Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira - TR/ATRAPS.Gen2

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.06.2012, 19:03   #1
Morphyn
 
Avira - TR/ATRAPS.Gen2 - Standard

Avira - TR/ATRAPS.Gen2



Hey,
ich habe eine email bekommen, die angeblich von der Deutschen Post stammte mit der Bitte ein im Anhang beigefügtes Etikett auszudrucken.
Da habe ich leider draufgedrückt und mir einen Virus heruntergeladen.
Mein Antivirenprogramm Avira meldet jetzt im 5 Minuten Takt das folgende Viren gefunden werden:
TR/ATRAPS.Gen2
TR/Sirefef.AG.35

Schon mal danke im Vorraus fürs Anschauen
Grüße,
Morphyn

Beigefügt ist der OTL Log:
Code:
ATTFilter
OTL logfile created on: 26.06.2012 19:42:26 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Earthman\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,26% Memory free
4,00 Gb Paging File | 2,52 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 83,21 Gb Free Space | 71,46% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 11,84 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
Drive E: | 116,44 Gb Total Space | 4,23 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
Drive F: | 116,44 Gb Total Space | 36,20 Gb Free Space | 31,09% Space Free | Partition Type: NTFS
Drive L: | 574,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 14,71 Gb Total Space | 14,04 Gb Free Space | 95,45% Space Free | Partition Type: FAT32
 
Computer Name: DIONYSOS | User Name: Earthman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.26 19:42:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Earthman\Downloads\OTL.exe
PRC - [2012.06.17 11:34:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Earthman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 12:37:46 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.05.08 12:37:46 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 12:37:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 12:37:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 12:37:46 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.17 11:34:34 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.04.23 11:25:30 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.17 11:34:34 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:59:52 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 12:37:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 12:37:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.21 15:37:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.08 12:37:46 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 12:37:46 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.07 15:29:52 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009.10.07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 03 4D D1 7A 9D CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.11 00:49:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:34:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.07 15:39:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:34:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.07 15:39:53 | 000,000,000 | ---D | M]
 
[2011.11.07 20:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Earthman\AppData\Roaming\mozilla\Extensions
[2012.05.02 20:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Earthman\AppData\Roaming\mozilla\Firefox\Profiles\nkrv4rwc.default\extensions
[2011.11.07 20:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.11 00:49:30 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.05.02 11:41:00 | 000,013,610 | ---- | M] () (No name found) -- C:\USERS\EARTHMAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NKRV4RWC.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[2012.06.17 11:34:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.12 17:30:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 17:30:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 17:30:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 17:30:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 17:30:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 17:30:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [geriqhlp] C:\Users\Earthman\AppData\Local\chdhvdvd.exe ()
O4 - Startup: C:\Users\Earthman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Earthman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.246.9.116 131.246.1.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BDA1A75-5EA7-4428-A88C-3789D2E240FD}: DhcpNameServer = 131.246.9.116 131.246.1.116
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.10.31 01:00:37 | 000,000,175 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6dfa66b7-9828-11e1-9bba-002522070100}\Shell - "" = AutoRun
O33 - MountPoints2\{6dfa66b7-9828-11e1-9bba-002522070100}\Shell\AutoRun\command - "" = L:\setup.exe -- [2006.10.31 01:00:37 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{6dfa66b7-9828-11e1-9bba-002522070100}\Shell\configure\command - "" = L:\setup.exe -- [2006.10.31 01:00:37 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{6dfa66b7-9828-11e1-9bba-002522070100}\Shell\install\command - "" = L:\setup.exe -- [2006.10.31 01:00:37 | 000,463,152 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.26 17:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B00241AB8000A9212B4EB238B
[2012.06.21 11:12:01 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 11:12:01 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 11:11:55 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 11:11:55 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 11:11:55 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 11:11:46 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 11:11:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.07 23:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.07 23:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.06.06 16:29:20 | 000,000,000 | ---D | C] -- C:\Users\Earthman\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012.06.01 11:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.06.26 19:30:41 | 000,058,368 | ---- | M] () -- C:\Users\Earthman\AppData\Local\wgwaxgkg
[2012.06.26 19:26:41 | 000,000,000 | ---- | M] () -- C:\Users\Earthman\AppData\Roaming\SharedSettings.ccs
[2012.06.26 19:23:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.26 19:23:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.26 19:13:51 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 19:13:51 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 19:06:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.26 19:06:21 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.26 17:47:34 | 000,389,120 | ---- | M] () -- C:\Users\Earthman\AppData\Local\lissgtia.exe
[2012.06.26 17:45:26 | 000,389,120 | ---- | M] () -- C:\Users\Earthman\AppData\Local\asnonumj.exe
[2012.06.26 17:37:09 | 000,030,208 | ---- | M] () -- C:\Users\Earthman\AppData\Local\chdhvdvd.exe
[2012.06.25 19:23:49 | 000,145,949 | ---- | M] () -- C:\Users\Earthman\Desktop\300_Uebungen _20120418.pdf
[2012.06.14 09:51:15 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.14 09:51:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.14 09:51:15 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.14 09:51:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.12 16:01:37 | 000,820,128 | ---- | M] () -- C:\Users\Earthman\Desktop\Laborbericht_Disperse_System_2.pdf
[2012.06.12 15:14:29 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.06.07 23:27:52 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.07 22:57:13 | 002,037,560 | ---- | M] () -- C:\Users\Earthman\Desktop\brochure_la950_la300_de.pdf
[2012.06.07 17:36:03 | 003,188,906 | ---- | M] () -- C:\Users\Earthman\Desktop\PSA_Guidebook.pdf
[2012.06.03 23:27:04 | 000,001,018 | ---- | M] () -- C:\Users\Earthman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.03 23:26:41 | 000,000,992 | ---- | M] () -- C:\Users\Earthman\Desktop\Dropbox.lnk
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.05.31 20:08:44 | 000,164,114 | ---- | M] () -- C:\Users\Earthman\Documents\ts3_clientui-win32-1334913258-2012-05-31 20_08_42.501953.dmp
[2012.05.31 19:21:37 | 000,159,056 | ---- | M] () -- C:\Users\Earthman\Documents\ts3_clientui-win32-1334913258-2012-05-31 19_21_33.572265.dmp
[2012.05.29 18:00:26 | 000,014,524 | ---- | M] () -- C:\Users\Earthman\Desktop\Siedlerrechner!.ods
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.06.26 19:30:41 | 000,058,368 | ---- | C] () -- C:\Users\Earthman\AppData\Local\wgwaxgkg
[2012.06.26 19:26:41 | 000,000,000 | ---- | C] () -- C:\Users\Earthman\AppData\Roaming\SharedSettings.ccs
[2012.06.26 19:23:21 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{fc2b30b2-6e80-0a82-abed-d9f696c92fbb}\U\00000001.@
[2012.06.26 17:47:28 | 000,389,120 | ---- | C] () -- C:\Users\Earthman\AppData\Local\lissgtia.exe
[2012.06.26 17:45:25 | 000,389,120 | ---- | C] () -- C:\Users\Earthman\AppData\Local\asnonumj.exe
[2012.06.26 17:37:09 | 000,030,208 | ---- | C] () -- C:\Users\Earthman\AppData\Local\chdhvdvd.exe
[2012.06.25 19:23:49 | 000,145,949 | ---- | C] () -- C:\Users\Earthman\Desktop\300_Uebungen _20120418.pdf
[2012.06.12 16:01:35 | 000,820,128 | ---- | C] () -- C:\Users\Earthman\Desktop\Laborbericht_Disperse_System_2.pdf
[2012.06.07 22:57:13 | 002,037,560 | ---- | C] () -- C:\Users\Earthman\Desktop\brochure_la950_la300_de.pdf
[2012.06.07 17:36:03 | 003,188,906 | ---- | C] () -- C:\Users\Earthman\Desktop\PSA_Guidebook.pdf
[2012.05.31 20:08:42 | 000,164,114 | ---- | C] () -- C:\Users\Earthman\Documents\ts3_clientui-win32-1334913258-2012-05-31 20_08_42.501953.dmp
[2012.05.31 19:21:33 | 000,159,056 | ---- | C] () -- C:\Users\Earthman\Documents\ts3_clientui-win32-1334913258-2012-05-31 19_21_33.572265.dmp
[2012.01.11 20:09:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{fc2b30b2-6e80-0a82-abed-d9f696c92fbb}\@
[2012.01.11 20:09:51 | 000,002,048 | -HS- | C] () -- C:\Users\Earthman\AppData\Local\{fc2b30b2-6e80-0a82-abed-d9f696c92fbb}\@
[2011.11.13 20:41:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.11.10 11:18:23 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.11.10 11:18:23 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT

< End of report >
         

Alt 27.06.2012, 12:43   #2
markusg
/// Malware-holic
 
Avira - TR/ATRAPS.Gen2 - Standard

Avira - TR/ATRAPS.Gen2



hi kommst du noch an die mail? wenn ja mal bitte weiterleiten.
wie das geht steht in meiner signatur
__________________

__________________

Antwort

Themen zu Avira - TR/ATRAPS.Gen2
5 minuten, adobe, autorun, avg, avira, bho, desktop, email, explorer, firefox, firefox 13.0.1, format, helper, langs, log, logfile, mozilla, nvidia, opera, programm, programme, registry, scan, searchscopes, senden, software, virus, windows, wmp




Ähnliche Themen: Avira - TR/ATRAPS.Gen2


  1. Avira meldet TR/Jorik.Totem.vz, TR/ATRAPS.Gen2, T/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (50)
  2. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira in $Recycle.bin gemeldet.
    Log-Analyse und Auswertung - 18.12.2012 (31)
  3. Avira: TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer...
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (9)
  4. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  5. TR/ATRAPS Gen und TR/ATRAPS Gen2 C:\RECYCLER\S-1-5-21-3287549451-3649138221-mit Avira endeckt. Mit Malewarebytes entfernt. Logfiles angefügt
    Log-Analyse und Auswertung - 13.10.2012 (2)
  6. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  7. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  8. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  9. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 wird bei Avira angezeigt
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (3)
  10. Avira findet dauernd TR/ATRAPS.Gen und TR/ATRAPS.Gen2, was muss ich machen damit es verschwindet ?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (25)
  11. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  12. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  13. Avira Antivirus Premium 2012: Funde von TR/ATRAPS.GEN TR/ATRAPS.GEN2 TR/Sirefef.P.666 BDS/ZAccess.T
    Log-Analyse und Auswertung - 25.07.2012 (3)
  14. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  15. Ich komme allein nicht weiter, Avira findet TR/ATRAPS.gen - TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (5)
  16. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  17. TR/ATRAPS.GEN und TR/ATRAPS.GEN2 von Avira und Malwarebytes nicht aufzufinden
    Log-Analyse und Auswertung - 10.06.2012 (1)

Zum Thema Avira - TR/ATRAPS.Gen2 - Hey, ich habe eine email bekommen, die angeblich von der Deutschen Post stammte mit der Bitte ein im Anhang beigefügtes Etikett auszudrucken. Da habe ich leider draufgedrückt und mir einen - Avira - TR/ATRAPS.Gen2...
Archiv
Du betrachtest: Avira - TR/ATRAPS.Gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.