|
Plagegeister aller Art und deren Bekämpfung: Hilfe Virus eingefangen: Windows blockiert!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.02.2012, 00:06 | #1 |
| Hilfe Virus eingefangen: Windows blockiert! Liebes Trojaner Board Team, ich brauche dringend Eure Hilfe. Ich habe heute die Seite tvfun.ma aufgemacht, weil ich dort eine Sitcom, die nur über Satellit zu empfangen ist, schauen wollte, und da hat sich mein Firefox verabschiedet. Ich habe die Meldung bekommen, das das Sicherheitssystem von Windows blockiert ist und als ich meinen Avira Virenscanner starten wollte, wurde mir angezeigt, dass mein Rechner stark virenverseucht sei und ich 50 EUR zahlen sollte, um ihn zu reinigen. Ich habe daraufhin den Rechner im abgesicherten Moduns hochgefahren und nochmal einen Virenscan gemacht. 2 Viren wurden gefunden, die habe ich entfernt. Als ich dann den Rechner im normalen Modus wieder hochgefahren habe, bestand das Problem immer noch. Durch meine Recherche im Internet bin ich auf Eure Seite gekommen und habe gesehen, dass ihr schon einigen Nutzern mit demselben Virus geholfen habt. Ich wäre sehr dankbar, wenn ihr mir helfen könntet. Ich habe Windows Vista als OS. Ich danke Euch nochmal für Eure Hilfe. Eure Lina S. |
29.02.2012, 09:15 | #2 |
| Hilfe Virus eingefangen: Windows blockiert! Hi,
__________________in den abgesicherten Modus mit Netzwerkunterstützung booten (F8 beim Booten drücken) und dann: OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
29.02.2012, 10:37 | #3 |
| Hilfe Virus eingefangen: Windows blockiert! Vielen Dank für die schnelle Antwort, Chris. Hier sind die Logfiles.
__________________ |
29.02.2012, 10:43 | #4 |
| Hilfe Virus eingefangen: Windows blockiert! Lieber Chris, danke für die schnelle Antwort. Hier sind die Logfiles: |
29.02.2012, 10:47 | #5 |
| Hilfe Virus eingefangen: Windows blockiert! Hi, hmm, wo? Ha, jetzt schon... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (29.02.2012 um 11:02 Uhr) |
29.02.2012, 10:58 | #6 |
| Hilfe Virus eingefangen: Windows blockiert! Hi Chris, die Dateien habe ich als Anhang wie in der Anleitung hinzugefügt. Siehst du sie? Direkt unter meiner Antwort. LG Lina S. |
29.02.2012, 11:24 | #7 |
| Hilfe Virus eingefangen: Windows blockiert! Hi, viele, nicht nette Sachen... Das hier lass ich mal löschen, falls Du es nicht willst, aus dem OTL-Script rausnehmen (ist hidden auf dem Desktop)! ~$رَّحِيمِ الرَّحْمَنِ اللَّهِ بِسْمِ.docx Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\Yahya\AppData\Roaming\BAcroIEHelpe.dll C:\Users\Yahya\AppData\Local\Skype\Skype.exe C:\Users\Yahya\AppData\Roaming\AcroIEHelpe.dll C:\Users\Yahya\AppData\Roaming\appconf32.exe
Fix für OTL:
Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. O4 - HKCU..\Run: [SkypeM] C:\Users\Yahya\AppData\Local\Skype\Skype.exe (Fearghus & Mitchell Co.) O4 - HKCU..\Run: [Userinit] C:\Users\Yahya\AppData\Roaming\appconf32.exe () O32 - AutoRun File - [2008.06.02 23:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{12e45d0c-aba9-11de-b4c2-82379398e654}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL O33 - MountPoints2\{a476124f-9fd1-11de-b1d3-a43c4364def5}\Shell - "" = AutoRun O33 - MountPoints2\{a476124f-9fd1-11de-b1d3-a43c4364def5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a4761271-9fd1-11de-b1d3-a43c4364def5}\Shell - "" = AutoRun O33 - MountPoints2\{a4761271-9fd1-11de-b1d3-a43c4364def5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a476128d-9fd1-11de-b1d3-a43c4364def5}\Shell - "" = AutoRun O33 - MountPoints2\{a476128d-9fd1-11de-b1d3-a43c4364def5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b5f24b19-a826-11de-b93d-d9244b3cf710}\Shell - "" = AutoRun O33 - MountPoints2\{b5f24b19-a826-11de-b93d-d9244b3cf710}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b5f24b1c-a826-11de-b93d-d9244b3cf710}\Shell - "" = AutoRun O33 - MountPoints2\{b5f24b1c-a826-11de-b93d-d9244b3cf710}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9157f82-61bb-11df-b85a-b03a80523b67}\Shell\AutoRun\command - "" = D:\Launcher.exe O33 - MountPoints2\{ccb75be1-9eb4-11de-b5ed-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ccb75be1-9eb4-11de-b5ed-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e0daaf0c-dab1-11de-b67f-b8519259bcf8}\Shell - "" = AutoRun O33 - MountPoints2\{e0daaf0c-dab1-11de-b67f-b8519259bcf8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence [2012.02.28 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\Yahya\AppData\Roaming\01009 [2012.02.28 18:49:43 | 000,390,552 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Yahya\AppData\Roaming\AcroIEHelpe.dll [2012.02.28 