| |
| |||||||
Log-Analyse und Auswertung: EXP/CVE-2012-0507 in Quarantäne verschoben! Weitere Schritte notwendig?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.04.2012, 16:17
| #1 |
 |  EXP/CVE-2012-0507 in Quarantäne verschoben! Weitere Schritte notwendig? Hi, ich bin neu hier und habe ein Problem mit einem Virus/Trojaner. Angefangen hat es, als im Hintergrund Radio und komische Musik zuhören war, obwohl ich von mir aus keine Musik oder Videos abgespielt habe. Daraufhin, habe ich ein Virenscan mit AVIRA gestartet und er zeigte mir folgenden Virenfund an: EXP/CVE-2012-0507 Diesen habe ich in die Quarantäne verschoben. Meine Frage lautet nun, ob noch weitere Schritte wie z.B. formatieren notwendig sind, ich hoffe jedoch, dass ich um so etwas drum rum kommen werde  Vielen Dank im Voraus! Mfg Dennis . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by DENNIS42 at 16:29:26 on 2012-04-19 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1022.435 [GMT 2:00] . AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\conime.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_S9DF6.tmp" /EF "HKCU" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [AVMWlanClient] c:\program files\avmwlanstick\FRITZWLANMini.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [ISW] mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [ Malwarebytes Anti-Malware ] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\dennis42\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{69401DC2-7466-4C3E-A7CD-5647BD7C4A3B} : DhcpNameServer = 192.168.2.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\dennis42\appdata\roaming\mozilla\firefox\profiles\19rs04b7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-28 36000] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-1-28 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-1-28 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-28 74640] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-1-29 21504] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-19 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-19 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088] S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352] S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2012-1-28 264704] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-04-19 13:17:16 -------- d-----w- c:\users\dennis42\appdata\roaming\Malwarebytes 2012-04-19 13:17:00 -------- d-----w- c:\programdata\Malwarebytes 2012-04-19 13:16:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-19 13:16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-17 11:00:35 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a545b5f0-66ad-4b40-8f89-40715cb76176}\mpengine.dll 2012-04-11 20:19:54 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 20:19:54 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 20:19:54 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 20:19:54 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 20:19:38 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 20:19:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 09:03:41 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-04-08 10:04:29 -------- d-----w- c:\program files\JDownloader 2012-04-06 12:52:27 -------- d-----w- c:\program files\EA SPORTS 2012-04-04 08:59:52 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-03-21 17:03:48 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-21 17:03:48 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll . ==================== Find3M ==================== . 2012-04-15 11:46:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-24 16:07:17 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 10:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 10:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-01-30 13:36:16 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2012-01-30 13:35:36 4096 ----a-w- c:\windows\system32\drivers\de-de\dxgkrnl.sys.mui 2012-01-30 13:35:35 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-01-30 13:35:35 519680 ----a-w- c:\windows\system32\d3d11.dll 2012-01-30 13:35:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2012-01-30 13:35:35 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-01-30 13:35:35 252928 ----a-w- c:\windows\system32\dxdiag.exe 2012-01-30 13:35:35 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2012-01-30 13:35:35 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-01-29 20:10:29 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2012-01-29 20:10:15 82432 ----a-w- c:\windows\system32\axaltocm.dll 2012-01-29 12:45:41 45056 ----a-w- c:\windows\system32\drivers\de-de\http.sys.mui 2012-01-28 23:59:57 23552 ----a-w- c:\windows\system32\lpk.dll 2012-01-28 23:59:57 10240 ----a-w- c:\windows\system32\dciman32.dll 2012-01-28 23:54:11 61440 ----a-w- c:\windows\system32\winipsec.dll 2012-01-28 23:54:11 272896 ----a-w- c:\windows\system32\polstore.dll 2012-01-28 23:45:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2012-01-28 