|
Plagegeister aller Art und deren Bekämpfung: Windows Warning Message Spyware fighter?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.09.2008, 07:40 | #1 |
| Windows Warning Message Spyware fighter? Moin, ich habe hier schon öfter nützliche Hinweise gefunden um Plagegeister loszuwerden. Zum Glück musste ich hier lang schon nicht mehr suchen. Das bedeutet auch das ich etwas 'raus' bin. Ich habe glaube ich einen alten Bekannten drauf. Nachdem mir das Windows Alert Center oder so eine Message geschickt hat habe ich nun den Desktop Hintergrund eingefroren mit dem Windows Warning Message Bild. Ich habe den Eindruck das sich auf meinem Rechner etwas geändert hat nachdem ich den SPAMfighter und den SPYWAREfighter drauf hatte? Ich bekam auch von meiner Fritzbox Firewall Zugriffsversuchsmeldungen bis dato unbekannter Programme? Ein HijackThis Scan mit Onlineauswertung war bisher unauffällig. Ich lasse das System gerade scannen und kann dann mal was posten. Oder soll ich gleich abbrechen und bestimmte Sachen posten? Ich hoffe nicht das ich neu aufsetzen muss: 1.) Ist ein Notebooksbilliger.de Laptop, d.h. Windows war vorinstalliert (ich weiss nicht wo ich ein Betriebssystem herbekomme) 2.) Sind viele Daten drauf, die ich vorher sichern müsste 3.) Kann ich die zu sichernden Daten vorher oder nache übehaupt 'säubern'? Ich danke Euch schon einmal vorab für die Hilfe!!! Gruß Oppa EDIT: Hab die Scans mal abgebrochen um zu sehen wie die ganzen (unbekannten/ungewöhnlichen) eldungen am Start lauten. Also hier der Reihenfolge nach: AntiVir: C:\Dokumenteund Einstellungen\...\.tt1.tmp.vbs Enthält Erkennungsmuster des VBS-Scriptvirus VBS/Agent.1002 Fritz-Box Firewall: C:WINDOWS\system32\lphcg26j0eadt.exe Zieladresse: Windows Update AntiVir: C:\Dokumenteund Einstellungen\...\.tt1.tmp Ist das Trojanische Pferd TR/FakeScanner.F Fritz-Box Firewall: lphcg26j0eadt.exe Zieladresse: 808468.1.34e36fdd1497537d2df2572a3… Malwarebytes: Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1147 Windows 5.1.2600 Service Pack 2 14.09.2008 09:32:39 mbam-log-2008-09-14 (09-32-39).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 57473 Laufzeit: 10 minute(s), 38 second(s) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 34 Infizierte Registrierungswerte: 8 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 4 Infizierte Dateien: 75 Infizierte Speicherprozesse: C:\WINDOWS\system32\lphcg26j0eadt.exe (Trojan.FakeAlert) -> Unloaded process successfully. Infizierte Speichermodule: C:\Programme\iywzlqd\wincomproc.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\blphcg26j0eadt.scr (Trojan.FakeAlert) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{0ECB946E-FA68-9079-2A35-0A3BAE18925C} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wincomproc (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\35qu2qjahw (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcg26j0eadt (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Programme\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Programme\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Programme\iywzlqd\wincomproc.dll (Trojan.FakeAlert.H) -> Delete on reboot. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\abobgbqx\wjcvkvuf.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Programme\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Programme\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Programme\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Programme\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Programme\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Programme\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully. C:\WINDOWS\system32\blphcg26j0eadt.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphcg26j0eadt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcg26j0eadt.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\eNDR Ballon Pausenfilm.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Jens\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Jens\Desktop\AdobeFlashPlayerHD.