18:49:43 | 000,390,552 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Yahya\AppData\Roaming\AcroIEHelpe.dll [2012.02.28 18:49:43 | 000,005,528 | ---- | C] () -- C:\Users\Yahya\AppData\Roaming\BAcroIEHelpe.dll [2012.02.28 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\Yahya\AppData\Roaming\xmldm [2012.02.28 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Yahya\AppData\Roaming\kock [2012.02.28 23:45:40 | 000,000,080 | ---- | M] () -- C:\Users\Yahya\AppData\Roaming\blckdom.res [2010.09.07 13:06:04 | 000,000,162 | -H-- | M] ()(C:\Users\Yahya\Desktop\~$???????? ??????????? ??????? ??????.docx) -- C:\Users\Yahya\Desktop\~$رَّحِيمِ الرَّحْمَنِ اللَّهِ بِسْمِ.docx [2010.09.07 13:06:04 | 000,000,162 | -H-- | C] ()(C:\Users\Yahya\Desktop\~$???????? ??????????? ??????? ??????.docx) -- C:\Users\Yahya\Desktop\~$رَّحِيمِ الرَّحْمَنِ اللَّهِ بِسْمِ.docx :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = dword:0x00 :Commands [emptytemp] [Reboot]
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (29.02.2012 um 11:32 Uhr) |
29.02.2012, 12:08 | #8 |
| Hilfe Virus eingefangen: Windows blockiert! Hi Chris, ich weiß gar nicht, wie ich dir danken soll. Du kannst die Datei löschen, wenn sie den Virus enthält. Hier das Ergebnis der Scans: 1.) ssdeep 48:yaCoWHpadMvN+xYs9n0cKsBZqCyAXkTgNxHr2360MnanaWmwQOXjTYq:2+dMQxnbjqChUTyHr21MnanaW5jTY TrID Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:02:27 09:44:53+01:00 FileType.................: Win32 DLL PEType...................: PE32 CodeSize.................: 1024 LinkerVersion............: 5.12 EntryPoint...............: 0x1000 InitializedDataSize......: 3072 SubsystemVersion.........: 4.0 ImageVersion.............: 0.0 OSVersion................: 4.0 UninitializedDataSize....: 0 Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 834 1024 5.24 4921302b047da473a10dbbfc5347da68 .rdata 8192 537 1024 2.58 d536aef567291ab00218c0e68677337e .data 12288 1185 512 2.01 097edba434214dc1467a46eaa7506b69 .reloc 16384 112 512 1.41 882028edddc0a9be61e4094328980ac8 PE Imports....................: advapi32.dll RegCloseKey kernel32.dll GetModuleFileNameA, GetModuleHandleA, VirtualProtect, lstrcmpiA, lstrlenA shlwapi.dll SHCopyKeyW user32.dll SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx PE Exports....................: C, l, o, s, e, G, u, a, r, d, ,, , S, e, t, G, u, a, r, d First seen by VirusTotal 2012-02-27 13:29:25 UTC ( 1 Tag, 21 Stunden ago ) Last seen by VirusTotal 2012-02-29 11:05:24 UTC ( 0 Minuten ago ) File names (max. 25) 1. BAcroIEHelpe.dll 2. file-3603090_dll 3. BAcroIEHelpe079.dll 4. 8903B96E987B8B1F15C4006A13EF050086200C46.dll 2.) |
29.02.2012, 12:28 | #9 |
| Hilfe Virus eingefangen: Windows blockiert! Hi, bitte von Virustotal.com die Ergebnisse der Scanner abkopieren... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
29.02.2012, 12:34 | #10 |
| Hilfe Virus eingefangen: Windows blockiert! Ich hoffe, ich mache alles richtig, ich weiß nicht, ob ich das richtige kopiere. Hier ist die 2. Datei: 2.) SHA256: c8e63292bc9895bb4d1c3e19dbf329feb50598020c650cab50212fa323f0dda1 SHA1: a285dd9493b46a5f221da496e4b4bd1f90ad5ec3 MD5: 032da6269745d9b2bd1b769c763517c6 File size: 56.5 KB ( 57856 bytes ) File name: Skype.exe File type: Win32 EXE Detection ratio: 8 / 43 Analysis date: 2012-02-29 11:10:10 UTC ( 0 Minuten ago ) 0 0 Antivirus Result Update AhnLab-V3 - 20120228 AntiVir - 20120229 Antiy-AVL - 20120229 Avast - 20120228 AVG - 20120229 BitDefender Gen:Variant.Kazy.58724 20120229 ByteHero - None CAT-QuickHeal - 20120229 ClamAV - 20120229 Commtouch - 20120229 Comodo - 20120229 DrWeb - 20120229 Emsisoft - 20120229 eSafe - 20120227 eTrust-Vet - 20120229 F-Prot - 20120228 F-Secure Gen:Variant.Kazy.58724 20120229 Fortinet W32/Yakes.B!tr 20120229 GData Gen:Variant.Kazy.58724 20120229 Ikarus - 20120229 Jiangmin - 20120228 K7AntiVirus - 20120228 Kaspersky Trojan-Ransom.Win32.Foreign.anc 20120229 McAfee - 20120229 McAfee-GW-Edition - 20120229 Microsoft Trojan:Win32/Ransom.EJ 20120229 NOD32 a variant of Win32/Kryptik.ABPS 20120229 Norman - 20120228 nProtect - 20120229 Panda - 20120228 PCTools - 20120228 Prevx - 20120229 Rising - 20120228 Sophos - 20120229 SUPERAntiSpyware - 20120229 Symantec - 20120229 TheHacker Posible_Worm32 20120228 TrendMicro - 20120229 TrendMicro-HouseCall - 20120229 VBA32 - 20120228 VIPRE - 20120229 ViRobot - 20120229 VirusBuster - 20120229 * Comments * Additional information No comments More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community An error occurred ssdeep 1536:kxg4O+iG1bbeT3RawUW09PAkieWSPtOwTPZ:kxgg1bbIBaWWCvSMePZ TrID UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda's Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) ExifTool SubsystemVersion.........: 4.0 InitializedDataSize......: 4096 ImageVersion.............: 8.2 ProductName..............: Daunt Mobil Tally Mute FileVersionNumber........: 8.4.0.0 UninitializedDataSize....: 28672 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x003f CharacterSet.............: Unicode LinkerVersion............: 0.0 MIMEType.................: application/octet-stream FileVersion..............: 8, 4 TimeStamp................: 2009:02:20 00:49:54+01:00 FileType.................: Win32 EXE PEType...................: PE32 InternalName.............: Root Slabs Flush ProductVersion...........: 8, 4 FileDescription..........: Plaid Cameo Angie Cutlet Roar OSVersion................: 10.2 FileOS...................: Windows NT 32-bit Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles CompanyName..............: Fearghus & Mitchell Co. CodeSize.................: 57344 FileSubtype..............: 0 ProductVersionNumber.....: 8.4.0.0 EntryPoint...............: 0x14f90 ObjectFileType...........: Executable application Sigcheck publisher................: Fearghus _ Mitchell Co. product..................: Daunt Mobil Tally Mute internal name............: Root Slabs Flush file version.............: 8, 4 description..............: Plaid Cameo Angie Cutlet Roar Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 UPX0 4096 28672 0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 32768 57344 53760 7.92 01ee2b45802b89e76b092a0c04875ced .rsrc 90112 4096 3072 3.74 b853d45c9ca32488e54428a5bc46b320 PE Imports....................: COMDLG32.DLL WantArrows PDH.DLL PdhGetFormattedCounterValue CRYPTUI.DLL CryptUIDlgSelectCA NTDSAPI.DLL DsReplicaAddW GDI32.DLL GdiStartDocEMF KERNEL32.DLL LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess USER32.DLL SendMessageA First seen by VirusTotal 2012-02-29 11:10:10 UTC ( 1 Minute ago ) Last seen by VirusTotal 2012-02-29 11:10:10 UTC ( 1 Minute ago ) File names (max. 25) 1. Skype.exe |
29.02.2012, 12:39 | #11 |
| Hilfe Virus eingefangen: Windows blockiert! 3.) SHA256: d358d006c2d0b4767ebeeaae20733a303ce7dedb2b705dc15d69a1d0ec116d13 SHA1: a704394350300462dea9ee79f34a993c43d02351 MD5: ff2f1da95001f5fb8f50cac70033b72c File size: 381.4 KB ( 390552 bytes ) File name: AcroIEHelpe.dll File type: Win32 DLL Detection ratio: 3 / 43 Analysis date: 2012-02-29 11:37:46 UTC ( 0 Minuten ago ) 0 0 Antivirus Result Update AhnLab-V3 Trojan/Win32.Farko 20120228 AntiVir - 20120229 Antiy-AVL - 20120229 Avast - 20120228 AVG - 20120229 BitDefender - 20120229 ByteHero - None CAT-QuickHeal - 20120229 ClamAV - 20120229 Commtouch - 20120229 Comodo - 20120229 DrWeb - 20120229 Emsisoft - 20120229 eSafe - 20120227 eTrust-Vet - 20120229 F-Prot - 20120228 F-Secure Gen:Trojan.Heur.LP.aq5@aSshlLi 20120229 Fortinet - 20120229 GData - 20120229 Ikarus - 20120229 Jiangmin TrojanSpy.Farko.c 20120228 K7AntiVirus - 20120228 Kaspersky - 20120229 McAfee - 20120229 McAfee-GW-Edition - 20120229 Microsoft - 20120229 NOD32 - 20120229 Norman - 20120228 nProtect - 20120229 Panda - 20120228 PCTools - 20120228 Prevx - 20120229 Rising - 20120228 Sophos - 20120229 SUPERAntiSpyware - 20120229 Symantec - 20120229 TheHacker - 20120228 TrendMicro - 20120229 TrendMicro-HouseCall - 20120229 VBA32 - 20120228 VIPRE - 20120229 ViRobot - 20120229 VirusBuster - 20120229 * Comments * Additional information No comments More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community An error occurred ssdeep 6144:F3NgVDcXq30pZwayGz5Oi+zaqgfsCmxZnCQgOKko6k:ZNUDczf+zaqUyxZnCrhko6k TrID Windows OCX File (63.5%) Win32 Executable MS Visual C++ (generic) (19.3%) Windows Screen Saver (6.7%) Win32 Executable Generic (4.3%) Win32 Dynamic Link Library (generic) (3.8%) ExifTool UninitializedDataSize....: 0 InitializedDataSize......: 102400 ImageVersion.............: 0.0 ProductName..............: Adobe PDF Reader Link Helper FileVersionNumber........: 3.0.0.1 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x003f CharacterSet.............: Windows, Latin1 LinkerVersion............: 8.0 FileOS...................: Win32 MIMEType.................: application/octet-stream Subsystem................: Windows GUI FileVersion..............: 3.0.0.1 TimeStamp................: 2012:02:28 07:51:09+01:00 FileType.................: Win32 DLL PEType...................: PE32 InternalName.............: linkreader.dll ProductVersion...........: 3.0.0.1 SubsystemVersion.........: 4.0 OSVersion................: 4.0 OriginalFilename.........: linkreader.dll LegalCopyright...........: 