![]() |
|
Log-Analyse und Auswertung: Cerber 4.0 Ransomware auf dem RechnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Cerber 4.0 Ransomware auf dem Rechner Hallo liebe Trojanerbekämpfer, heute Mittag hat mir doch glatt der Cerber 4.0 Virus meine Dateien verschlüsselt (dass es der Cerber 4 ist, habe ich hier durch Hochladen von zwei Beispielfiles gesagt bekommen: https://id-ransomware.malwarehunterteam.com/identify.php ) So weit so ärgerlich, aber die Daten, auf die es mir ankommt, hatte ich auf einer externen Platte vor drei Tagen gesichert. Wir brauchen also auf das, was sich jetzt noch auf Laufwerk C: befindet, keine große Rücksicht zu nehmen. Klar ist aber: bevor ich meine externe Festplatte mit der Sicherheitskopie wieder an den komprommittierten Rechner anschließe, will ich natürlich sicher sein, dass der Cerber weg ist, und auch keine Hintertüren offen gelassen hat. Malwarebytes konnte ich im ersten Anlauf nur in der alten Version starten, die sich bereits auf dem Rechner befand (126 Funde). Nach Neustart habe ich dann auf die aktuelle MBAM Version updaten können, die hat dann gleich nochmal 45 Sachen gefunden. MBAM (alte Version) Logfile: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27.10.2016 Scan Time: 17:37 Logfile: MBAM_2.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.04.28.05 Rootkit Database: v2015.04.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Admin Scan Type: Threat Scan Result: Completed Objects Scanned: 388861 Time Elapsed: 4 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 82 Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ACS.EXE, Quarantined, [74813c355b2f102683706f23fa0abf41], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVK.EXE, Quarantined, [797c93de3e4ca98de5e1474c01034db3], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKPROXY.EXE, Quarantined, [3abbafc2d2b8b87e2d9c761d49bb9d63], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKSERVICE.EXE, Quarantined, [777e5a175931c1756a630a897e8616ea], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKTRAY.EXE, Quarantined, [dc19007159315bdb5c721f748f755aa6], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BULLGUARD.EXE, Quarantined, [9362b9b8f694c27408ba330dc83cdc24], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CAVWP.EXE, Quarantined, [45b020514d3d80b6fdfd6c85f112a759], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CIS.EXE, Quarantined, [c62ffa773c4e47ef9368b14044bfa25e], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CISTRAY.EXE, Quarantined, [ae4781f07b0fe650827a1cd553b0b848], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMTRAY.EXE, Quarantined, [5c99d8995d2de056354ba0f432d239c7], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMWIN.EXE, Quarantined, [b144b5bc2b5f191d374a771df31141bf], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CMDAGENT.EXE, Quarantined, [b045beb357338fa709874c488d7754ac], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EMLPROXY.EXE, Quarantined, [ce270170fc8e20164eac464e74901ce4], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPAVSERVER.EXE, Quarantined, [f7fe31407515e0567cc065300cf818e8], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPROTTRAY.EXE, Quarantined, [886df77acbbf3006d669484d689cc23e], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPWIN.EXE, Quarantined, [50a5bcb51c6ed1659ba6e8ada85c35cb], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSGK32.EXE, Quarantined, [f9fcabc67d0d171f015599fc0bf96997], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSM32.EXE, Quarantined, [b4419bd657338fa75b00732208fcaa56], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSMA32.EXE, Quarantined, [52a3c6ab3159d85e80ddb2e3ca3abc44], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSSM32.EXE, Quarantined, [896c323fc4c674c2fb667c1961a36c94], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDXSERVICE.EXE, Quarantined, [5c99bdb4c6c47cbaf092d5c0b252a45c], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE, Quarantined, [af468ce5dfabfe386b18d542c34151af], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE, Quarantined, [06ef066bc5c545f1cad77e1834d00cf4], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPUXSRV.EXE, Quarantined, [8d685d14ee9c48ee87417f982ed6df21], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE, Quarantined, [688ded8465258ea8f6bd8d09679db050], