| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.01.2012, 16:40
| #16 |
 |  Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 So, hier der LOG von Combofix, diesmal im Code-Tag :-) Code:
ATTFilter ComboFix 12-01-02.01 - Admin 02.01.2012 16:28:39.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4061.2645 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\contacts3.bin
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings.bin
c:\programdata\AMMYY\settings3.bin
c:\users\Daniel\AppData\Local\assembly\tmp
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-02 bis 2012-01-02 ))))))))))))))))))))))))))))))
.
.
2012-01-02 15:35 . 2012-01-02 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-02 14:21 . 2012-01-02 14:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-01 16:10 . 2012-01-01 16:10 -------- d-----r- C:\Sandbox
2012-01-01 16:09 . 2012-01-01 16:09 -------- d-----w- c:\program files\Sandboxie
2012-01-01 12:07 . 2012-01-01 12:07 -------- d-----w- c:\program files (x86)\ESET
2011-12-31 08:55 . 2011-12-31 08:54 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-31 08:55 . 2011-12-31 08:54 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-31 08:54 . 2011-12-31 08:54 -------- d-----w- c:\program files\Java
2011-12-31 08:49 . 2011-12-31 08:49 -------- d-----w- c:\program files (x86)\FileHippo.com
2011-12-30 17:47 . 2011-12-30 17:47 -------- d-----w- c:\program files\CCleaner
2011-12-30 17:22 . 2011-12-30 17:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DC1881B-221A-49F2-9C81-D2201A3D745F}\offreg.dll
2011-12-30 17:01 . 2011-12-30 17:01 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-30 16:55 . 2011-12-30 17:47 -------- d-----w- c:\users\Admin
2011-12-30 09:38 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DC1881B-221A-49F2-9C81-D2201A3D745F}\mpengine.dll
2011-12-30 08:09 . 2011-12-30 08:09 -------- d-----w- c:\users\Daniel\AppData\Roaming\Avira
2011-12-30 08:08 . 2011-12-15 14:14 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-30 08:08 . 2011-12-15 14:14 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-30 08:08 . 2011-12-15 14:14 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-12-30 08:08 . 2011-12-15 14:14 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-30 08:08 . 2011-12-15 14:14 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-12-30 08:07 . 2011-12-30 08:08 -------- d-----w- c:\programdata\Avira
2011-12-30 08:07 . 2011-12-30 08:07 -------- d-----w- c:\program files (x86)\Avira
2011-12-29 17:33 . 2011-12-29 17:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-12-29 17:33 . 2011-12-29 17:33 -------- d-----w- c:\programdata\Malwarebytes
2011-12-29 17:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 17:33 . 2011-12-29 17:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-21 08:23 . 2011-12-29 13:40 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-21 08:23 . 2011-12-21 08:23 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-21 08:23 . 2011-12-21 08:23 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-21 08:23 . 2011-12-21 08:23 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-16 09:06 . 2011-12-16 09:06 -------- d-----w- c:\users\Daniel\AppData\Roaming\Canneverbe Limited
2011-12-16 09:06 . 2011-12-16 09:06 -------- d-----w- c:\programdata\Canneverbe Limited
2011-12-16 09:04 . 2011-12-16 09:04 -------- d-----w- c:\program files (x86)\CDBurnerXP
2011-12-14 07:53 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 07:53 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 07:53 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 07:53 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 07:53 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 07:53 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-12-13 18:54 . 2007-04-16 04:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP93.DLL
2011-12-13 18:54 . 2007-04-16 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD93.DLL
2011-12-13 18:53 . 2007-04-16 04:00 258560 ----a-w- c:\windows\system32\CNMLM93.DLL
2011-12-11 09:40 . 2011-12-11 09:40 -------- d-----w- c:\users\Daniel\AppData\Roaming\fm.bandit.desktop
2011-12-11 08:45 . 2011-12-11 08:48 -------- d-----w- c:\users\Daniel\.jenny
2011-12-09 12:50 . 2011-12-09 12:50 -------- d-----w- c:\programdata\DesktopIcons
2011-12-09 12:50 . 2011-12-09 12:50 -------- d-----w- c:\users\Daniel\AppData\Roaming\1&1 Mail & Media GmbH
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 08:52 . 2011-07-06 06:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 04:54 . 2011-07-06 06:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-21 07:44 . 2011-10-21 07:44 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-21 07:44 . 2011-10-21 07:44 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-10-21 07:44 . 2011-10-21 07:44 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\Sidebar.exe" [2010-11-20 1174016]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Daniel\AppData\Local\Temp\GPU-Z.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTCore64;RTCore64;c:\users\Daniel\Utilities\rmclock\RTCore64.sys [2005-05-25 7168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/21 09:46];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-15 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-15 463824]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 11288450
*NewlyCreated* - SBIEDRV
*Deregistered* - 11288450
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 10:25]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 10:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-02 16:38:15
ComboFix-quarantined-files.txt 2012-01-02 15:38
.
Vor Suchlauf: 12 Verzeichnis(se), 397.268.537.344 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 400.668.676.096 Bytes frei
.
- - End Of File - - E4E8A7D830A70F5E14785985D9E13874
|
|
02.01.2012, 20:18
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________
__________________ |
|
03.01.2012, 00:01
| #18 |
| | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Hier der LOG
__________________Code:
ATTFilter aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2012-01-02 23:52:31
-----------------------------
23:52:31.340 OS Version: Windows x64 6.1.7601 Service Pack 1
23:52:31.340 Number of processors: 2 586 0x1706
23:52:31.341 ComputerName: DANIEL-LAPTOP UserName: Admin
23:52:32.443 Initialize success
23:54:03.182 AVAST engine defs: 12010201
23:54:39.717 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:54:39.724 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 610480MB BusType: 3
23:54:39.767 Disk 0 MBR read successfully
23:54:39.774 Disk 0 MBR scan
23:54:39.787 Disk 0 Windows 7 default MBR code
23:54:39.813 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610478 MB offset 2048
23:54:39.829 Service scanning
23:54:45.953 Modules scanning
23:54:45.963 Disk 0 trace - called modules:
23:54:45.977 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:54:45.987 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064fd060]
23:54:45.996 3 CLASSPNP.SYS[fffff88001b9d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800472e050]
23:54:46.870 AVAST engine scan C:\Windows
23:54:52.207 AVAST engine scan C:\Windows\system32
23:56:53.768 AVAST engine scan C:\Windows\system32\drivers
23:57:08.200 AVAST engine scan C:\Users\Admin
23:57:14.000 AVAST engine scan C:\ProgramData
00:00:22.629 Scan finished successfully
00:00:58.113 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
00:00:58.118 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
|
|
03.01.2012, 19:36
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 |
| 7 viren, adblock, administrator, antivir, autostart, avg, canon, dateien, dateisystem, desktop, document, explorer, festplatte, google chrome, heuristiks/extra, heuristiks/shuriken, internetseite, langs, microsoft, modul, namen, nt.dll, plug-in, programm, prozesse, registry, rundll, rundll32.exe, sched.exe, seite, software, suche, temp, tr/crypt.xpack.ge, trojan.agent, verweise, viren, virus, webcheck, windows |
Linear-Darstellung
