| |
| |||||||
Log-Analyse und Auswertung: Trojan.Win.Agent.dccWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
18.01.2010, 16:45
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojan.Win.Agent.dcc Ja, ruhig nochmal anwenden bitte. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.01.2010, 16:51
| #2 |
 | Trojan.Win.Agent.dcc Gesagt, Getan
__________________ Auf zum Cofi. Bis später |
|
18.01.2010, 17:45
| #3 |
| | Trojan.Win.Agent.dcc Hier der Bericht von Cofi:
__________________Code:
ATTFilter ComboFix 10-01-17.04 - Versuch 18.01.2010 17:22:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1022.326 [GMT 1:00]
ausgeführt von:: c:\users\Versuch\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3431969251-4012776688-2110599007-500
C:\install.exe
c:\users\Versuch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
.
((((((((((((((((((((((( Dateien erstellt von 2009-12-18 bis 2010-01-18 ))))))))))))))))))))))))))))))
.
2010-01-18 16:34 . 2010-01-18 16:34 -------- d-----w- c:\users\Versuch\AppData\Local\temp
2010-01-18 16:34 . 2010-01-18 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-15 20:52 . 2010-01-15 20:52 -------- d-----w- c:\users\Versuch\AppData\Roaming\Malwarebytes
2010-01-15 18:07 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 18:07 . 2010-01-15 18:07 -------- d-----w- c:\programdata\Malwarebytes
2010-01-15 18:07 . 2010-01-15 18:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 18:07 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 17:50 . 2010-01-15 17:51 -------- d-----w- C:\rsit
2010-01-14 22:07 . 2010-01-14 22:07 -------- d-----w- c:\program files\Trend Micro
2010-01-14 21:12 . 2010-01-14 21:12 -------- d-----w- c:\users\Versuch\AppData\Local\Threat Expert
2010-01-14 21:08 . 2010-01-18 10:27 -------- d-----w- c:\program files\Spyware Doctor
2010-01-14 20:39 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-14 20:39 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-14 20:39 . 2010-01-14 20:39 -------- d-----w- c:\programdata\Avira
2010-01-13 08:47 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 08:47 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-04 14:32 . 2010-01-04 14:32 6868368 ----a-w- c:\users\Versuch\AppData\Roaming\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 02:41 . 2007-02-14 17:03 -------- d-----w- c:\program files\winamp
2010-01-13 11:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 16:17 . 2008-07-01 20:23 -------- d-----w- c:\users\Versuch\AppData\Roaming\ICQ
2010-01-12 11:23 . 2009-12-01 11:09 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-11 19:39 . 2007-01-15 18:12 628210 ----a-w- c:\windows\system32\perfh007.dat
2010-01-11 19:39 . 2007-01-15 18:12 126850 ----a-w- c:\windows\system32\perfc007.dat
2009-12-31 14:36 . 2009-07-18 10:48 -------- d-----w- c:\program files\ICQ6.5
2009-12-30 17:42 . 2007-02-22 22:12 136008 ----a-w- c:\users\Versuch\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 15:14 . 2009-07-01 15:47 -------- d-----w- c:\programdata\Microsoft Help
2009-12-16 22:12 . 2007-04-16 12:36 -------- d-----w- c:\programdata\HP
2009-12-05 12:36 . 2007-02-13 22:36 -------- d-----w- c:\programdata\Roxio
2009-12-01 11:09 . 2009-12-01 11:08 -------- d-----w- c:\program files\PDFCreator
2009-11-23 20:04 . 2007-04-04 12:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-21 06:40 . 2009-12-09 11:50 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 11:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 11:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 11:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 00:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-09 12:31 . 2009-12-10 13:29 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 13:29 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 13:29 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-03 11:56 . 2009-11-03 11:56 1180920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-02 19:42 . 2009-10-03 11:37 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-12-03 14:50 2048 ----a-w- c:\windows\system32\tzres.dll
2003-04-27 20:02 . 2007-04-13 21:49 647168 ----a-w- c:\program files\tetris.exe
2008-08-10 23:19 . 2008-08-10 23:19 23552 ----a-w- c:\program files\mozilla firefox\plugins\DrvMgt.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 01:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"mHotkey"="mHotkey.exe" [2006-06-19 559104]
"HostManager"="c:\program files\Common Files\AOL\1168853550\ee\AOLSoftware.exe" [2006-11-14 50736]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-12-20 2519040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"GrooveMonitor"="c:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-9 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):92,4e,f4,b3,f1,36,ca,01
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [14.01.2010 21:39 108289]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [17.01.2008 16:15 715248]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [28.05.2008 01:50 21504]
S4 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\System32\drivers\FLMckUSB.sys [15.01.2007 19:08 69810]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-01-18 c:\windows\Tasks\Erweiterte Garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-01-15 16:38]
2010-01-18 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-01-15 16:34]
2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{0E8EFC26-C431-4765-8592-57102D933EBF}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{E71D1D21-BEDF-41DD-9481-F025251F282C}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npskilljamloader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npssp32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{B814DEE4-49A2-4958-B204-F3B17279B663} - (no file)
HKLM-Run-CDEjtCtr - CDCtr.exe
HKLM-Run-Arcor Online - (no file)
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 17:34
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\users\Versuch\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2978858628-215539607-716368754-1003\Software\SecuROM\License information*]
"datasecu"=hex:b0,6a,1b,a3,df,24,54,68,dd,34,fd,3e,4e,e5,41,e9,96,bf,be,1f,dd,
cd,0d,ac,d7,48,20,6d,08,92,3f,84,47,f2,d1,8a,90,57,a4,91,dd,95,3e,90,d3,07,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6e05a693-de63-454e-94f4-beafdbf83b31}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:c6020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8a8aee4f-2d2f-4137-aad7-30240dba8f10}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0019db
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2010-01-18 17:37:41
ComboFix-quarantined-files.txt 2010-01-18 16:37
Vor Suchlauf: 12 Verzeichnis(se), 123.644.817.408 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 128.998.309.888 Bytes frei
- - End Of File - - 1A272BDB2E99B960069F00EB8AAEE478
|
|
| Themen zu Trojan.Win.Agent.dcc |
| adobe, antivir, antivir guard, ask toolbar, askbar, avg, avgnt, avgnt.exe, avira, bho, bildschirm, bonjour, browser, browser guard, defender, desktop, excel, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, local\temp, logfile, media center, office 2007, pdfforge toolbar, plug-in, rundll, security, senden, spyware, symantec, temp, toolbars, trojan.win.agent.dcc, trojanisches pferd, vista |
Hybrid-Darstellung