2006 (c) Adobe Systems. All rights reserved. MachineType..............: Intel 386 or later, and compatibles CompanyName..............: Adobe Systems, Incorporated CodeSize.................: 290816 FileSubtype..............: 0 ProductVersionNumber.....: 3.0.0.1 EntryPoint...............: 0x26361 ObjectFileType...........: Dynamic link library Sigcheck publisher................: Adobe Systems, Incorporated product..................: Adobe PDF Reader Link Helper internal name............: linkreader.dll copyright................: 2006 (c) Adobe Systems. All rights reserved. original name............: linkreader.dll file version.............: 3.0.0.1 Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 288759 290816 6.65 0869bcfa047769deab2dff990104d46b .rdata 294912 53398 57344 5.50 fda19bb293a08536faf142f48c90e25e .data 352256 16016 8192 3.96 08685499503ba4b9897f58f80b38e094 .rsrc 368640 9152 12288 3.51 3268c95822b3024d100ece4dd13f1750 .reloc 380928 13918 16384 6.10 1af650d39e1741cbae5a6c4f546b0dd5 PE Imports....................: gdiplus.dll GdipSaveImageToFile, GdipCloneImage, GdiplusShutdown, GdiplusStartup, GdipGetImageEncoders, GdipFree, GdipAlloc, GdipDisposeImage, GdipCreateBitmapFromScan0, GdipCreateBitmapFromHBITMAP, GdipGetImageEncodersSize GDI32.dll CreateDIBSection, GetDIBColorTable, GetObjectW, StretchBlt, SelectObject, DeleteDC, CreateCompatibleDC, DeleteObject ADVAPI32.dll RegEnumKeyExW, RegQueryInfoKeyW, RegQueryValueExW, RegOpenKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegSetValueExW, RegCloseKey KERNEL32.dll GetVersionExW, InterlockedIncrement, InterlockedDecrement, GetModuleFileNameW, WideCharToMultiByte, GetLastError, GetProcAddress, LoadLibraryW, lstrcmpiW, CreateFileW, VirtualQuery, FlushFileBuffers, FreeLibrary, LoadLibraryExW, GetModuleHandleW, GetFileAttributesW, GetCurrentProcessId, DeleteFileA, GetTempPathA, GetTempFileNameW, lstrcpyA, lstrlenA, OpenMutexW, GetFileAttributesA, FileTimeToDosDateTime, FileTimeToLocalFileTime, GetFileInformationByHandle, InterlockedExchangeAdd, DuplicateHandle, GetCurrentProcess, OpenProcess, GetModuleFileNameA, GlobalUnlock, GlobalLock, Sleep, CreateMutexW, SetFilePointer, ReadFile, FindClose, FindNextFileW, FindFirstFileW, InterlockedExchange, SetEnvironmentVariableA, CompareStringW, CompareStringA, SetEndOfFile, GetLocaleInfoW, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, LoadLibraryA, SetConsoleCtrlHandler, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, lstrcpynA, lstrcatA, GetModuleHandleA, CreateFileA, WriteFile, CloseHandle, lstrlenW, MultiByteToWideChar, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrcmpW, GetTimeZoneInformation, GetDateFormatA, GetTimeFormatA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, TlsSetValue, TlsAlloc, TlsGetValue, GetCommandLineA, GetCurrentThreadId, GetSystemInfo, VirtualAlloc, VirtualProtect, GetSystemTimeAsFileTime, GetConsoleMode, GetConsoleCP, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, GetVersionExA, GetThreadLocale, GetStartupInfoA, SetHandleCount, GetFileType, LCMapStringW, LCMapStringA, GetOEMCP, GetCPInfo, GetStdHandle, HeapCreate, VirtualFree, FatalAppExitA, ExitProcess, GetCurrentThread, SetLastError, GetLocaleInfoA, GetACP, TlsFree OLEAUT32.dll -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - SHELL32.dll SHGetSpecialFolderPathW ole32.dll CoTaskMemFree, CoTaskMemRealloc, CoTaskMemAlloc, CoCreateInstance SHLWAPI.dll PathFindExtensionW USER32.dll SetWindowLongW, GetParent, GetClassNameW, SetTimer, GetWindowLongW, EnumWindows, CharNextW, FindWindowExW, GetWindowThreadProcessId, KillTimer, GetWindow, GetTopWindow, CallWindowProcW, RegisterWindowMessageW, SendMessageW, UnhookWindowsHookEx, UnregisterClassA, PtInRect, GetKeyboardLayout MSIMG32.dll TransparentBlt, AlphaBlend PE Exports....................: D, l, l, C, a, n, U, n, l, o, a, d, N, o, w, ,, , D, l, l, G, e, t, C, l, a, s, s, O, b, j, e, c, t, ,, , D, l, l, R, e, g, i, s, t, e, r, S, e, r, v, e, r, ,, , D, l, l, U, n, r, e, g, i, s, t, e, r, S, e, r, v, e, r First seen by VirusTotal 2012-02-29 11:37:46 UTC ( 1 Minute ago ) Last seen by VirusTotal 2012-02-29 11:37:46 UTC ( 1 Minute ago ) File names (max. 25) 1. AcroIEHelpe.dll |
29.02.2012, 12:41 | #12 |