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE, Quarantined, [1bda165baedc2c0aa91d851134d0ff01], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NBROWSER.EXE, Quarantined, [a94c7bf6d8b2f73f5e53467f818325db], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NPROSEC.EXE, Quarantined, [de17d79aee9c340255668a3bd034857b], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NVCOD.EXE, Quarantined, [d61f1e53d3b7d1653207c1d6fe06aa56], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ONLINENT.EXE, Quarantined, [da1b7001bdcdc2747fdcb1e60bf951af], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCEXP.EXE, Quarantined, [8b6a125fa9e177bf1fba1780aa5ae41c], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PSANHOST.EXE, Quarantined, [da1b5f129cee979f796ba3f4976d52ae], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QUHLPSVC.EXE, Quarantined, [03f2f081ee9ccb6b4bbfc7d1709428d8], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCANNER.EXE, Quarantined, [7b7a84edd6b4a09611638d0b4bb949b7], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCANWSCS.EXE, Quarantined, [4ea70e63bad085b116613266f21224dc], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, Quarantined, [36bfc6ab01891125b08a6d4492729967], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\USERACCOUNTCONTROLSETTINGS.EXE, Quarantined, [db1aadc43b4f38fe20b22f119e667e82], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VIRUSUTILITIES.EXE, Quarantined, [11e4f57c761411254f7200edc73d817f], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE, Quarantined, [bf3699d86327e155d9217cbd20e5837d], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZANDA.EXE, Quarantined, [20d5e19039515bdb799ab0ea9b69bb45], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLH.EXE, Quarantined, [f302c4ad22680036200292089f6528d8], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ACS.EXE, Quarantined, [5a9b2b467416bc7a945f088a669e649c], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVK.EXE, Quarantined, [d61f1a57fd8d95a10cbacdc65ca827d9], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKPROXY.EXE, Quarantined, [7a7b95dcf09a9c9ae6e393004aba06fa], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKSERVICE.EXE, Quarantined, [2cc9f37ec3c77abc408d91025da7ac54], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKTRAY.EXE, Quarantined, [ed086809098120169935246f9a6af20e], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BULLGUARD.EXE, Quarantined, [f104541d4e3c989eb50d83bdc04456aa], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CAVWP.EXE, Quarantined, [8b6a561b098196a0b5459f5252b1e917], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CIS.EXE, Quarantined, [c43189e8b5d540f6d4277e73d1323ec2], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CISTRAY.EXE, Quarantined, [52a3f47d03878ea874885998cd36966a], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMTRAY.EXE, Quarantined, [579ea7ca1377a492354b5a3af90bc739], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMWIN.EXE, Quarantined, [6f8676fbc0ca79bd552c8014b94b21df], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CMDAGENT.EXE, Quarantined, [4ea76a07a2e85fd7aae62d672dd7fb05], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EMLPROXY.EXE, Quarantined, [7e77c5ac602a1422d4265d373acaa060], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPAVSERVER.EXE, Quarantined, [f9fc96db8efc2b0b23197223ba4a4fb1], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPROTTRAY.EXE, Quarantined, [6c89a2cf3d4d5fd7aa95b2e39d6708f8], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPWIN.EXE, Quarantined, [84713d346b1fc1750140504501034db3], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSGK32.EXE, Quarantined, [f104650c7e0cd066c5919401f014827e], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSM32.EXE, Quarantined, [fcf982efb6d43bfbb4a7365fd3318f71], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSMA32.EXE, Quarantined, [8a6bbdb4355554e2d88544518b7942be], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSSM32.EXE, Quarantined, [23d25021bad072c4253c1a7b6c983dc3], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDXSERVICE.EXE, Quarantined, [ce27373a0e7ca294483a0095749020e0], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE, Quarantined, [25d01a57ed9d64d2e59e2ee940c425db], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE, Quarantined, [fcf9145d355591a55e431383669ef709], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPUXSRV.EXE, Quarantined, [01f4620f1278270f20a844d33dc75aa6], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE, Quarantined, [ee070a6767233ef8eac9fe98ce36f808], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE, Quarantined, [e70e7ff2afdbf442c303a6f01ce86e92], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NBROWSER.EXE, Quarantined, [db1a2c45bdcdfb3b357ce8dd7b89ed13], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NPROSEC.EXE, Quarantined, [db1aaec3870313237645e7deeb1917e9], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NVCOD.EXE, Quarantined, [21d4c1b0ddad0531f6430b8cc83ca759], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ONLINENT.EXE, Quarantined, [ec09254c90facf67da81a4f339cb2cd4], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCEXP.EXE, Quarantined, [b73ee98856343ff77465ff9855af36ca], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PSANHOST.EXE, Quarantined, [c92c6d047b0f76c070748b0c0ef6a55b], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QUHLPSVC.EXE, Quarantined, [2bca21503d4d52e4927842563cc80df3], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCANNER.EXE, Quarantined, [ae470e631a701f17bcb8c1d7956fb050], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCANWSCS.EXE, Quarantined, [05f06b062b5fbf779cdb1484e1236799], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, Quarantined, [75801e53b8d2d95d89b18031c242ba46], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\USERACCOUNTCONTROLSETTINGS.EXE, Quarantined, [fbfaacc5a3e701354d8520205aaa6f91], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VIRUSUTILITIES.EXE, Quarantined, [94611a577e0cac8a744dcd207c889c64], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE, Quarantined, [fdf84d24c5c542f464967dbc6d98c13f], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZANDA.EXE, Quarantined, [63927af7f595cf6747cc1486fb093dc3], Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLH.EXE, Quarantined, [8b6a84ed3456082e7da58f0bbd4717e9], Registry Values: 84 Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ACS.EXE|debugger, svchost.exe, Quarantined, [74813c355b2f102683706f23fa0abf41] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVK.EXE|debugger, svchost.exe, Quarantined, [797c93de3e4ca98de5e1474c01034db3] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKPROXY.EXE|debugger, svchost.exe, Quarantined, [3abbafc2d2b8b87e2d9c761d49bb9d63] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKSERVICE.EXE|debugger, svchost.exe, Quarantined, [777e5a175931c1756a630a897e8616ea] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKTRAY.EXE|debugger, svchost.exe, Quarantined, [dc19007159315bdb5c721f748f755aa6] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BULLGUARD.EXE|debugger, svchost.exe, Quarantined, [9362b9b8f694c27408ba330dc83cdc24] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CAVWP.EXE|debugger, svchost.exe, Quarantined, [45b020514d3d80b6fdfd6c85f112a759] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CIS.EXE|debugger, svchost.exe, Quarantined, [c62ffa773c4e47ef9368b14044bfa25e] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CISTRAY.EXE|debugger, svchost.exe, Quarantined, [ae4781f07b0fe650827a1cd553b0b848] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMTRAY.EXE|debugger, svchost.exe, Quarantined, [5c99d8995d2de056354ba0f432d239c7] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMWIN.EXE|debugger, svchost.exe, Quarantined, [b144b5bc2b5f191d374a771df31141bf] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CMDAGENT.EXE|debugger, svchost.exe, Quarantined, [b045beb357338fa709874c488d7754ac] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EMLPROXY.EXE|debugger, svchost.exe, Quarantined, [ce270170fc8e20164eac464e74901ce4] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPAVSERVER.EXE|debugger, svchost.exe, Quarantined, [f7fe31407515e0567cc065300cf818e8] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPROTTRAY.EXE|debugger, svchost.exe, Quarantined, [886df77acbbf3006d669484d689cc23e] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPWIN.EXE|debugger, svchost.exe, Quarantined, [50a5bcb51c6ed1659ba6e8ada85c35cb] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSGK32.EXE|debugger, svchost.exe, Quarantined, [f9fcabc67d0d171f015599fc0bf96997] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSM32.EXE|debugger, svchost.exe, Quarantined, [b4419bd657338fa75b00732208fcaa56] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSMA32.EXE|debugger, svchost.exe, Quarantined, [52a3c6ab3159d85e80ddb2e3ca3abc44] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSSM32.EXE|debugger, svchost.exe, Quarantined, [896c323fc4c674c2fb667c1961a36c94] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDXSERVICE.EXE|debugger, svchost.exe, Quarantined, [5c99bdb4c6c47cbaf092d5c0b252a45c] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE|debugger, svchost.exe, Quarantined, [af468ce5dfabfe386b18d542c34151af] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE|debugger, svchost.exe, Quarantined, [06ef066bc5c545f1cad77e1834d00cf4] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPUXSRV.EXE|debugger, svchost.exe, Quarantined, [8d685d14ee9c48ee87417f982ed6df21] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE|debugger, svchost.exe, Quarantined, [688ded8465258ea8f6bd8d09679db050] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE|debugger, svchost.exe, Quarantined, [1bda165baedc2c0aa91d851134d0ff01] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NBROWSER.EXE|debugger, svchost.exe, Quarantined, [a94c7bf6d8b2f73f5e53467f818325db] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NPROSEC.EXE|debugger, svchost.exe, Quarantined, [de17d79aee9c340255668a3bd034857b] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NVCOD.EXE|debugger, svchost.exe, Quarantined, [d61f1e53d3b7d1653207c1d6fe06aa56] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ONLINENT.EXE|debugger, svchost.exe, Quarantined, [da1b7001bdcdc2747fdcb1e60bf951af] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCEXP.EXE|debugger, svchost.exe, Quarantined, [8b6a125fa9e177bf1fba1780aa5ae41c] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PSANHOST.EXE|debugger, svchost.exe, Quarantined, [da1b5f129cee979f796ba3f4976d52ae] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QUHLPSVC.EXE|debugger, svchost.exe, Quarantined, [03f2f081ee9ccb6b4bbfc7d1709428d8] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCANNER.EXE|debugger, svchost.exe, Quarantined, [7b7a84edd6b4a09611638d0b4bb949b7] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCANWSCS.EXE|debugger, svchost.exe, Quarantined, [4ea70e63bad085b116613266f21224dc] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE|debugger, svchost.exe, Quarantined, [36bfc6ab01891125b08a6d4492729967] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TASKMGR.EXE|debugger, svchost.exe, Quarantined, [8b6a2948bbcff5410cfe20793fc554ac] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\USERACCOUNTCONTROLSETTINGS.EXE|debugger, svchost.exe, Quarantined, [db1aadc43b4f38fe20b22f119e667e82] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VIRUSUTILITIES.EXE|debugger, svchost.exe, Quarantined, [11e4f57c761411254f7200edc73d817f] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE|debugger, svchost.exe, Quarantined, [bf3699d86327e155d9217cbd20e5837d] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZANDA.EXE|debugger, svchost.exe, Quarantined, [20d5e19039515bdb799ab0ea9b69bb45] Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLH.EXE|debugger, svchost.exe, Quarantined, [f302c4ad22680036200292089f6528d8] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ACS.EXE|debugger, svchost.exe, Quarantined, [5a9b2b467416bc7a945f088a669e649c] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVK.EXE|debugger, svchost.exe, Quarantined, [d61f1a57fd8d95a10cbacdc65ca827d9] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKPROXY.EXE|debugger, svchost.exe, Quarantined, [7a7b95dcf09a9c9ae6e393004aba06fa] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKSERVICE.EXE|debugger, svchost.exe, Quarantined, [2cc9f37ec3c77abc408d91025da7ac54] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVKTRAY.EXE|debugger, svchost.exe, Quarantined, [ed086809098120169935246f9a6af20e] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BULLGUARD.EXE|debugger, svchost.exe, Quarantined, [f104541d4e3c989eb50d83bdc04456aa] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CAVWP.EXE|debugger, svchost.exe, Quarantined, [8b6a561b098196a0b5459f5252b1e917] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CIS.EXE|debugger, svchost.exe, Quarantined, [c43189e8b5d540f6d4277e73d1323ec2] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CISTRAY.EXE|debugger, svchost.exe, Quarantined, [52a3f47d03878ea874885998cd36966a] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMTRAY.EXE|debugger, svchost.exe, Quarantined, [579ea7ca1377a492354b5a3af90bc739] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMWIN.EXE|debugger, svchost.exe, Quarantined, [6f8676fbc0ca79bd552c8014b94b21df] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CMDAGENT.EXE|debugger, svchost.exe, Quarantined, [4ea76a07a2e85fd7aae62d672dd7fb05] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EMLPROXY.EXE|debugger, svchost.exe, Quarantined, [7e77c5ac602a1422d4265d373acaa060] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPAVSERVER.EXE|debugger, svchost.exe, Quarantined, [f9fc96db8efc2b0b23197223ba4a4fb1] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPROTTRAY.EXE|debugger, svchost.exe, Quarantined, [6c89a2cf3d4d5fd7aa95b2e39d6708f8] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FPWIN.EXE|debugger, svchost.exe, Quarantined, [84713d346b1fc1750140504501034db3] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSGK32.EXE|debugger, svchost.exe, Quarantined, [f104650c7e0cd066c5919401f014827e] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSM32.EXE|debugger, svchost.exe, Quarantined, [fcf982efb6d43bfbb4a7365fd3318f71] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSMA32.EXE|debugger, svchost.exe, Quarantined, [8a6bbdb4355554e2d88544518b7942be] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FSSM32.EXE|debugger, svchost.exe, Quarantined, [23d25021bad072c4253c1a7b6c983dc3] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDXSERVICE.EXE|debugger, svchost.exe, Quarantined, [ce27373a0e7ca294483a0095749020e0] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE|debugger, svchost.exe, Quarantined, [25d01a57ed9d64d2e59e2ee940c425db] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE|debugger, svchost.exe, Quarantined, [fcf9145d355591a55e431383669ef709] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPUXSRV.EXE|debugger, svchost.exe, Quarantined, [01f4620f1278270f20a844d33dc75aa6] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE|debugger, svchost.exe, Quarantined, [ee070a6767233ef8eac9fe98ce36f808] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE|debugger, svchost.exe, Quarantined, [e70e7ff2afdbf442c303a6f01ce86e92] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NBROWSER.EXE|debugger, svchost.exe, Quarantined, [db1a2c45bdcdfb3b357ce8dd7b89ed13] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NPROSEC.EXE|debugger, svchost.exe, Quarantined, [db1aaec3870313237645e7deeb1917e9] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NVCOD.EXE|debugger, svchost.exe, Quarantined, [21d4c1b0ddad0531f6430b8cc83ca759] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ONLINENT.EXE|debugger, svchost.exe, Quarantined, [ec09254c90facf67da81a4f339cb2cd4] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCEXP.EXE|debugger, svchost.exe, Quarantined, [b73ee98856343ff77465ff9855af36ca] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PSANHOST.EXE|debugger, svchost.exe, Quarantined, [c92c6d047b0f76c070748b0c0ef6a55b] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QUHLPSVC.EXE|debugger, svchost.exe, Quarantined, [2bca21503d4d52e4927842563cc80df3] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCANNER.EXE|debugger, svchost.exe, Quarantined, [ae470e631a701f17bcb8c1d7956fb050] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCANWSCS.EXE|debugger, svchost.exe, Quarantined, [05f06b062b5fbf779cdb1484e1236799] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE|debugger, svchost.exe, Quarantined, [75801e53b8d2d95d89b18031c242ba46] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TASKMGR.EXE|debugger, svchost.exe, Quarantined, [9c595819d6b4b97d59b1940532d208f8] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\USERACCOUNTCONTROLSETTINGS.EXE|debugger, svchost.exe, Quarantined, [fbfaacc5a3e701354d8520205aaa6f91] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VIRUSUTILITIES.EXE|debugger, svchost.exe, Quarantined, [94611a577e0cac8a744dcd207c889c64] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE|debugger, svchost.exe, Quarantined, [fdf84d24c5c542f464967dbc6d98c13f] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZANDA.EXE|debugger, svchost.exe, Quarantined, [63927af7f595cf6747cc1486fb093dc3] Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLH.EXE|debugger, svchost.exe, Quarantined, [8b6a84ed3456082e7da58f0bbd4717e9] Registry Data: 2 Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[16dfff725d2da59168c0ee1b19ede21e] Windows.Tool.Disabled, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[51a475fc424821154adea960c83ee31d] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) MBAM (aktuelle Version) Logfile: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27.10.2016 Scan Time: 17:51 Logfile: MBAM_3.