files\PC Tools Security\pctgmhk.dll
c:\users\Lisi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\msutb.dll
.
Zeit der Fertigstellung: 2010-10-08 18:12:40
ComboFix-quarantined-files.txt 2010-10-08 16:12
ComboFix2.txt 2010-10-04 14:08
Vor Suchlauf: 18 Verzeichnis(se), 264.663.519.232 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 264.637.706.240 Bytes frei
- - End Of File - - EA9E020A8D55A8859F8D1FCEB48BEE06
Ich schick hier auch gleich noch die Ergebnisse von VirusTotal mit. Bei der ersten Datei (C:\Windows\System32\APOMngr.DLL) habe ich folgende Meldung erhalten: Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2010.10.08.01 2010.10.08 -
AntiVir 7.10.12.167 2010.10.08 -
Antiy-AVL 2.0.3.7 2010.10.08 -
Authentium 5.2.0.5 2010.10.08 -
Avast 4.8.1351.0 2010.10.08 -
Avast5 5.0.594.0 2010.10.08 -
AVG 9.0.0.851 2010.10.08 -
BitDefender 7.2 2010.10.08 -
CAT-QuickHeal 11.00 2010.10.08 -
ClamAV 0.96.2.0-git 2010.10.08 -
Comodo 6322 2010.10.08 -
DrWeb 5.0.2.03300 2010.10.08 -
Emsisoft 5.0.0.50 2010.10.08 -
eSafe 7.0.17.0 2010.10.07 -
eTrust-Vet 36.1.7900 2010.10.08 -
F-Prot 4.6.2.117 2010.10.08 -
F-Secure 9.0.15370.0 2010.10.08 -
Fortinet 4.2.249.0 2010.10.08 -
GData 21 2010.10.08 -
Ikarus T3.1.1.90.0 2010.10.08 -
Jiangmin 13.0.900 2010.10.08 -
K7AntiVirus 9.65.2707 2010.10.08 -
Kaspersky 7.0.0.125 2010.10.08 -
McAfee 5.400.0.1158 2010.10.08 -
McAfee-GW-Edition 2010.1C 2010.10.08 -
Microsoft 1.6201 2010.10.08 -
NOD32 5516 2010.10.08 -
Norman 6.06.07 2010.10.08 -
nProtect 2010-10-08.01 2010.10.08 -
Panda 10.0.2.7 2010.10.08 -
PCTools 7.0.3.5 2010.10.08 -
Prevx 3.0 2010.10.08 -
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.08 -
Sunbelt 7016 2010.10.08 -
SUPERAntiSpyware 4.40.0.1006 2010.10.08 -
Symantec 20101.2.0.161 2010.10.08 -
TheHacker 6.7.0.1.052 2010.10.08 -
TrendMicro 9.120.0.1004 2010.10.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.08 -
VBA32 3.12.14.1 2010.10.08 -
ViRobot 2010.10.4.4074 2010.10.08 -
VirusBuster 12.67.9.0 2010.10.08 -
Additional information
Show all
MD5 : 09ff048363e0398cf358c73040819abd
SHA1 : 28595dd43ad77d75605ec22e209dc9deb2f1873a
SHA256: 761f566f6220db837b40c6a3b33b9548b7164a615dec8133d7a861dad176f19d
ssdeep: 3072:DIXyNdBjN611Ycg6IB1EtyBNDE/P3CJHG7qBSVSxOK5on:D/fOujAyBfJHG7qBSVV
File size : 146432 bytes
First seen: 2009-05-19 22:15:56
Last seen : 2010-10-08 19:12:28
TrID:
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1AC8E
timedatestamp....: 0x4937550D (Thu Dec 04 03:57:01 2008)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1D6F4, 0x1D800, 6.70, 62402e783650c2ae8e9813d0a955b34f
.data, 0x1F000, 0x1280, 0x1000, 3.29, b08a348f35e82313181c57d4259dcfcc
.rsrc, 0x21000, 0x2A68, 0x2C00, 4.28, ee5407867641daf46989cf2517459519
.reloc, 0x24000, 0x22F2, 0x2400, 6.14, c77f47ffc01c2e32b8cd63c3d104894a
[[ 11 import(s) ]]
msvcrt.dll: isgraph, fclose, fread, free, strchr, calloc, _strnicmp, memset, fopen, _except_handler4_common, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, atof, _ftol2, _ftol2_sse, swscanf, _vsnwprintf, _vsnprintf, _purecall, __2@YAPAXI@Z, realloc, malloc, __3@YAXPAX@Z, __CxxFrameHandler3, _swprintf, sprintf, strncpy, _wcsicmp, __1type_info@@UAE@XZ, atoi, isspace, memcpy
KERNEL32.dll: CreateFileW, GetVolumeInformationA, GetSystemTime, ReadFile, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GlobalFree, GlobalLock, GlobalAlloc, FindClose, FindFirstFileA, GetWindowsDirectoryA, GetPrivateProfileSectionA, GetPrivateProfileStringA, CloseHandle, WriteFile, CreateFileA, GetVersionExA, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, GetLastError, InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, lstrlenA, IsDBCSLeadByte, lstrcmpiA, LeaveCriticalSection, EnterCriticalSection, HeapDestroy, DisableThreadLibraryCalls, lstrcatA, lstrcpynA, lstrcpyA, GetModuleFileNameA, FreeLibrary, GetProcAddress, LoadLibraryA, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, LocalFree, SetEvent, WaitForMultipleObjects, CreateThread, CreateEventA, GetSystemTimeAsFileTime, CompareStringOrdinal, CompareStringA, InterlockedExchange, Sleep, InterlockedCompareExchange, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, LocalAlloc
