| |
| |||||||
Log-Analyse und Auswertung: Virus gefunden -> Quarantäne -> Neustart -> startet nicht mehr...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
15.09.2008, 22:33
| #1 |
| |  Virus gefunden -> Quarantäne -> Neustart -> startet nicht mehr... Hallo erstmal... ...und ich habe Mist gebaut! Ich habe eine .exe-Datei ausgeführt, der ich vornerein nicht getraut habe. Allerdings habe ich zuvor AntiVir drüberlaufen lassen und es gab keine Meldungen... danach gab es allerdings Warnungen ("You have a security problem.") und zwar in Form eines roten Schildes mit einem weisen 'x', wie man es von Windows her kennt. Hinzu kamen noch Fake-Meldungen vom Virus, dass mein PC gefährdet wäre etc... Danach habe ich eine vollständige Systemprüfung mit AntiVir gemacht und er fand auch einen Virus, wobei ich nicht genau sagen kann, ob es auch der Virus war...  Ich habe diesen erstmal in Quarantäne gestellt und noch eine hijackthis-logfile erstellt und einen Neustart gemacht, was nicht gut war...Nach dem Neustart machte meine Festplatte auf einmal laute Geräusche und der PC hing sich auf. Erneuter Bootversuch half nix... Ich versuchte dann mit einer Knoppix und einer Ubuntu Live-CD zu booten, was auch nicht ging... die Geräusche blieben und der Bootvorgang brach ab! Dann veruscht ich es nochmal im Abgesicherten Modus von Windows und das klappte dann auch... die Geräusche blieben aus und seit dem bin ich im abgesicherten Mode und trau mich auch nicht mehr raus!!  Kann mir jemand helfen?? Bitte... Viele Dank schonmal im Voraus! hijackthis-file: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:50:21, on 15.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\xampp\apache\bin\apache.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\xampp\apache\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe C:\Programme\Pidgin\pidgin.exe C:\DOKUME~1\XXX\LOKALE~1\Temp\video207.cfg C:\DOKUME~1\XXX\LOKALE~1\Temp\c.exe C:\WINDOWS\system32\dqzexwdi.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtkhizut\yrelqhof.exe c:\programme\avira\antivir personaledition classic\avcenter.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: HTML module - {74EBCFFB-AF2D-4dd4-A9BC-2AC12864B3EC} - C:\WINDOWS\system32\mshtml90.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Somefox] C:\DOKUME~1\XXX\LOKALE~1\Temp\video207.cfg.exe O4 - HKCU\..\Run: [smartadmapl] C:\WINDOWS\system32\dqzexwdi.exe O4 - HKLM\..\Policies\Explorer\Run: [28rnZUKy11] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtkhizut\yrelqhof.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1844237615-838170752-1801674531-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe -- End of file - 4946 bytes |
|
15.09.2008, 23:21
| #2 |
 |  Virus gefunden -> Quarantäne -> Neustart -> startet nicht mehr... Hallo und
__________________ also, du bist jetzt im Abgesicherten Modus? Vielleicht sogar mit Netzwerkverbindung? Weißt du noch, wie die entsprechende exe heißt oder wo du sie her hast? Einiges ist im Log zu erkennen aber ohne eine Inet verbindung bzw. einen anderen Rechner wo es eine solche gibt wird es schwierig! Gruß
__________________ |
|
15.09.2008, 23:39
| #3 |
| | Virus gefunden -> Quarantäne -> Neustart -> startet nicht mehr... Hi!