| Hilfe Virus eingefangen: Windows blockiert! 4.) SHA256: 7bb8f39c547b43ec3f64cef5120b56ca240a0f00092eef7614e9947974d59ca0 SHA1: b1ab2963d2a73143eacd0f31a6df49e7f2c1dcd9 MD5: 06bb6157cdf162709d42b07a1f41625e File size: 52.1 KB ( 53328 bytes ) File name: appconf32.exe File type: Win32 EXE Detection ratio: 7 / 43 Analysis date: 2012-02-29 11:39:49 UTC ( 0 Minuten ago ) 0 0 Antivirus Result Update AhnLab-V3 - 20120228 AntiVir - 20120229 Antiy-AVL - 20120229 Avast Win32:Crypt-LPU [Trj] 20120228 AVG - 20120229 BitDefender - 20120229 ByteHero - 20120225 CAT-QuickHeal - 20120229 ClamAV - 20120229 Commtouch - 20120229 Comodo TrojWare.Win32.Trojan.Agent.Gen 20120229 DrWeb - 20120229 Emsisoft Trojan-Banker.Win32.Agent!IK 20120229 eSafe - 20120227 eTrust-Vet - 20120229 F-Prot - 20120228 F-Secure - 20120229 Fortinet - 20120229 GData Win32:Crypt-LPU 20120229 Ikarus Trojan-Banker.Win32.Agent 20120229 Jiangmin Trojan/Jorik.awvb 20120228 K7AntiVirus - 20120228 Kaspersky Trojan-Banker.Win32.Agent.hkk 20120229 McAfee - 20120229 McAfee-GW-Edition - 20120229 Microsoft - 20120229 NOD32 - 20120229 Norman - 20120228 nProtect - 20120229 Panda - 20120228 PCTools - 20120228 Prevx - 20120229 Rising - 20120228 Sophos - 20120229 SUPERAntiSpyware - 20120229 Symantec - 20120229 TheHacker - 20120228 TrendMicro - 20120229 TrendMicro-HouseCall - 20120229 VBA32 - 20120228 VIPRE - 20120229 ViRobot - 20120229 VirusBuster - 20120229 * Comments * Additional information No comments More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community An error occurred ssdeep 768:jr7zmoPT85Z8w/Plslnn9ARdpHGAXmDCfdaV+72kPVddG9t9dnq4t8CNre:j/BPQSamneRdxBQsce2kV6tTq4t8V TrID Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:02:28 08:55:06+01:00 FileType.................: Win32 EXE PEType...................: PE32 CodeSize.................: 1024 LinkerVersion............: 5.12 EntryPoint...............: 0x1000 InitializedDataSize......: 51200 SubsystemVersion.........: 4.0 ImageVersion.............: 0.0 OSVersion................: 4.0 UninitializedDataSize....: 0 Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 821 1024 5.57 cd37e515e8813778f6f7764a54880210 .data 8192 1024 0 0.00 d41d8cd98f00b204e9800998ecf8427e ridata 12288 16 512 0.20 5cbe31f6694b1a1b7bd8779246ad0742 rxdata 16384 16 512 0.20 27f08c59164bdca7e23e8d1b7d51afc9 kldata 20480 16 512 0.20 f2d555ce6b629fb7fcab0f49a86e27ed rvdata 24576 48128 48128 6.46 ca67942fcc9489fb5acdcd96b3650912 .rsrc 73728 16 512 0.00 bf619eac0cdf3f68d496ea9344137e8b First seen by VirusTotal 2012-02-29 11:39:49 UTC ( 0 Minuten ago ) Last seen by VirusTotal 2012-02-29 11:39:49 UTC ( 0 Minuten ago ) File names (max. 25) 1. appconf32.exe Ist das okay so? Habe ich alles richtig gemacht? |
29.02.2012, 12:45 | #13 |
| Hilfe Virus eingefangen: Windows blockiert! Hier vom ersten nochmal die komplette Analyse. Ich hatte nur das unter additional info kopiert: SHA256: aa0a8d34d3721d31429186e842099d378290f8c6bccb6a5ae1859c868cef0937 SHA1: acf4d9fbbd8c79b5da7d91ecdb49743693a1ddc9 MD5: 83cb5caac3c97efc702db47ccb82f31b File size: 5.4 KB ( 5528 bytes ) File name: BAcroIEHelpe.dll File type: Win32 DLL Detection ratio: 0 / 43 Analysis date: 2012-02-29 11:42:51 UTC ( 1 Minute ago ) 0 0 Antivirus Result Update AhnLab-V3 - 20120228 AntiVir - 20120229 Antiy-AVL - 20120229 Avast - 20120228 AVG - 20120229 BitDefender - 20120229 ByteHero - 20120225 CAT-QuickHeal - 20120229 ClamAV - 20120229 Commtouch - 20120229 Comodo - 20120229 DrWeb - 20120229 Emsisoft - 20120229 eSafe - 20120227 eTrust-Vet - 20120229 F-Prot - 20120228 F-Secure - 20120229 Fortinet - 20120229 GData - 20120229 Ikarus - 20120229 Jiangmin - 20120228 K7AntiVirus - 20120228 Kaspersky - 20120229 McAfee - 20120229 McAfee-GW-Edition - 20120229 Microsoft - 20120229 NOD32 - 20120229 Norman - 20120228 nProtect - 20120229 Panda - 20120228 PCTools - 20120228 Prevx - 20120229 Rising - 20120228 Sophos - 20120229 SUPERAntiSpyware - 20120229 Symantec - 20120229 TheHacker - 20120228 TrendMicro - 20120229 TrendMicro-HouseCall - 20120229 VBA32 - 20120228 VIPRE - 20120229 ViRobot - 20120229 VirusBuster - 20120229 * Comments * Additional information No comments More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community An error occurred ssdeep 48:yaCoWHpadMvN+xYs9n0cKsBZqCyAXkTgNxHr2360MnanaWmwQOXjTYq:2+dMQxnbjqChUTyHr21MnanaW5jTY TrID Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:02:27 09:44:53+01:00 FileType.................: Win32 DLL PEType...................: PE32 CodeSize.................: 1024 LinkerVersion............: 5.12 EntryPoint...............: 0x1000 InitializedDataSize......: 3072 SubsystemVersion.........: 4.0 ImageVersion.............: 0.0 OSVersion................: 4.0 UninitializedDataSize....: 0 Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 834 1024 5.24 4921302b047da473a10dbbfc5347da68 .rdata 8192 537 1024 2.58 d536aef567291ab00218c0e68677337e .data 12288 1185 512 2.01 097edba434214dc1467a46eaa7506b69 .reloc 16384 112 512 1.41 882028edddc0a9be61e4094328980ac8 PE Imports....................: advapi32.dll RegCloseKey kernel32.dll GetModuleFileNameA, GetModuleHandleA, VirtualProtect, lstrcmpiA, lstrlenA shlwapi.dll SHCopyKeyW user32.dll SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx PE Exports....................: C, l, o, s, e, G, u, a, r, d, ,, , S, e, t, G, u, a, r, d First seen by VirusTotal 2012-02-27 13:29:25 UTC ( 1 Tag, 22 Stunden ago ) Last seen by VirusTotal 2012-02-29 11:05:24 UTC ( 37 Minuten ago ) File names (max. 25) 1. BAcroIEHelpe.dll 2. file-3603090_dll 3. BAcroIEHelpe079.dll 4. 8903B96E987B8B1F15C4006A13EF050086200C46.dll |