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.27.07 Rootkit Database: v2016.09.26.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Admins Scan Type: Threat Scan Result: Completed Objects Scanned: 353720 Time Elapsed: 2 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 15 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMSCAN.EXE, Quarantined, [d063b8e6dbbffa3c699f8844db2859a7], RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRESHCLAM.EXE, Quarantined, [47ec613dcbcf7fb7c1c9f4d8d82b25db], RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMSCAN.EXE, Quarantined, [a192ff9ffaa048ee54b4e5e72cd76799], RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRESHCLAM.EXE, Quarantined, [60d38f0f7e1ce5516d1d5a729e65b947], PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Sense, Quarantined, [84afd0cee3b73204c20adcfb4ab842be], PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{10C7A83B-1C36-4D94-B718-3CF2712E216A}, Quarantined, [35fedec053471c1a20c5a6f88f74f709], PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{13709CD4-1D45-42A2-8B51-3F395B65B1E3}, Quarantined, [979c4955dfbbca6ccd19f9a5dd26c53b], PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44E0B96F-FFDC-4600-928F-215BD67E8FA7}, Quarantined, [260d4b53603a3cfab0352678c73c2ad6], PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D0AC3A1-5DC1-4AFB-87F2-A63BF7897825}, Quarantined, [0b282b735c3e092da1450f8f51b2af51], PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{750BFF28-2DAD-4181-89DD-5DB239817C72}, Quarantined, [3bf8039be8b2b680b4318e1062a18b75], PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9E563179-CCB8-4E1C-86D1-B5983C2D629C}, Quarantined, [df541d814357d4623bab47571be8f010], PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A751E42A-5025-4000-867B-63B925853B80}, Quarantined, [2310e1bdafebb97d1acb386671922cd4], PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B7AA599E-52E3-461E-9680-3D16B84B8AA2}, Quarantined, [6dc6c7d76535ce68a046b4ea3ac955ab], PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE424CCA-415D-473D-B9D5-BAD3A02A1F27}, Quarantined, [68cba0fe1b7f89adb72fc1ddf50e1de3], PUP.Optional.OutBrowse, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\OB, Quarantined, [5fd4c1ddd0ca55e19cd0208e6e95b050], Registry Values: 21 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMSCAN.EXE|debugger, svchost.exe, Quarantined, [d063b8e6dbbffa3c699f8844db2859a7] RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRESHCLAM.EXE|debugger, svchost.exe, Quarantined, [47ec613dcbcf7fb7c1c9f4d8d82b25db] RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLAMSCAN.EXE|debugger, svchost.exe, Quarantined, [a192ff9ffaa048ee54b4e5e72cd76799] RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRESHCLAM.EXE|debugger, svchost.exe, Quarantined, [60d38f0f7e1ce5516d1d5a729e65b947] PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{10C7A83B-1C36-4D94-B718-3CF2712E216A}|AppName, fae77da2-4beb-441e-a80f-2233145b4246-2.exe-buttonutil.exe, Quarantined, [35fedec053471c1a20c5a6f88f74f709] PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{13709CD4-1D45-42A2-8B51-3F395B65B1E3}|AppName, 856c6d2a-3524-4dff-8b60-60a0fc194b36-2.exe-codedownloader.exe, Quarantined, [979c4955dfbbca6ccd19f9a5dd26c53b] PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44E0B96F-FFDC-4600-928F-215BD67E8FA7}|AppName, fae77da2-4beb-441e-a80f-2233145b4246-2.exe-buttonutil.exe, Quarantined, [260d4b53603a3cfab0352678c73c2ad6] PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D0AC3A1-5DC1-4AFB-87F2-A63BF7897825}|AppName, 856c6d2a-3524-4dff-8b60-60a0fc194b36-2.exe-codedownloader.exe, Quarantined, [0b282b735c3e092da1450f8f51b2af51] PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{750BFF28-2DAD-4181-89DD-5DB239817C72}|AppName, 