| |
| |||||||
Log-Analyse und Auswertung: Probleme mit TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.04.2009, 09:38
| #1 |
 |  Probleme mit Trojaner hallo, seit gestern bekomme ich von avira dauernt trojaner meldungen. hier die drei die ich gemeldet bekomme. TR/Dropper.Gen, TR/Drop.Agent.amnc, TR/Crcpt.XPACK.Gen ich drücke immer auf löschen aber es funzt nicht. so wie es aussieht erstellen die drei temp dateinen immer wieder aufs neue. ich lösche diese zwar ständig aber die kommen immer wieder neu. folgende ordner sind sind laut avira betroffen c:windows/temp oder system32. bitte um rat ich werde nicht herr der lage Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:15, on 28.04.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Program DJ\Wireless Switch\wlss.exe C:\Program Files\Program DJ\Green Charger\GCTray.exe C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Razer\Diamondback 3G\razerhid.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe D:\Internet\Internet\uTorrent\uTorrent.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Antispy\Tmas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Thunderbird\thunderbird.exe C:\Program Files\Razer\Diamondback 3G\razertra.exe C:\Program Files\Razer\Diamondback 3G\razerofa.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Altap Salamander 2.5\salamand.exe C:\Program Files\Mozilla Firefox 3.0\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe D:\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: 91.121.97.18 mininova.org O1 - Hosts: 91.121.97.18 www.mininova.org O1 - Hosts: 91.121.97.18 thepiratebay.org O1 - Hosts: 91.121.97.18 www.thepiratebay.org O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WLSS] C:\Program Files\Program DJ\Wireless Switch\WLSS.exe O4 - HKLM\..\Run: [GCTray] C:\Program Files\Program DJ\Green Charger\GCTray.exe O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [uTorrent] "D:\Internet\Internet\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ICQ] "D:\Programme\Programme\icq6\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [A00FEAF9F.exe] C:\Windows\TEMP\_A00FEAF9F.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [A00FEAF9F.exe] C:\Windows\TEMP\_A00FEAF9F.exe (User 'Default user') O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Antispy\Tmas.exe O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Download with GetRight - D:\Programme\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - D:\Programme\Programme\GetRight\GRbrowse.htm O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\Programme\icq6\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\Programme\icq6\ICQ6.5\ICQ.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - D:\Programme\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - D:\Programme\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O13 - Gopher Prefix: O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lightuning Encrypt Watching Service (LTT_ENCRYPT_WATCHING) - Unknown owner - C:\Windows\system32\EncryptWatchingService.exe O23 - Service: Lightuning UAC Controller Service (LTT_UAC_CTRL) - Unknown owner - C:\Windows\system32\SVC_LTT.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\Programme\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe -- End of file - 9644 bytes |
|
28.04.2009, 13:48
| #2 |
  | Probleme mit Trojaner Hi,
__________________Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\TEMP\_A00FEAF9F.exe
C:\Windows\system32\SVC_LTT.exe
C:\Windows\system32\EncryptWatchingService.exe
Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Files to delete:
C:\Windows\TEMP\_A00FEAF9F.exe
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code:
ATTFilter O4 - HKUS\S-1-5-18\..\Run: [A00FEAF9F.exe] C:\Windows\TEMP\_A00FEAF9F.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [A00FEAF9F.exe] C:\Windows\TEMP\_A00FEAF9F.exe (User 'Default user')
Malwarebytes Antimalware (MAM). Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Fullscan und alles bereinigen lassen! Log posten. Alternativer Download: http://filepony.de/download-malwarebytes_anti_malware/, http://www.gt500.org/malwarebytes/mbam.jsp Chris
__________________ |
|
28.04.2009, 22:53
| #3 |
| | Probleme mit Trojaner hi,
__________________habe alles so eingestellt wie in der anleitung beschrieben war. der eintrag in C:\Windows\TEMP\_A00FEAF9F.exe gibts bei mir nicht. somit konnte ich Avenger nicht nutzen. |
|
28.04.2009, 22:54
| #4 |