29.02.2012, 12:49 | #14 |
| Hilfe Virus eingefangen: Windows blockiert! So, bin nun bei Schritt 2. Hier ist das Ergebnis des OTL Scans: Error: Unable to interpret <SHA256: aa0a8d34d3721d31429186e842099d378290f8c6bccb6a5ae1859c868cef0937> in the current context! Error: Unable to interpret <SHA1: acf4d9fbbd8c79b5da7d91ecdb49743693a1ddc9> in the current context! Error: Unable to interpret <MD5: 83cb5caac3c97efc702db47ccb82f31b> in the current context! Error: Unable to interpret <File size: 5.4 KB ( 5528 bytes )> in the current context! Error: Unable to interpret <File name: BAcroIEHelpe.dll> in the current context! Error: Unable to interpret <File type: Win32 DLL> in the current context! Error: Unable to interpret <Detection ratio: 0 / 43> in the current context! Error: Unable to interpret <Analysis date: 2012-02-29 11:42:51 UTC ( 1 Minute ago )> in the current context! Error: Unable to interpret <0> in the current context! Error: Unable to interpret <0> in the current context! Error: Unable to interpret <Antivirus Result Update> in the current context! Error: Unable to interpret <AhnLab-V3 - 20120228> in the current context! Error: Unable to interpret <AntiVir - 20120229> in the current context! Error: Unable to interpret <Antiy-AVL - 20120229> in the current context! Error: Unable to interpret <Avast - 20120228> in the current context! Error: Unable to interpret <AVG - 20120229> in the current context! Error: Unable to interpret <BitDefender - 20120229> in the current context! Error: Unable to interpret <ByteHero - 20120225> in the current context! Error: Unable to interpret <CAT-QuickHeal - 20120229> in the current context! Error: Unable to interpret <ClamAV - 20120229> in the current context! Error: Unable to interpret <Commtouch - 20120229> in the current context! Error: Unable to interpret <Comodo - 20120229> in the current context! Error: Unable to interpret <DrWeb - 20120229> in the current context! Error: Unable to interpret <Emsisoft - 20120229> in the current context! Error: Unable to interpret <eSafe - 20120227> in the current context! Error: Unable to interpret <eTrust-Vet - 20120229> in the current context! Error: Unable to interpret <F-Prot - 20120228> in the current context! Error: Unable to interpret <F-Secure - 20120229> in the current context! Error: Unable to interpret <Fortinet - 20120229> in the current context! Error: Unable to interpret <GData - 20120229> in the current context! Error: Unable to interpret <Ikarus - 20120229> in the current context! Error: Unable to interpret <Jiangmin - 20120228> in the current context! Error: Unable to interpret <K7AntiVirus - 20120228> in the current context! Error: Unable to interpret <Kaspersky - 20120229> in the current context! Error: Unable to interpret <McAfee - 20120229> in the current context! Error: Unable to interpret <McAfee-GW-Edition - 20120229> in the current context! Error: Unable to interpret <Microsoft - 20120229> in the current context! Error: Unable to interpret <NOD32 - 20120229> in the current context! Error: Unable to interpret <Norman - 20120228> in the current context! Error: Unable to interpret <nProtect - 20120229> in the current context! Error: Unable to interpret <Panda - 20120228> in the current context! Error: Unable to interpret <PCTools - 20120228> in the current context! Error: Unable to interpret <Prevx - 20120229> in the current context! Error: Unable to interpret <Rising - 20120228> in the current context! Error: Unable to interpret <Sophos - 20120229> in the current context! Error: Unable to interpret <SUPERAntiSpyware - 20120229> in the current context! Error: Unable to interpret <Symantec - 20120229> in the current context! Error: Unable to interpret <TheHacker - 20120228> in the current context! Error: Unable to interpret <TrendMicro - 20120229> in the current context! Error: Unable to interpret <TrendMicro-HouseCall - 20120229> in the current context! Error: Unable to interpret <VBA32 - 20120228> in the current context! Error: Unable to interpret <VIPRE - 20120229> in the current context! Error: Unable to interpret <ViRobot - 20120229> in the current context! Error: Unable to interpret <VirusBuster - 20120229> in the current context! Error: Unable to interpret < * Comments> in the current context! Error: Unable to interpret < * Additional information> in the current context! Error: Unable to interpret <No comments> in the current context! Error: Unable to interpret <More comments> in the current context! Error: Unable to interpret <Leave your comment...