856c6d2a-3524-4dff-8b60-60a0fc194b36-2.exe-buttonutil.exe, Quarantined, [3bf8039be8b2b680b4318e1062a18b75] PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9E563179-CCB8-4E1C-86D1-B5983C2D629C}|AppName, 85bfe029-98ca-4ec8-9176-cbab512e2e23-2.exe-codedownloader.exe, Quarantined, [df541d814357d4623bab47571be8f010] PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A751E42A-5025-4000-867B-63B925853B80}|AppName, 856c6d2a-3524-4dff-8b60-60a0fc194b36-2.exe-buttonutil.exe, Quarantined, [2310e1bdafebb97d1acb386671922cd4] PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B7AA599E-52E3-461E-9680-3D16B84B8AA2}|AppName, 856c6d2a-3524-4dff-8b60-60a0fc194b36-2.exe-codedownloader.exe, Quarantined, [6dc6c7d76535ce68a046b4ea3ac955ab] PUP.Optional.CrossRider, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE424CCA-415D-473D-B9D5-BAD3A02A1F27}|AppName, fae77da2-4beb-441e-a80f-2233145b4246-2.exe-codedownloader.exe, Quarantined, [68cba0fe1b7f89adb72fc1ddf50e1de3] PUP.Optional.OutBrowse, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\OB|monitype1, 12/19/14 20:37:26, Quarantined, [5fd4c1ddd0ca55e19cd0208e6e95b050] PUP.Optional.OutBrowse, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\OB|monitype17, 12/19/14 20:37:26, Quarantined, [df54e3bb7e1c62d4cf9dd5d90ef5b947] PUP.Optional.OutBrowse, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\OB|monitype22, 12/19/14 20:37:40, Quarantined, [76bdd1cd3e5ce84e016b614dcc37916f] PUP.Optional.OutBrowse, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\OB|monitype6, 12/19/14 20:40:21, Quarantined, [52e1dcc21b7fe45291db4e60ee15f40c] PUP.Optional.OutBrowse, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\OB|monitype12, 12/19/14 20:40:54, Quarantined, [e84b9d015149cb6ba3c9298500036997] PUP.Optional.OutBrowse, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\OB|monitype5, 12/19/14 20:41:25, Quarantined, [70c347572a7061d536365f4ffa0936ca] PUP.Optional.OutBrowse, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\OB|monitype15, 12/19/14 20:41:25, Quarantined, [f043326c257560d6d4987a3436cd9f61] PUP.Optional.OutBrowse, HKU\S-1-5-21-3418458991-977026470-3051313295-1000\SOFTWARE\OB|monitype4, 12/19/14 20:41:35, Quarantined, [2c078c121c7eb581323aae0020e3c33d] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 9 Ransom.Cerber, C:\Users\inel-eins\AppData\Roaming\ProxySettings.dll, Quarantined, [d063b5e91387f64035ef61be52b326da], Ransom.Cerber, C:\Users\inel-eins\AppData\Local\Temp\n5zyi9qea.exe, Quarantined, [c46f2975900a8fa7d054c55a81846b95], PUP.Optional.InstallCore, C:\Users\inel-eins\AppData\Local\Temp\nsb57E9.tmp, Quarantined, [8aa985199703cf672244efb356ab2fd1], PUP.Optional.InstallCore, C:\Users\inel-eins\AppData\Local\Temp\nsz659B.tmp, Quarantined, [bd766539ebaf5fd7bda9ddc5936e7e82], Ransom.Cerber, C:\Users\inel-eins\AppData\Local\Temp\aovv1qvg1.exe, Quarantined, [4ee57a24b3e7ef47061e7aa59e676898], Trojan.Bunitu.ED, C:\Users\inel-eins\AppData\Local\Temp\Random486680185797814772.exe, Quarantined, [de55d5c9801ace68e028b16602ffd42c], PUP.Optional.InstallCore, C:\Users\inel-eins\AppData\Local\Temp\ICReinstall_nsb57E9.tmp, Quarantined, [3df6633b4951ce68dd891d8547bab64a], PUP.Optional.InstallCore, C:\Users\inel-eins\AppData\Local\Temp\ICReinstall_nsz659B.tmp, Quarantined, [9d969d013e5cf93d20467d2548b9cd33], PUP.Optional.ShopperPro, C:\Users\inel-eins\AppData\Local\Temp\Install_31237\ins_shopperpro.exe, Quarantined, [92a1b4ea6d2d40f6c6bf6bc2a85945bb], Physical Sectors: 0 (No malicious items detected) (end) Mehr habe ich an Software noch nicht drüberlaufen lassen. So wie es aussieht, hat der kompromittierte Rechner auch auf meinem Zweitrechner und den Netzwerkfreigaben, die er darauf erreichen konnte, die PST-Dateien platt gemacht. Ganz nett programmiert. Guckt links und rechts, verhindert den Start von Malwarebytes auf herkömmlichem Weg, verhindert das Update, wenn MBAM wider Erwarten doch gestartet werden konnte, verhindert den Affengriff [CTRL-ALT-ENTF]. Kostet durchaus Zeit. Kriegen wir den Rechner sicher wieder hingebogen, oder soll ich ihn besser gleich neu aufsetzen? Danke, Wechselbalg |
Themen zu Cerber 4.0 Ransomware auf dem Rechner |
aufsetzen, dateien, detected, explorer, externe festplatte, festplatte, fsm, ics, internet, internet explorer, laufwerk, links, logfile, microsoft, neustart, online, rechner, software, starten, svchost.exe, system, temp, update, virus, windows |