__________________Also ich habe hier noch einen zweiten Desktop von dem ich auch gerade schreibe... und mein betroffener Laptop ist im abgesicherten Mode, allerdings ohne Inet-Verbindung. Die Datei hieß irgendwas mit "code" und einer Zahl... genau weiß ich es jetzt nicht mehr! Mit der Suchfunktion finde ich auch nix! Gruß |
|
15.09.2008, 23:56
| #4 |
| | Virus gefunden -> Quarantäne -> Neustart -> startet nicht mehr... OK, es gibt jetzt zwei möglichkeiten: 1.) Du versuchst den Läppi im normalen Modus zu starten und führst unten stehende Schritte aus! 2.) Du Startest im Abgesicherten Modus mit Netzwerktreibern (Weiß nicht genau ob da auch der Wlan geht ansonsten musst ein Lan Kabel nehmen) und erledigst das im Abgesicherten Modus! Folgende Dateien Online bei Virustotal oder Jotti Prüfen lassen: Code:
ATTFilter C:\DOKUME~1\XXX\LOKALE~1\Temp\video207.cfg
C:\DOKUME~1\XXX\LOKALE~1\Temp\c.exe
C:\WINDOWS\system32\dqzexwdi.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtkhizut\yrelqhof.exe
Wie man Dateien sichtbar macht steht ebenfalls in meiner Signatur! Lade Dir Malwarebytes, Installiere es und Update es! Mache einen Scan gemäß der Anleitung! Poste das Log und lasse natürlich alles gefundene Löschen! Neues HijackThis Log nach der Bereinigung! Gruß |
|
16.09.2008, 01:20
| #5 |
| | Virus gefunden -> Quarantäne -> Neustart -> startet nicht mehr... Ich habe Virustotal benutzt... video207.cfg: Code:
ATTFilter Datei video207.cfg empfangen 2008.09.16 01:08:09 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.13.0 2008.09.15 -
AntiVir 7.8.1.28 2008.09.15 -
Authentium 5.1.0.4 2008.09.15 -
Avast 4.8.1195.0 2008.09.15 -
AVG 8.0.0.161 2008.09.15 SHeur.CJAY
BitDefender 7.2 2008.09.15 -
CAT-QuickHeal 9.50 2008.09.15 -
ClamAV 0.93.1 2008.09.15 -
DrWeb 4.44.0.09170 2008.09.15 -
eSafe 7.0.17.0 2008.09.15 -
eTrust-Vet 31.6.6090 2008.09.15 -
Ewido 4.0 2008.09.15 -
F-Prot 4.4.4.56 2008.09.14 -
F-Secure 8.0.14332.0 2008.09.16 -
Fortinet 3.113.0.0 2008.09.15 -
GData 19 2008.09.16 Trojan.Win32.FraudPack.nf
Ikarus T3.1.1.34.0 2008.09.15 -
K7AntiVirus 7.10.457 2008.09.15 -
Kaspersky 7.0.0.125 2008.09.16 Trojan.Win32.FraudPack.nf
McAfee 5383 2008.09.12 -
Microsoft 1.3903 2008.09.16 TrojanDownloader:Win32/Renos.AY
NOD32v2 3443 2008.09.15 -
Norman 5.80.02 2008.09.15 -
Panda 9.0.0.4 2008.09.15 Suspicious file
PCTools 4.4.2.0 2008.09.15 -
Prevx1 V2 2008.09.16 Malware Dropper
Rising 20.61.42.00 2008.09.12 -
Sophos 4.33.0 2008.09.15 -
Sunbelt 3.1.1633.1 2008.09.13 -
Symantec 10 2008.09.16 -
TheHacker 6.3.0.9.084 2008.09.15 -
TrendMicro 8.700.0.1004 2008.09.15 -
VBA32 3.12.8.5 2008.09.15 -
ViRobot 2008.9.12.1375 2008.09.12 -
VirusBuster 4.5.11.0 2008.09.15 -
Webwasher-Gateway 6.6.2 2008.09.16 -
weitere Informationen
File size: 53252 bytes
MD5...: 61fa73679b82bb222626cedbd127fa1f
SHA1..: 3462f1587f1ef6a74f54d36d0830c1fc137a9983
SHA256: d0a317e0e446ae848046b8d9aaf32793f179be497f86c899b8582f4fff73abcc
SHA512: a96d50861f02a30d0fe6950b11b53afe39b3806ed28947867e9c2c84992bdb31<br>921b87f427f75fe64030d83b7dcd55948470e58630f9a4fc5403673c880e66c7
