| |
| |||||||
Log-Analyse und Auswertung: Windows Verschlüsselungstrojaner Malware + ESET online Scanner LogWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.06.2012, 21:30
| #1 |
 |  Windows Verschlüsselungstrojaner Malware + ESET online Scanner Log Hallo Zusammen, auch ich habe leider eine Mail bekommen und die erst für echt gehalten und im Affekt den Anhang geöffnet. Ich sitze seit 4 1/2 Stunden am PC und durchforste unser Forum, komme aber leider nicht weiter, deswegen hoffe ich auf eure Hilfe. Ich habe bis jetzt zuerst einen Scan durchgeführt mit Malwarebytes Anti-Malware, der zwei Trojaner gefunden hat. Im zweiten Schritt habe ich den Eset Online Scanner genutzt. Gerade habe ich ein Problem mit der Verschlüsselung meiner Dateien. Der DecryptHelper 0.5.3. kann bei mir keinen Schlüßel generieren. Es wäre sehr nett, wenn man mir da weiterhelfen könnte, da ich an meiner Bachelorarbeit schreibe und ich derzeit keinen Zugriff darauf habe. (Werde mir in Zukunft ein Back-Up System bei mir einführen.) Zur Info: Ich benutze Win 7 64-Bit 1.) Malwarebyte Anti-Malware Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.11.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Cris :: CRIS-PC [Administrator] 11.06.2012 18:40:37 mbam-log-2012-06-11 (18-40-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 251570 Laufzeit: 7 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|847281CE (Trojan.Agent) -> Daten: C:\Users\Cris\AppData\Roaming\Ghrrynb\8CF393A8847281CE6551.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Cris\AppData\Roaming\Ghrrynb\8CF393A8847281CE6551.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=750c028c7c8b5c4ca1cd64198040b219
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-11 06:51:38
# local_time=2012-06-11 08:51:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 32174 91839508 0 0
# compatibility_mode=8192 67108863 100 0 153 153 0 0
# scanned=353678
# found=24
# cleaned=24
# scan_time=6860
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43296140-12e58071 a variant of Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\462d3f81-714c4ee6 Java/Exploit.CVE-2011-3544.X trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-358fa33b a variant of Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\65e4bdce-436c1d29 Java/Agent.DN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\88743cf-213c5927 Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\34a0ba42-766b2867 Java/Exploit.Agent.NAO trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\46f64b14-18b79fef multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\29d74f16-65865ba0 Java/Agent.DN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-6e0e4f07 a variant of Java/Agent.DM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\2474121b-1c16c826 Java/Exploit.CVE-2011-3544.AU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\21248e9d-6f545cc3 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7e30b3c3-574f8301 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\a2ba8de-4453b21b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\45d09521-18e592cd multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-58f099d5 Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\72503264-158ce69c Java/Agent.DJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\517555e6-7c467fd7 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6ac5daea-39c6bcde Java/Agent.DJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3b21af6c-4cc13572 a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7402b232-69da5583 a variant of Java/Agent.DP trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2aa71db6-70e7f497 Java/Exploit.Agent.NAO trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\16dbbcf7-619708cd a variant of Java/Agent.DM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5e44d8b8-267882d6 a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\Roaming\Ghrrynb\8CF393A8847281CE6551.exe Win32/Trustezeb.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Hier ist der Log, den ich als Admin ausgeführt habe. Vllt enthält er zusätzliche Infos: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=750c028c7c8b5c4ca1cd64198040b219
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-11 06:51:38
# local_time=2012-06-11 08:51:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 32174 91839508 0 0
# compatibility_mode=8192 67108863 100 0 153 153 0 0
# scanned=353678
# found=24
# cleaned=24
# scan_time=6860
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43296140-12e58071 a variant of Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\462d3f81-714c4ee6 Java/Exploit.CVE-2011-3544.X trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-358fa33b a variant of Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\65e4bdce-436c1d29 Java/Agent.DN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\88743cf-213c5927 Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\34a0ba42-766b2867 Java/Exploit.Agent.NAO trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\46f64b14-18b79fef multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\29d74f16-65865ba0 Java/Agent.DN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-6e0e4f07 a variant of Java/Agent.DM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\2474121b-1c16c826 Java/Exploit.CVE-2011-3544.AU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\21248e9d-6f545cc3 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7e30b3c3-574f8301 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\a2ba8de-4453b21b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\45d09521-18e592cd multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-58f099d5 Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\72503264-158ce69c Java/Agent.DJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\517555e6-7c467fd7 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6ac5daea-39c6bcde Java/Agent.DJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3b21af6c-4cc13572 a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7402b232-69da5583 a variant of Java/Agent.DP trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2aa71db6-70e7f497 Java/Exploit.Agent.NAO trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\16dbbcf7-619708cd a variant of Java/Agent.DM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5e44d8b8-267882d6 a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cris\AppData\Roaming\Ghrrynb\8CF393A8847281CE6551.exe Win32/Trustezeb.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=750c028c7c8b5c4ca1cd64198040b219
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-11 10:52:07
# local_time=2012-06-12 12:52:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 46445 91853779 0 0
# compatibility_mode=8192 67108863 100 0 14424 14424 0 0
# scanned=330997
# found=0
# cleaned=0
# scan_time=7018
|
| Themen zu Windows Verschlüsselungstrojaner Malware + ESET online Scanner Log |
| administrator, anti-malware, autostart, dateisystem, downloader, escan, explorer, forum, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, java, java/agent.dm, java/agent.dp, java/agent.dt, java/trojandownloader.agent.me, log, mail, malware, malwarebytes, microsoft, online, problem, rojaner gefunden, scan, software, system, trojan.agent, trojaner, trojaner gefunden, variant, verschlüsselung, windows, windows verschlüsselungstrojaner, windows verschlüsserungs trojaner entschlüsseln? |
Baum-Darstellung