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. VirusTotal sagt zu lphcg26j0eadt.exe Datei lphcg26j0eadt.exe empfangen 2008.09.14 09:19:30 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 5/36 (13.89%) Laden der Serverinformationen... Ihre Datei wartet momentan auf Position: ___. Geschätzte Startzeit is zwischen ___ und ___ . Dieses Fenster bis zum Abschluss des Scans nicht schließen. Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen. Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut. Ihre Datei wird momentan von VirusTotal überprüft, Ergebnisse werden sofort nach der Generierung angezeigt. Filter Filter Drucken der Ergebnisse Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet. SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email: Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.9.13.0 2008.09.12 - AntiVir 7.8.1.28 2008.09.12 - Authentium 5.1.0.4 2008.09.13 - Avast 4.8.1195.0 2008.09.13 - AVG 8.0.0.161 2008.09.13 - BitDefender 7.2 2008.09.14 - CAT-QuickHeal 9.50 2008.09.13 (Suspicious) - DNAScan ClamAV 0.93.1 2008.09.14 - DrWeb 4.44.0.09170 2008.09.14 - eSafe 7.0.17.0 2008.09.11 Suspicious File eTrust-Vet 31.6.6087 2008.09.12 - Ewido 4.0 2008.09.13 - F-Prot 4.4.4.56 2008.09.14 - F-Secure 8.0.14332.0 2008.09.14 - Fortinet 3.113.0.0 2008.09.14 - GData 19 2008.09.14 - Ikarus T3.1.1.34.0 2008.09.14 - K7AntiVirus 7.10.454 2008.09.13 - Kaspersky 7.0.0.125 2008.09.14 - McAfee 5383 2008.09.12 Downloader-ASH.gen.b Microsoft 1.3903 2008.09.14 - NOD32v2 3440 2008.09.13 - Norman 5.80.02 2008.09.12 - Panda 9.0.0.4 2008.09.13 - PCTools 4.4.2.0 2008.09.13 - Prevx1 V2 2008.09.14 Malicious Software Rising 20.61.42.00 2008.09.12 - Sophos 4.33.0 2008.09.14 Mal/EncPk-EU Sunbelt 3.1.1633.1 2008.09.13 - Symantec 10 2008.09.14 - TheHacker 6.3.0.9.082 2008.09.14 - TrendMicro 8.700.0.1004 2008.09.12 - VBA32 3.12.8.5 2008.09.13 - ViRobot 2008.9.12.1375 2008.09.12 - VirusBuster 4.5.11.0 2008.09.14 - Webwasher-Gateway 6.6.2 2008.09.13 - weitere Informationen File size: 199168 bytes MD5...: 921e22c3163b0b4540032c12b4406cb6 SHA1..: 7b2501e1bc9dbba4eb0db65c4a0d8cb6a2c175be SHA256: 5b42d65fc5ea29d956996af177a39105679cfb57d0127fdf24667271253bf7a5 SHA512: 77f22a927c78a4be516b212350868475d68fc5a88e68dab256bef5f895b94fc7 dfa88c87f45e00fe48f80eb5d2df18110b6c677c6017f65a8dac62ea104b2840 PEiD..: - TrID..: File type identification Win32 Executable Generic (35.2%) Win32 Dynamic Link Library (generic) (31.3%) Win16/32 Executable Delphi generic (8.5%) Clipper DOS Executable (8.3%) Generic Win/DOS Executable (8.2%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x405b97 timedatestamp.....: 0x48c91957 (Thu Sep 11 13:12:55 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xea92 0x9800 8.00 8a53be91e8b601fed5425b70f310545b .rdata 0x10000 0x3fc7 0x1a00 7.97 74bc97a9c245177f4c6c10b681ed4c39 .data 0x14000 0xb6773 0x22400 8.00 2e80511e893322c4898a81a0e9e3680e .rsrc 0xcb000 0xf000 0x3000 6.96 3f36381783a837aa6131641a41e873d4 ( 4 imports ) > gdi32.dll: SaveDC, TextOutW, SetRelAbs, StretchBlt, SetICMMode, ResetDCW, UpdateColors, SetDIBColorTable > wsock32.dll: closesocket, WSAStartup, listen > kernel32.dll: CreatePipe, TerminateProcess, VirtualProtect > shell32.dll: SHAppBarMessage, StrRChrIA, StrStrIA ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramte...14CA0059EFEDFC Geändert von Oppa (14.09.2008 um 08:35 Uhr) |
14.09.2008, 09:19 | #2 |
| Windows Warning Message Spyware fighter? Bin ich frei!?!?
__________________Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1147 Windows 5.1.2600 Service Pack 2 14.09.2008 10:17:26 mbam-log-2008-09-14 (10-17-26).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 57127 Laufzeit: 13 minute(s), 59 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Themen zu Windows Warning Message Spyware fighter? |
.com, adware.egdaccess, adware.trymedia, alert, browser, desktop, disabletaskmgr, druck, eingefroren, einstellungen, email, explorer, fake.dropped.malware, firewall, frage, gen 2, generic, helper, hijack, hijack.displayproperties, hijack.taskmanager, hijack.wallpaper, hijackthis, hilfe!!, homepage, install.exe, malware.trace, neu aufsetzen, nicht gefunden, programme, registrierungsschlüssel, rogue.multiple, scan, sekunden, shell32.dll, software, spyware, system, systemcheck, tan, temp, trojan.clicker, trojan.downloader, trojan.fakealert.h, trymedia, virus, windows, windows alert |