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>VXD Driver (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4011ea<br>timedatestamp.....: 0x47c9c29e (Sat Mar 01 20:54:54 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xb77 0xc00 3.77 ec1b05a117b7f7ba59940d1c3d899d2a<br>.rdata 0x2000 0x5ad 0x600 4.97 657361317567c62b5eda09f8d366de2b<br>.data 0x3000 0x10acd26 0xba00 7.49 3a07a464a51c3490ca6044f342552d4d<br><br>( 3 imports ) <br>> kernel32.dll: GetOEMCP, lstrcpynW, lstrcpynA, MultiByteToWideChar, GetCPInfo, GetModuleFileNameA, GetStringTypeW, LCMapStringA, WriteFile, SetFilePointer, lstrcatA, LCMapStringW, SetHandleCount, GetVersion, GetCommandLineA, GetFileType, GetStdHandle, CreateFileA, GetStartupInfoA, GetACP, lstrcpyA, GetCurrentProcess, TerminateProcess<br>> user32.dll: CopyImage, GetMenu, DrawTextW, GetDlgItem, IsWindow, GetFocus, DrawIcon, GetCursor, CopyIcon, GetWindowTextLengthA, DrawIconEx, EndDialog, DialogBoxParamW, LoadMenuA, DialogBoxParamA, LoadCursorA, CloseWindow, DrawTextA, GetDC, CopyRect, InsertMenuA<br>> comctl32.dll: ImageList_DragEnter, CreateToolbar, ImageList_Copy, ImageList_AddIcon, ImageList_Create, CreateToolbarEx, MenuHelp, ImageList_Add, ImageList_DrawEx, DllGetVersion, ImageList_LoadImageW<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=9EFBA5D004CD76BFD04F009FA8B77D00549DC366
Code:
ATTFilter Datei gxkbklwv.exe empfangen 2008.09.15 17:03:32 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - Win32:PureMorph
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Trojan.Win32.Obfuscated.gx
Fortinet - - W32/PolySmall.BP!tr
GData - - Trojan.Win32.Obfuscated.gx
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - Trojan.Win32.Obfuscated.gx
McAfee - - -
Microsoft - - TrojanDownloader:Win32/FakeAlert.C
NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - Mal/EncPk-DG
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
weitere Informationen
MD5: 5985de6c0306cd48daeaa055bc98965d
SHA1: e9824286177a0b389d892c439686b6a92188ff19
SHA256: eccd351ed525d36995a7e071414d18f0705691d497aaee2e9c350310b7a6946d
SHA512: 8f0be7d57fe6f5dca13c704a47aa089c41dba0da122b045b007d223677581c0d3c8edd107700fb15d3cccd2262a5bbd6b977b87f4ddb38c6105f5a983cf41678
Code:
ATTFilter Datei yrelqhof.exe empfangen 2008.09.16 01:19:02 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.13.0 2008.09.15 -
AntiVir 7.8.1.28 2008.09.15 -
Authentium 5.1.0.4 2008.09.15 -
Avast 4.8.1195.0 2008.09.15 Win32:PureMorph
AVG 8.0.0.161 2008.09.15 Generic11.YJH
BitDefender 7.2 2008.09.15 -
CAT-QuickHeal 9.50 2008.09.15 -
ClamAV 0.93.1 2008.09.15 -
DrWeb 4.44.0.09170 2008.09.15 -
eSafe 7.0.17.0 2008.09.15 -
eTrust-Vet 31.6.6090 2008.09.15 -
Ewido 4.0 2008.09.15 -
F-Prot 4.4.4.56 2008.09.14 -
F-Secure 8.0.14332.0 2008.09.16 Trojan.Win32.Obfuscated.gx
Fortinet 3.113.0.0 2008.09.15 W32/PolySmall.BP!tr
GData 19 2008.09.16 Trojan.Win32.Obfuscated.gx
Ikarus T3.1.1.34.0 2008.09.15 -
K7AntiVirus 7.10.457 2008.09.15 -
Kaspersky 7.0.0.125 2008.09.16 Trojan.Win32.Obfuscated.gx
McAfee 5383 2008.09.12 -
Microsoft 1.3903 2008.09.16 -
NOD32v2 3443 2008.09.15 -
Norman 5.80.02 2008.09.15 -
Panda 9.0.0.4 2008.09.15 -
PCTools 4.4.2.0 2008.09.15 -
Prevx1 V2 2008.09.16 Fraudulent Security Program
Rising 20.61.42.00 2008.09.12 -
Sophos 4.33.0 2008.09.15 -
Sunbelt 3.1.1633.1 2008.09.13 -
Symantec 10 2008.09.16 -
TheHacker 6.3.0.9.084 2008.09.15 -
TrendMicro 8.700.0.1004 2008.09.15 -
VBA32 3.12.8.5 2008.09.15 -
ViRobot 2008.9.12.1375 2008.09.12 -
VirusBuster 4.5.11.0 2008.09.15 -
Webwasher-Gateway 6.6.2 2008.09.16 -
weitere Informationen
File size: 65536 bytes
MD5...: f03c10a6c69362a7350b04cc385caecd
SHA1..: 1684016f93d2885b738b84289a8aabd49327711d
SHA256: 8bf40d474a48a310faed3ec44cfe67d27597cf2b3ea45ef0fd2e99b205c4acce
SHA512: ab976b41f9c3c887669336f1af3f98cbe44bc8c903b8d0bae6dd74d97302f463<br>dbb98a57092552a5e9d0d07e0ce6749b0084bddd5700b30011026efc5c02c772
