| |
| |||||||
Log-Analyse und Auswertung: Log-file Trojaner?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.05.2008, 17:43
| #3 |
| |  Log-file Trojaner? Hi
__________________erstmal vielen Dank. Hier sind meine Ergebnisse. C:\WINDOWS\hporclnr.exe: File hporclnr.exe received on 05.18.2008 18:36:18 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/32 (3.13%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.5.16.0 2008.05.18 - AntiVir 7.8.0.19 2008.05.17 - Authentium 5.1.0.4 2008.05.17 - Avast 4.8.1195.0 2008.05.18 - AVG 7.5.0.516 2008.05.18 - BitDefender 7.2 2008.05.18 - CAT-QuickHeal 9.50 2008.05.17 - ClamAV 0.92.1 2008.05.18 - DrWeb 4.44.0.09170 2008.05.17 - eSafe 7.0.15.0 2008.05.18 - eTrust-Vet 31.4.5796 2008.05.16 - Ewido 4.0 2008.05.18 - F-Prot 4.4.2.54 2008.05.16 - F-Secure 6.70.13260.0 2008.05.18 - Fortinet 3.14.0.0 2008.05.18 - GData 2.0.7306.1023 2008.05.18 - Ikarus T3.1.1.26.0 2008.05.18 - Kaspersky 7.0.0.125 2008.05.18 - McAfee 5297 2008.05.17 - Microsoft 1.3408 2008.05.13 - NOD32v2 3106 2008.05.16 - Norman 5.80.02 2008.05.16 - Panda 9.0.0.4 2008.05.18 - Prevx1 V2 2008.05.18 Malicious Software Rising 20.44.60.00 2008.05.18 - Sophos 4.29.0 2008.05.18 - Sunbelt 3.0.1123.1 2008.05.17 - Symantec 10 2008.05.18 - TheHacker 6.2.92.312 2008.05.18 - VBA32 3.12.6.6 2008.05.17 - VirusBuster 4.3.26:9 2008.05.17 - Webwasher-Gateway 6.6.2 2008.05.18 - Additional information File size: 104960 bytes MD5...: 0e71133930f101809794f4deaef2c589 SHA1..: 7486cb96bd1124c405e227e8505a4a29c363dca2 SHA256: 9b50560fbff3f69ac8f18666f9e980372a1aa114c09a048760d5ef59b6f24112 SHA512: d674a1eab9cbf8a1b79e24ed121ec7bd2d23f8b68df1a640a37e77c5b74e31a8 c2ee055332b05fd9ebab04e1d8b0eb08560f2499b29c5a49cb376bb1e47201b5 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x408592 timedatestamp.....: 0x44dcf049 (Fri Aug 11 21:02:01 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1382b 0x13a00 6.67 62cec90615e341355560c7e99c355fbf .rdata 0x15000 0x4094 0x4200 4.93 746b7028101889f2833642f400aab970 .data 0x1a000 0x3740 0x1800 3.44 bdaaf54f6d97ab5b5ad960986c44b2ed .rsrc 0x1e000 0xb0 0x200 4.10 ddb76861d20f8681e6dd99d4917b2b38 ( 2 imports ) > KERNEL32.dll: DeleteFileW, SetFileAttributesW, GetVersionExW, GetLastError, CreateProcessW, HeapAlloc, HeapFree, GetEnvironmentStringsW, WaitForSingleObject, GetProcessHeap, GetExitCodeProcess, FreeEnvironmentStringsW, FreeLibrary, LoadLibraryW, GetProcAddress, GetModuleHandleW, OpenProcess, TerminateProcess, WideCharToMultiByte, MultiByteToWideChar, GetCommandLineW, Sleep, FindNextFileW, RemoveDirectoryW, SetCurrentDirectoryW, FindClose, GetFileAttributesW, FindFirstFileW, CloseHandle, GetEnvironmentVariableW, CreateFileA, InterlockedIncrement, InterlockedDecrement, InterlockedExchange, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleA, ExitProcess, GetVersionExA, GetStartupInfoW, RaiseException, RtlUnwind, GetCPInfo, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, WriteFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, GetACP, GetOEMCP, HeapSize, GetModuleFileNameA, LoadLibraryA, GetModuleFileNameW, FreeEnvironmentStringsA, GetEnvironmentStrings, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle > ADVAPI32.dll: RegCloseKey, RegEnumKeyExW, RegOpenKeyExW, RegDeleteValueW, RegDeleteKeyW, RegQueryInfoKeyW, RegQueryValueExW, RegSetValueExW ( 0 exports ) C:\WINDOWS\system32\ufdsvc.exe: File ufdsvc.exe received on 05.18.2008 18:42:25 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.5.10.0 2008.05.13 - AntiVir 7.8.0.17 2008.05.13 - Authentium 5.1.0.4 2008.05.14 - Avast 4.8.1169.0 2008.05.12 - AVG 7.5.0.516 2008.05.13 - BitDefender 7.2 2008.05.08 - CAT-QuickHeal 9.50 2008.05.12 - ClamAV 0.92.1 2008.05.13 - DrWeb 4.44.0.09170 2008.05.13 - eSafe 7.0.15.0 2008.05.12 - eTrust-Vet 31.4.5784 2008.05.13 - Ewido 4.0 2008.05.13 - F-Prot 4.4.2.54 2008.05.13 - F-Secure 6.70.13260.0 2008.05.13 - Fortinet 3.14.0.0 2008.05.13 - GData 2.0.7306.1023 2008.05.14 - Ikarus T3.1.1.26.0 2008.05.13 - Kaspersky 7.0.0.125 2008.05.13 - McAfee 5293 2008.05.12 - Microsoft 1.3408 2008.05.13 - NOD32v2 3095 2008.05.13 - Norman 5.80.02 2008.05.09 - Panda 9.0.0.4 2008.05.12 - Prevx1 V2 2008.05.18 - Rising 20.44.12.00 2008.05.13 - Sophos 4.29.0 2008.05.13 - Sunbelt 3.0.1114.0 2008.05.12 - Symantec 10 2008.05.13 - TheHacker 6.2.92.309 2008.05.13 - VBA32 3.12.6.6 2008.05.13 - VirusBuster 4.3.26:9 2008.05.12 - Webwasher-Gateway 6.6.2 2008.05.13 - Additional information File size: 69632 bytes MD5...: 99184adc5b7fab997146971f20afff18 SHA1..: c4b46ddeff76257a21afcfa53a8a9811ef5eef6e SHA256: f00dc75a9344c938f222415986bef99cdd8f421681d863512d08e2d01cca22ac SHA512: 9f99a4c1131bd9c18382f58a9b7750217e5b872ad75c822bfff8d98eacfaee10 bdcdb673325195f9456d7f1d57f98c1b7b5c484eddb5aef44d2e064bdc021dd6 PEiD..: Armadillo v1.71 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4058df timedatestamp.....: 0x43f2cc17 (Wed Feb 15 06:37:11 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xaea4 0xb000 6.45 3dacee5474d57cc176f4524faa06e8cf .rdata 0xc000 0xc56 0x1000 4.60 7024d8295514a5f3491d461d641947b3 .data 0xd000 0x4b08 0x3000 1.38 95dfc18888e5bf0c4cdad203b2f5f14b .rsrc 0x12000 0x3a8 0x1000 0.96 8fb486035fc1c05b0c7107397ca40b69 ( 3 imports ) > KERNEL32.dll: WaitForSingleObject, CreateEventA, GetWindowsDirectoryA, CreateThread, Sleep, SetEvent, ResetEvent, CreateFileA, HeapFree, HeapAlloc, CancelWaitableTimer, SetWaitableTimer, CreateWaitableTimerA, CloseHandle, GetModuleFileNameA, GetModuleHandleA, DeviceIoControl, GetProcAddress, LoadLibraryA, GetCurrentProcess, GetLastError, VirtualFree, RtlUnwind, WriteFile, VirtualAlloc, HeapReAlloc, SetEnvironmentVariableA, SetStdHandle, FlushFileBuffers, SetFilePointer, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetEndOfFile, ReadFile, CompareStringA, CompareStringW, ExitProcess, HeapCreate, HeapDestroy, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetCommandLineA, GetVersion, TerminateProcess, GetCPInfo, GetACP, GetOEMCP, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetEnvironmentVariableA, GetVersionExA > ADVAPI32.dll: RegOpenKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, RegDeleteValueA, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA > SHELL32.dll: SHChangeNotify |
| Themen zu Log-file Trojaner? |
| adobe, antivir, appinit_dlls, avira, bho, cdburnerxp, desktop, drivers, excel, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, log-files, mozilla, mozilla firefox, mozilla thunderbird, object, registry, rundll, scan, senden, skype.exe, software, system, trojaner, trojaner?, usb, windows, windows xp, windows xp sp3, xp sp3 |
Baum-Darstellung