USER32.dll: CharPrevA, CharNextA
ADVAPI32.dll: RegCreateKeyA, RegEnumKeyExA, RegQueryValueExA, RegDeleteKeyA, RegEnumValueA, RegQueryInfoKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA
ole32.dll: CLSIDFromString, PropVariantClear, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, CoTaskMemFree
OLEAUT32.dll: -, -, -, -, -, -
SHELL32.dll: SHGetFolderPathA, SHGetSpecialFolderPathW, SHGetSpecialFolderPathA
HID.DLL: HidD_FreePreparsedData, HidP_SetUsageValue, HidD_GetPreparsedData, HidD_GetHidGuid, HidD_GetAttributes, HidP_GetCaps
SETUPAPI.dll: SetupDiGetClassDevsA, SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInterfaceDetailA, SetupDiEnumDeviceInterfaces
IPHLPAPI.DLL: GetAdaptersInfo
SHLWAPI.dll: PathGetDriveNumberA
[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2010.10.08.01 2010.10.08 -
AntiVir 7.10.12.167 2010.10.08 -
Antiy-AVL 2.0.3.7 2010.10.08 -
Authentium 5.2.0.5 2010.10.08 -
Avast 4.8.1351.0 2010.10.08 -
Avast5 5.0.594.0 2010.10.08 -
AVG 9.0.0.851 2010.10.08 -
BitDefender 7.2 2010.10.08 -
CAT-QuickHeal 11.00 2010.10.08 -
ClamAV 0.96.2.0-git 2010.10.08 -
Comodo 6322 2010.10.08 -
DrWeb 5.0.2.03300 2010.10.08 -
Emsisoft 5.0.0.50 2010.10.08 -
eSafe 7.0.17.0 2010.10.07 -
eTrust-Vet 36.1.7900 2010.10.08 -
F-Prot 4.6.2.117 2010.10.08 -
F-Secure 9.0.15370.0 2010.10.08 -
Fortinet 4.2.249.0 2010.10.08 -
GData 21 2010.10.08 -
Ikarus T3.1.1.90.0 2010.10.08 -
Jiangmin 13.0.900 2010.10.08 -
K7AntiVirus 9.65.2707 2010.10.08 -
Kaspersky 7.0.0.125 2010.10.08 -
McAfee 5.400.0.1158 2010.10.08 -
McAfee-GW-Edition 2010.1C 2010.10.08 Heuristic.LooksLike.HTML.Suspicious-URL.B
Microsoft 1.6201 2010.10.08 -
NOD32 5516 2010.10.08 -
Norman 6.06.07 2010.10.08 -
nProtect 2010-10-08.01 2010.10.08 -
Panda 10.0.2.7 2010.10.08 -
PCTools 7.0.3.5 2010.10.08 -
Prevx 3.0 2010.10.08 -
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.08 -
Sunbelt 7016 2010.10.08 -
SUPERAntiSpyware 4.40.0.1006 2010.10.08 -
Symantec 20101.2.0.161 2010.10.08 -
TheHacker 6.7.0.1.052 2010.10.08 -
TrendMicro 9.120.0.1004 2010.10.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.08 -
VBA32 3.12.14.1 2010.10.08 -
ViRobot 2010.10.4.4074 2010.10.08 -
VirusBuster 12.67.9.0 2010.10.08 -
Additional information
Show all
MD5 : 32a5cc78dfdc77791a8a9d530f7f44b4
SHA1 : 53a2ea78940a3230b5353044e9bbe1192f5793cb
SHA256: da06c238f8230d59fc2451457b91c1075e00e03686c97e0a307301d274b6cbd1
ssdeep: 48:cXOzRs6izRsVUmzRsQzRsgzRsKzRsyhvrzRsyML:ptUc31tlg
File size : 1841 bytes
First seen: 2010-10-08 19:16:04
Last seen : 2010-10-08 19:16:04
TrID:
HyperText Markup Language (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
|
| Themen zu Infizierung mit TR/ATRAPS.Gen und TR/Crypt.XPACK.Gen3 |
| 'tr/atraps.gen', adblock, alternate, analysis, antivir, autorun, avgntflt.sys, avira, bho, bonjour, browser, browser guard, canon, components, computer, corp./icp, document, dropbox, entfernen, error, excel.exe, firefox, firefox.exe, flash player, google, home, home premium, jdownloader, location, logfile, microsoft office word, mozilla, mozilla thunderbird, nodrives, nvstor.sys, oldtimer, otl logfile, otl.exe, otlogfile, plug-in, problem, programdata, realtek, recuva, registry, rundll, saver, sched.exe, searchplugins, security, senden, shell32.dll, spyware, start menu, studio, super, system restore, taskhost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, tracker, trojaner, usb, visual studio, vlc media player |
Baum-Darstellung