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x404d7b<br>timedatestamp.....: 0x48ce5cca (Mon Sep 15 13:02:02 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xc9e6 0xd000 6.75 9b6bf6d795d7e48ba1276d6d92690c67<br>.rdata 0xe000 0x628 0x1000 2.46 0d622d8d1090c20e011f7d1b12eaeabf<br>.data 0xf000 0x400 0x1000 0.34 1a8f0a9e6ff8438e2dd23d960c067de1<br><br>( 4 imports ) <br>> KERNEL32.dll: ReadFile, WriteFile, GlobalDeleteAtom, FindFirstFileW, GetProcAddress, SetCurrentDirectoryW, FindResourceW, WritePrivateProfileStringW, GetDriveTypeW, SetWaitableTimer, GetLastError, TerminateThread, CreateFileW, LoadResource, LoadLibraryA, GetLogicalDrives, CreateProcessW, FreeResource, CreateEventW, GetFileAttributesW, GetCurrentThread, CreateThread, QueryDosDeviceW, CancelWaitableTimer<br>> USER32.dll: SendDlgItemMessageW, EnableWindow, SetWindowTextW, LoadIconW, CreateWindowExW, PostQuitMessage, SetCapture, SetCursor, DispatchMessageW, RegisterWindowMessageW, SendMessageW, SystemParametersInfoW, DestroyIcon, SetCursorPos, GetClassNameW, ReleaseDC, GetKeyState, SetDlgItemTextW<br>> GDI32.dll: CreateRoundRectRgn, GetStockObject, DPtoLP, SelectObject, SetMapMode, MoveToEx, GetObjectW, SetBkMode<br>> ADVAPI32.dll: RegDeleteValueW, RegNotifyChangeKeyValue, StartServiceW, RegOpenKeyExW, RegQueryValueExW<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=210DC126009DB9A0001801F3702B090070014DB8
Code:
ATTFilter Datei c.exe empfangen 2008.09.16 01:14:00 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.13.0 2008.09.15 -
AntiVir 7.8.1.28 2008.09.15 -
Authentium 5.1.0.4 2008.09.15 -
Avast 4.8.1195.0 2008.09.15 -
AVG 8.0.0.161 2008.09.15 -
BitDefender 7.2 2008.09.15 -
CAT-QuickHeal 9.50 2008.09.15 -
ClamAV 0.93.1 2008.09.15 -
DrWeb 4.44.0.09170 2008.09.15 -
eSafe 7.0.17.0 2008.09.15 -
eTrust-Vet 31.6.6090 2008.09.15 -
Ewido 4.0 2008.09.15 -
F-Prot 4.4.4.56 2008.09.14 -
F-Secure 8.0.14332.0 2008.09.16 -
Fortinet 3.113.0.0 2008.09.15 -
GData 19 2008.09.16 Trojan.Win32.FraudPack.mx
Ikarus T3.1.1.34.0 2008.09.15 -
K7AntiVirus 7.10.457 2008.09.15 -
Kaspersky 7.0.0.125 2008.09.16 Trojan.Win32.FraudPack.mx
McAfee 5383 2008.09.12 -
Microsoft 1.3903 2008.09.16 -
NOD32v2 3443 2008.09.15 -
Norman 5.80.02 2008.09.15 -
Panda 9.0.0.4 2008.09.15 -
PCTools 4.4.2.0 2008.09.15 -
Prevx1 V2 2008.09.16 Hijacker
Rising 20.61.42.00 2008.09.12 -
Sophos 4.33.0 2008.09.15 Mal/EncPk-CZ
Sunbelt 3.1.1633.1 2008.09.13 -
Symantec 10 2008.09.16 -
TheHacker 6.3.0.9.084 2008.09.15 -
TrendMicro 8.700.0.1004 2008.09.15 -
VBA32 3.12.8.5 2008.09.15 -
ViRobot 2008.9.12.1375 2008.09.12 -
VirusBuster 4.5.11.0 2008.09.15 -
Webwasher-Gateway 6.6.2 2008.09.16 -
weitere Informationen
File size: 58880 bytes
MD5...: 387e740352d99688312417bf073b0f6f
SHA1..: 2f7a216cec62197ef5d89ca72262b8c85200ce21
SHA256: 635c68ff66af411cf5a996e6d0be8b8792c6f34e2b9699733a5b979c706fa93a
SHA512: b7c3f1c61d92a223fee068357228e374ba4ff7c043df7bd5a2c916b6ceb6d0b5<br>8c268fe34e3473cd50af8a9ca2e2dffc7ee955bc776f5ba933d916e3bcc23242
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>VXD Driver (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4010db<br>timedatestamp.....: 0x47a87c8a (Tue Feb 05 15:11:06 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf4f 0x1000 2.94 197998d2ca9456afe5bafb6c2082ac06<br>.rdata 0x2000 0x72d 0x800 4.86 49c78d5b94f50faafea7b985d90c56f0<br>.data 0x3000 0x10675e6 0xca00 7.54 6373fd72b078fd1b67ace69ca86e07cf<br><br>( 4 imports ) <br>> user32.dll: LoadMenuA, IsWindow, DrawTextA, DialogBoxParamA, DialogBoxParamW, EndDialog, CopyIcon, GetMenu, CopyImage, GetWindowTextLengthA, DrawIcon, CreateIcon, InsertMenuA, CopyRect, GetWindowTextA, GetCursor, DrawTextW, IsMenu, GetDC, GetDlgItem, CloseWindow, DrawIconEx<br>> kernel32.dll: GetACP, GetVersion, LCMapStringW, SetFilePointer, lstrcpynA, lstrcpyA, SetHandleCount, MultiByteToWideChar, GetModuleFileNameA, GetFileType, GetStdHandle, lstrcatA, lstrcpynW, GetStartupInfoA, CreateFileA, TerminateProcess, GetStringTypeA, WriteFile, GetStringTypeW, LCMapStringA, GetOEMCP<br>> comctl32.dll: ImageList_DragEnter, MenuHelp, ImageList_Copy, ImageList_GetIcon, ImageList_Add, ImageList_GetIconSize, ImageList_LoadImageW, ImageList_Create, DrawStatusTextW, CreateStatusWindow, DllGetVersion, ImageList_Destroy, CreateToolbar<br>> advapi32.dll: RegCreateKeyW, RegQueryValueA, RegDeleteKeyA, RegQueryValueExW, RegEnumKeyExW, RegOpenKeyW, RegQueryValueExA, RegQueryValueW, RegEnumValueA, RegCreateKeyA, RegCreateKeyExA, RegOpenKeyA<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=A60D387900486CD5E67F002DDDE82A00800AD6E7
Code:
ATTFilter Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1159
Windows 5.1.2600 Service Pack 3
16.09.2008 02:02:13
mbam-log-2008-09-16 (02-02-12).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 104415
Laufzeit: 36 minute(s), 34 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 35
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 4
Infizierte Dateien: 69
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\html.html (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{474372cd-d5af-40f7-9004-921f0e347dd0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74ebcffb-af2d-4dd4-a9bc-2ac12864b3ec} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74ebcffb-af2d-4dd4-a9bc-2ac12864b3ec} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\html.html.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\28rnzuky11 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtkhizut\yrelqhof.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\mshtml90.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\psrr\Lokale Einstellungen\Temp\video207.cfg.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Dokumente und Einstellungen\psrr\Lokale Einstellungen\Temp\video207.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
|
|
16.09.2008, 01:27
| #6 |
| | Virus gefunden -> Quarantäne -> Neustart -> startet nicht mehr... und die Hijackthis-File noch: Highjackthis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:17:46, on 16.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\xampp\apache\bin\apache.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\xampp\apache\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\dqzexwdi.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [smartadmapl] C:\WINDOWS\system32\dqzexwdi.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1844237615-838170752-1801674531-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe -- End of file - 4408 bytes "C:\WINDOWS\system32\dqzexwdi.exe" läuft noch... ich bekomm auch noch weiterhin eine bestimmte Fake-Message!Gruß und gute Nacht!  |
|
| Themen zu Virus gefunden -> Quarantäne -> Neustart -> startet nicht mehr... |
| abgesicherten modus, adobe, antivir, antivirus, auf einmal, avira, bho, booten, bootvorgang, dateien, einstellungen, explorer, festplatte, firefox, google, google update, helfen, heulen, hijack, hkus\s-1-5-18, html, internet, internet explorer, mozilla, neustart, pc gefährdet, programme, security, server, software, virus, virus gefunden, windows, windows xp, windows xp sp3, xp sp3 |
Hybrid-Darstellung