23:45:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2012-01-28 23:45:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2012-01-28 23:45:30 105984 ----a-w- c:\windows\system32\netiohlp.dll 2012-01-28 23:45:29 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2012-01-28 23:45:29 19968 ----a-w- c:\windows\system32\ARP.EXE 2012-01-28 23:45:29 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2012-01-28 23:45:29 10240 ----a-w- c:\windows\system32\finger.exe 2012-01-28 23:40:39 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2012-01-28 23:40:38 68096 ----a-w- c:\windows\system32\wlanhlp.dll 2012-01-28 23:40:38 65024 ----a-w- c:\windows\system32\wlanapi.dll 2012-01-28 23:40:38 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2012-01-28 23:40:37 513536 ----a-w- c:\windows\system32\wlansvc.dll 2012-01-28 23:40:37 302592 ----a-w- c:\windows\system32\wlansec.dll 2012-01-28 23:40:31 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs 2012-01-28 23:38:59 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-01-28 23:38:58 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-01-28 23:38:57 2048 ----a-w- c:\windows\system32\msxml6r.dll 2012-01-28 23:37:24 218624 ----a-w- c:\windows\system32\msv1_0.dll 2012-01-28 23:33:28 53248 ----a-w- c:\windows\system32\rrinstaller.exe 2012-01-28 23:33:28 24576 ----a-w- c:\windows\system32\mfpmp.exe 2012-01-28 23:33:28 2048 ----a-w- c:\windows\system32\mferror.dll 2012-01-28 23:25:31 71680 ----a-w- c:\windows\system32\atl.dll 2012-01-28 23:13:48 160256 ----a-w- c:\windows\system32\wkssvc.dll 2012-01-28 23:12:29 53248 ----a-w- c:\windows\system32\tsgqec.dll 2012-01-28 23:12:29 136192 ----a-w- c:\windows\system32\aaclient.dll 2012-01-28 23:07:26 714240 ----a-w- c:\windows\system32\timedate.cpl 2012-01-28 22:53:06 623616 ----a-w- c:\windows\system32\localspl.dll 2012-01-28 22:45:07 175104 ----a-w- c:\windows\system32\wdigest.dll 2012-01-28 22:45:06 499712 ----a-w- c:\windows\system32\kerberos.dll 2012-01-28 22:40:59 1965056 ----a-w- c:\windows\system32\NlsData001b.dll 2012-01-28 22:36:40 6656 ----a-w- c:\windows\system32\kbd106n.dll 2012-01-28 22:33:16 62464 ----a-w- c:\windows\system32\l3codeca.acm 2012-01-28 22:33:16 220672 ----a-w- c:\windows\system32\l3codecp.acm 2012-01-28 22:30:53 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2012-01-28 22:30:53 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-01-28 22:30:52 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS 2012-01-28 22:26:50 293376 ----a-w- c:\windows\system32\browserchoice.exe 2012-01-28 22:18:13 37888 ----a-w- c:\windows\system32\printcom.dll 2012-01-28 22:16:10 14848 ----a-w- c:\windows\system32\wshrm.dll 2012-01-28 22:14:38 43520 ----a-w- c:\windows\system32\msdxm.tlb 2012-01-28 22:14:38 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2012-01-28 22:14:38 18432 ----a-w- c:\windows\system32\amcompat.tlb 2012-01-28 22:14:35 7680 ----a-w- c:\windows\system32\spwmp.dll 2012-01-28 22:14:35 4096 ----a-w- c:\windows\system32\dxmasf.dll 2012-01-28 22:14:34 4096 ----a-w- c:\windows\system32\msdxm.ocx 2012-01-28 22:13:12 332288 ----a-w- c:\windows\system32\msdrm.dll 2012-01-28 22:13:11 471552 ----a-w- c:\windows\system32\secproc.dll 2012-01-28 22:13:11 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2012-01-28 22:13:11 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2012-01-28 22:13:11 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2012-01-28 22:13:11 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2012-01-28 22:13:10 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2012-01-28 22:13:10 518144 ----a-w- c:\windows\system32\RMActivate.exe 2012-01-28 22:13:10 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2012-01-28 21:13:54 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2012-01-28 21:12:25 84480 ----a-w- c:\windows\system32\INETRES.dll 2012-01-28 21:12:04 60928 ----a-w- c:\windows\system32\msasn1.dll 2012-01-28 21:11:06 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2012-01-28 21:10:20 411648 ----a-w- c:\windows\system32\drivers\http.sys 2012-01-28 21:10:20 30720 ----a-w- c:\windows\system32\httpapi.dll 2012-01-28 21:10:20 24064 ----a-w- c:\windows\system32\nshhttp.dll 2012-01-28 21:08:12 243712 ----a-w- c:\windows\system32\rastls.dll 2012-01-28 21:07:52 355328 ----a-w- c:\windows\system32\WSDApi.dll 2012-01-28 21:06:28 65024 ----a-w- c:\windows\system32\avicap32.dll 2012-01-28 21:06:28 123904 ----a-w- c:\windows\system32\msvfw32.dll 2012-01-28 21:06:27 91136 ----a-w- c:\windows\system32\avifil32.dll 2012-01-28 21:06:27 82944 ----a-w- c:\windows\system32\mciavi32.dll 2012-01-28 21:06:27 31744 ----a-w- c:\windows\system32\msvidc32.dll . ============= FINISH: 16:30:15,27 =============== |
| Themen zu EXP/CVE-2012-0507 in Quarantäne verschoben! Weitere Schritte notwendig? |
| acrobat update, adobe, adobe flash player, antivir, avira, defender, desktop, exp/cve-2012-0507, firefox, firewall, fontcache, frage, home, mozilla, musik, pdf, plug-in, scan, security, stick, svchost.exe, system, temp, usb, windows |
Baum-Darstellung