TR/ATRAPS.Gen2 und W32/Patched.UC gefunden

Sniperwurst · 11.05.2013, 13:58

Code:

ATTFilter

Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Yannick on 11.05.2013 at 14:47:38,76.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results11.05.2013-1022.log	212 bytes
C:\zoek-results11.05.2013-1047.log	69032 bytes
C:\zoek-results11.05.2013-1223.log	8767 bytes

==== Possible Rootkit Infection ======================

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\GutscheinFinder" deleted
"C:\Program Files (x86)\Free HD Converter" deleted
"C:\Program Files\Common Files\Wondershare" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- GutscheinCodes.de GutscheinFinder - %ProfilePath%\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack
- Better Battlelog BBLog - %ProfilePath%\extensions\jid1-qQSMEVsYTOjgYA@jetpack
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
- FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
F7E72D3A281F922BACEC1A71A826D4C2	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll -	Shockwave Flash
7D35CB60201CED2F01AE06F1816231E2	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.100.18
FEF9ECECFA177AEC0F7564A08394D2C8	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -	RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -	RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -	RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -	RealDownloader Plugin
7C0C6F7B9C0CD4162D33276FDEBC86F7	- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll -	EA Battlefield Heroes Updater
2B737A92C7C327E48C735B3060DB85A8	- C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll -	PDF-XChange Viewer
6846D2CA7E1D5937AEE3F99BB7F5464B	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll -	Shockwave for Director / Shockwave for Director
BF6273472DCAD201B029131D4AC6DDE3	- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll -	Battlefield Play4Free Updater
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Deleting Files \ Folders ======================

"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
didlmjkkjfegblmkekbhgpefajgikncm - C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx[]
djbdlklldbflagkkpaljamjfbpefcbpf - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[24.03.2013 05:22]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 21:35]

Google Drive - Yannick - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Yannick - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Yannick - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Yannick - Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
GutscheinCodes.de GutscheinFinder - Yannick - Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm
HomeTab - Yannick - Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf
Safe Money - Yannick - Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Yannick - Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
RealDownloader - Yannick - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Virtual Keyboard - Yannick - Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
SmallringFX DarkBlue Theme - Yannick - Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk
Gmail - Yannick - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Yannick - Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Chrome Fix ======================

C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh deleted successfully

==== Reset Google Chrome ======================

C:\users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\didlmjkkjfegblmkekbhgpefajgikncm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf deleted successfully

Die TDSSKiller.exe hat nix gefunden!!

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 und W32/Patched.UC gefunden

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden

Ähnliche Themen: TR/ATRAPS.Gen2 und W32/Patched.UC gefunden