> in the current context! Error: Unable to interpret <?> in the current context! Error: Unable to interpret <Rich Text Area> in the current context! Error: Unable to interpret <Toolbar> in the current context! Error: Unable to interpret < Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) > in the current context! Error: Unable to interpret <StylesStyles ▼> in the current context! Error: Unable to interpret < Remove Formatting > in the current context! Error: Unable to interpret <Post comment> in the current context! Error: Unable to interpret <You have not signed in. Only registered users can leave comments, sign in and have a voice!> in the current context! Error: Unable to interpret <Sign in Join the community> in the current context! Error: Unable to interpret <An error occurred> in the current context! Error: Unable to interpret <ssdeep> in the current context! Error: Unable to interpret <48:yaCoWHpadMvN+xYs9n0cKsBZqCyAXkTgNxHr2360MnanaWmwQOXjTYq:2+dMQxnbjqChUTyHr21MnanaW5jTY> in the current context! Error: Unable to interpret <TrID> in the current context! Error: Unable to interpret <Generic Win/DOS Executable (49.9%)> in the current context! Error: Unable to interpret <DOS Executable Generic (49.8%)> in the current context! Error: Unable to interpret <Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)> in the current context! Error: Unable to interpret <ExifTool> in the current context! Error: Unable to interpret <MIMEType.................: application/octet-stream> in the current context! Error: Unable to interpret <Subsystem................: Windows GUI> in the current context! Error: Unable to interpret <MachineType..............: Intel 386 or later, and compatibles> in the current context! Error: Unable to interpret <TimeStamp................: 2012:02:27 09:44:53+01:00> in the current context! Error: Unable to interpret <FileType.................: Win32 DLL> in the current context! Error: Unable to interpret <PEType...................: PE32> in the current context! Error: Unable to interpret <CodeSize.................: 1024> in the current context! Error: Unable to interpret <LinkerVersion............: 5.12> in the current context! Error: Unable to interpret <EntryPoint...............: 0x1000> in the current context! Error: Unable to interpret <InitializedDataSize......: 3072> in the current context! Error: Unable to interpret <SubsystemVersion.........: 4.0> in the current context! Error: Unable to interpret <ImageVersion.............: 0.0> in the current context! Error: Unable to interpret <OSVersion................: 4.0> in the current context! Error: Unable to interpret <UninitializedDataSize....: 0> in the current context! Error: Unable to interpret <Portable Executable structural information> in the current context! Error: Unable to interpret <PE Sections...................:> in the current context! Error: Unable to interpret <Name Virtual Address Virtual Size Raw Size Entropy MD5> in the current context! Error: Unable to interpret <.text 4096 834 1024 5.24 4921302b047da473a10dbbfc5347da68> in the current context! Error: Unable to interpret <.rdata 8192 537 1024 2.58 d536aef567291ab00218c0e68677337e> in the current context! Error: Unable to interpret <.data 12288 1185 512 2.01 097edba434214dc1467a46eaa7506b69> in the current context! Error: Unable to interpret <.reloc 16384 112 512 1.41 882028edddc0a9be61e4094328980ac8> in the current context! Error: Unable to interpret <PE Imports....................:> in the current context! Error: Unable to interpret <advapi32.dll> in the current context! Error: Unable to interpret < RegCloseKey> in the current context! Error: Unable to interpret <kernel32.dll> in the current context! Error: Unable to interpret < GetModuleFileNameA, GetModuleHandleA, VirtualProtect, lstrcmpiA, lstrlenA> in the current context! Error: Unable to interpret <shlwapi.dll> in the current context! Error: Unable to interpret < SHCopyKeyW> in the current context! Error: Unable to interpret <user32.dll> in the current context! Error: Unable to interpret < SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx> in the current context! Error: Unable to interpret <PE Exports....................:> in the current context! Error: Unable to interpret <C, l, o, s, e, G, u, a, r, d, ,, , S, e, t, G, u, a, r, d> in the current context! Error: Unable to interpret <First seen by VirusTotal> in the current context! Error: Unable to interpret <2012-02-27 13:29:25 UTC ( 1 Tag, 22 Stunden ago )> in the current context! Error: Unable to interpret <Last seen by VirusTotal> in the current context! Error: Unable to interpret <2012-02-29 11:05:24 UTC ( 37 Minuten ago )> in the current context! Error: Unable to interpret <File names (max. 25)> in the current context! Error: Unable to interpret < 1. BAcroIEHelpe.dll> in the current context! Error: Unable to interpret < 2. file-3603090_dll> in the current context! Error: Unable to interpret < 3. BAcroIEHelpe079.dll> in the current context! Error: Unable to interpret < 4. 8903B96E987B8B1F15C4006A13EF050086200C46.dll> in the current context! OTL by OldTimer - Version 3.2.33.2 log created on 02292012_124727 |
29.02.2012, 13:45 | #15 |
| Hilfe Virus eingefangen: Windows blockiert! Hi, der Fix hat nicht funktioniert, du musst den kompletten Inhalt der Codebox in das OTL-Fenster unter Custom Scan/Fixes kopieren und dann den Button Run fix klicken... Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. O4 - HKCU..\Run: [SkypeM] C:\Users\Yahya\AppData\Local\Skype\Skype.exe (Fearghus & Mitchell Co.) O4 - HKCU..\Run: [Userinit] C:\Users\Yahya\AppData\Roaming\appconf32.exe () O32 - AutoRun File - [2008.06.02 23:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{12e45d0c-aba9-11de-b4c2-82379398e654}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL O33 - MountPoints2\{a476124f-9fd1-11de-b1d3-a43c4364def5}\Shell - "" = AutoRun O33 - MountPoints2\{a476124f-9fd1-11de-b1d3-a43c4364def5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a4761271-9fd1-11de-b1d3-a43c4364def5}\Shell - "" = AutoRun O33 - MountPoints2\{a4761271-9fd1-11de-b1d3-a43c4364def5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a476128d-9fd1-11de-b1d3-a43c4364def5}\Shell - "" = AutoRun O33 - MountPoints2\{a476128d-9fd1-11de-b1d3-a43c4364def5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b5f24b19-a826-11de-b93d-d9244b3cf710}\Shell - "" = AutoRun O33 - MountPoints2\{b5f24b19-a826-11de-b93d-d9244b3cf710}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b5f24b1c-a826-11de-b93d-d9244b3cf710}\Shell - "" = AutoRun O33 - MountPoints2\{b5f24b1c-a826-11de-b93d-d9244b3cf710}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9157f82-61bb-11df-b85a-b03a80523b67}\Shell\AutoRun\command - "" = D:\Launcher.exe O33 - MountPoints2\{ccb75be1-9eb4-11de-b5ed-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ccb75be1-9eb4-11de-b5ed-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e0daaf0c-dab1-11de-b67f-b8519259bcf8}\Shell - "" = AutoRun O33 - MountPoints2\{e0daaf0c-dab1-11de-b67f-b8519259bcf8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence [2012.02.28 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\Yahya\AppData\Roaming\01009 [2012.02.28 18:49:43 | 000,390,552 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Yahya\AppData\Roaming\AcroIEHelpe.dll [2012.02.28 18:49:43 | 000,390,552 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Yahya\AppData\Roaming\AcroIEHelpe.dll [2012.02.28 18:49:43 | 000,005,528 | ---- | C] () -- C:\Users\Yahya\AppData\Roaming\BAcroIEHelpe.dll [2012.02.28 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\Yahya\AppData\Roaming\xmldm [2012.02.28 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Yahya\AppData\Roaming\kock [2012.02.28 23:45:40 | 000,000,080 | ---- | M] () -- C:\Users\Yahya\AppData\Roaming\blckdom.res [2010.09.07 13:06:04 | 000,000,162 | -H-- | M] ()(C:\Users\Yahya\Desktop\~$???????? ??????????? ??????? ??????.docx) -- C:\Users\Yahya\Desktop\~$رَّحِيمِ الرَّحْمَنِ اللَّهِ بِسْمِ.docx [2010.09.07 13:06:04 | 000,000,162 | -H-- | C] ()(C:\Users\Yahya\Desktop\~$???????? ??????????? ??????? ??????.docx) -- C:\Users\Yahya\Desktop\~$رَّحِيمِ الرَّحْمَنِ اللَّهِ بِسْمِ.docx :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = dword:0x00 :Commands [emptytemp] [Reboot]
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
Themen zu Hilfe Virus eingefangen: Windows blockiert! |
abgesicherten, avira, blockiert, brauche, dringend, empfangen, firefox, gen, internet, meldung, problem, rechner, scan, scanner, seite, sicherheitssystem, starten, trojaner, trojaner board, verseucht, virenscanner, virus, vista, windows, windows blockiert, windows vista |