| | Probleme mit Trojaner zu C:\Windows\system32\SVC_LTT.exe Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.04.28 - AhnLab-V3 5.0.0.2 2009.04.28 - AntiVir 7.9.0.156 2009.04.28 - Antiy-AVL 2.0.3.1 2009.04.28 - Authentium 5.1.2.4 2009.04.27 - Avast 4.8.1335.0 2009.04.28 - AVG 8.5.0.287 2009.04.28 - BitDefender 7.2 2009.04.28 - CAT-QuickHeal 10.00 2009.04.28 - ClamAV 0.94.1 2009.04.28 - Comodo 1140 2009.04.28 - DrWeb 4.44.0.09170 2009.04.28 - eSafe 7.0.17.0 2009.04.27 - eTrust-Vet 31.6.6480 2009.04.28 - F-Prot 4.4.4.56 2009.04.27 - F-Secure 8.0.14470.0 2009.04.28 - Fortinet 3.117.0.0 2009.04.28 - GData 19 2009.04.28 - Ikarus T3.1.1.49.0 2009.04.28 - K7AntiVirus 7.10.717 2009.04.27 - Kaspersky 7.0.0.125 2009.04.28 - McAfee 5599 2009.04.28 - McAfee+Artemis 5599 2009.04.28 - McAfee-GW-Edition 6.7.6 2009.04.28 - Microsoft 1.4602 2009.04.28 - NOD32 4040 2009.04.28 - Norman 6.00.06 2009.04.28 - nProtect 2009.1.8.0 2009.04.28 - Panda 10.0.0.14 2009.04.28 - PCTools 4.4.2.0 2009.04.28 - Prevx1 3.0 2009.04.28 - Rising 21.27.12.00 2009.04.28 - Sophos 4.41.0 2009.04.28 - Sunbelt 3.2.1858.2 2009.04.28 - Symantec 1.4.4.12 2009.04.28 - TheHacker 6.3.4.1.315 2009.04.28 - TrendMicro 8.700.0.1004 2009.04.28 - VBA32 3.12.10.3 2009.04.28 - ViRobot 2009.4.28.1712 2009.04.28 - VirusBuster 4.6.5.0 2009.04.28 - weitere Informationen File size: 184320 bytes MD5...: a526bd3fc2939e2d94a913e833c77d0c SHA1..: 0c8d1523f356f410e683a84764fc36b695dd0a96 SHA256: c2b2baab1bebeacac763deb488049bdb4e82b31ed9e50ad7815f9d296605ae81 SHA512: eab63ab61a255ca64bb92066f48bbabd94c4dd60b528ac7aac3de104e402fc09 6ab39c9ac642b814e73cd06c72718225902a8b8c48cc1bff114b8a5c2c747afe ssdeep: 3072:A/ORiBalCCT7NR00yQKxPE8FfRSKStdZTy/:QORiZCPNR0gKxMUfRXWs PEiD..: - TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xd43f timedatestamp.....: 0x485b264b (Fri Jun 20 03:38:51 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1d5a6 0x1e000 6.61 2b2fce1c81f9eb429d203a2a95c258c3 .rdata 0x1f000 0x7290 0x8000 4.67 4c3a36a1966416a0f256423d40941129 .data 0x27000 0x5938 0x2000 3.69 17c4036781878f31f6bd88655d8741d6 .rsrc 0x2d000 0x3bb0 0x4000 3.89 367d7ecf8c929e80b0869bb0d476cd42 ( 9 imports ) > KERNEL32.dll: GlobalFlags, GlobalAddAtomA, GlobalGetAtomNameA, GetThreadLocale, GetVersionExA, lstrcmpW, GlobalFindAtomA, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, GetCurrentProcess, CreateFileA, GetCPInfo, GetOEMCP, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, RtlUnwind, GetProcessHeap, RaiseException, ExitProcess, HeapSize, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, WritePrivateProfileStringA, CloseHandle, InterlockedIncrement, InterlockedDecrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, LoadLibraryA, lstrcmpA, FreeLibrary, GlobalDeleteAtom, GetModuleHandleA, GetProcAddress, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, FindResourceA, LoadResource, LockResource, SizeofResource, SetLastError, lstrcpyA, GetCommandLineA, CreateToolhelp32Snapshot, Process32First, Process32Next, WaitForSingleObject, Sleep, GetModuleFileNameA, lstrlenA, lstrcmpiA, CompareStringA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InterlockedExchange > USER32.dll: ShowWindow, DestroyMenu, GetCapture, GetClassLongA, SetPropA, GetPropA, RemovePropA, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, DefWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, UnregisterClassA, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, GetClassNameA, PtInRect, SetWindowTextA, SetCursor, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, wsprintfA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, LoadCursorA, GetSystemMetrics, RegisterWindowMessageA, LoadIconA, CallWindowProcA, WinHelpA, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, PostQuitMessage, PostMessageA, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, UnhookWindowsHookEx, GetWindowThreadProcessId, SendMessageA, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, MessageBoxA, GetWindowTextA > ADVAPI32.dll: SetServiceStatus, RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegCreateKeyExA, RegOpenKeyA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, RegCloseKey, ControlService, QueryServiceStatus, DeleteService, OpenSCManagerA, OpenServiceA, CreateServiceA, StartServiceA, CloseServiceHandle > SHELL32.dll: ShellExecuteExA > SHLWAPI.dll: PathFindExtensionA > OLEACC.dll: LresultFromObject, CreateStdAccessibleObject > GDI32.dll: CreateBitmap, DeleteObject, SaveDC, RestoreDC, GetStockObject, DeleteDC, ScaleWindowExtEx, SetWindowExtEx, SetBkColor, SetTextColor, SetMapMode, GetClipBox, ExtTextOutA, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, GetDeviceCaps, TextOutA, RectVisible, PtVisible, Escape > WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter > OLEAUT32.dll: -, -, - ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set zu C:\Windows\system32\EncryptWatchingService.exe Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.04.28 - AhnLab-V3 5.0.0.2 2009.04.28 - AntiVir 7.9.0.156 2009.04.28 - Antiy-AVL 2.0.3.1 2009.04.28 - Authentium 5.1.2.4 2009.04.27 - Avast 4.8.1335.0 2009.04.28 - AVG 8.5.0.287 2009.04.28 - BitDefender 7.2 2009.04.28 - CAT-QuickHeal 10.00 2009.04.28 - ClamAV 0.94.1 2009.04.28 - Comodo 1140 2009.04.28 - DrWeb 4.44.0.09170 2009.04.28 - eSafe 7.0.17.0 2009.04.27 - eTrust-Vet 31.6.6480 2009.04.28 - F-Prot 4.4.4.56 2009.04.27 - F-Secure 8.0.14470.0 2009.04.28 - Fortinet 3.117.0.0 2009.04.28 - GData 19 2009.04.28 - Ikarus T3.1.1.49.0 2009.04.28 - K7AntiVirus 7.10.717 2009.04.27 - Kaspersky 7.0.0.125 2009.04.28 - McAfee 5599 2009.04.28 - McAfee+Artemis 5599 2009.04.28 - McAfee-GW-Edition 6.7.6 2009.04.28 - Microsoft 1.4602 2009.04.28 - NOD32 4040 2009.04.28 - Norman 6.00.06 2009.04.28 - nProtect 2009.1.8.0 2009.04.28 - Panda 10.0.0.14 2009.04.28 - PCTools 4.4.2.0 2009.04.28 - Prevx1 3.0 2009.04.28 - Rising 21.27.12.00 2009.04.28 - Sophos 4.41.0 2009.04.28 - Sunbelt 3.2.1858.2 2009.04.28 - Symantec 1.4.4.12 2009.04.28 - TheHacker 6.3.4.1.315 2009.04.28 - TrendMicro 8.700.0.1004 2009.04.28 - VBA32 3.12.10.3 2009.04.28 - ViRobot 2009.4.28.1712 2009.04.28 - VirusBuster 4.6.5.0 2009.04.28 - weitere Informationen File size: 200704 bytes MD5...: db6ea58229d49ff973b826af537c09b8 SHA1..: 00bb1b82388a5f3845fdf05cc51f2a06488e1970 SHA256: 1d7d623777535bf7190bdb76624eada5bf0cd515b9f1dac0a32c230591ef77e6 SHA512: 7c3b1bbde9021f88af8689c72fe02d702e7d73bc00a3c59111f2c3658559af26 20326bdb5b1c41a8cd37cde0ba0a35419ded7c279bb64a53e1f3f75de7139876 ssdeep: 3072:72HVCb/Gj7TaRxnIE1mP2Vw7/qkyD22byTQTV+PzNwr73ZCC9tOZIVMTY/: 721Cb/i3aRxIEEP2Vmqi2byU+dZIV3 PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xf288 timedatestamp.....: 0x485b3d5f (Fri Jun 20 05:17:19 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x21586 0x22000 6.60 39a42550347b10e902a358f497f6373e .rdata 0x23000 0x7b12 0x8000 4.88 6adddc158418d8a1eea7ff857ed3ed20 .data 0x2b000 0x5dbc 0x2000 3.68 b06355312037d3c3f4ff0380261e2487 .rsrc 0x31000 0x3c1c 0x4000 3.87 0fc0a4b67309badecf1a267a83561671 ( 11 imports ) > KERNEL32.dll: HeapFree, HeapAlloc, GetProcessHeap, RtlUnwind, RaiseException, ExitProcess, HeapReAlloc, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, GetACP, GetOEMCP, LCMapStringA, LCMapStringW, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetSystemTimeAsFileTime, VirtualAlloc, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, GetFileAttributesW, GetCurrentProcess, FlushFileBuffers, SetFilePointer, GetThreadLocale, GlobalFindAtomW, LoadLibraryA, GetVersionExA, GetModuleHandleA, GlobalAddAtomW, GlobalFlags, WritePrivateProfileStringW, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, InterlockedDecrement, InterlockedIncrement, SetErrorMode, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, GetLocaleInfoW, LoadLibraryW, WideCharToMultiByte, InterlockedExchange, lstrcmpW, FreeLibrary, GlobalDeleteAtom, GetProcAddress, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageW, lstrlenW, MultiByteToWideChar, FindResourceW, LoadResource, LockResource, SizeofResource, OpenProcess, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, WTSGetActiveConsoleSessionId, GetCurrentProcessId, ProcessIdToSessionId, GetVersionExW, ExitThread, ResumeThread, LocalAlloc, GetTempFileNameW, GetTempPathW, LocalFree, DeleteFileW, GetProfileStringW, TerminateThread, ReadDirectoryChangesW, GetTickCount, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, lstrcmpiW, GetModuleHandleW, GetCommandLineW, lstrcatW, GetModuleFileNameW, GetLastError, SetEvent, Sleep, CreateThread, CreateEventW, WaitForSingleObject, QueryDosDeviceW, ReadFile, CloseHandle, WriteFile, GetStartupInfoA, CreateFileW > USER32.dll: ShowWindow, RegisterWindowMessageW, LoadIconW, WinHelpW, GetCapture, GetClassLongW, SetPropW, GetPropW, RemovePropW, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetMenu, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, AdjustWindowRectEx, CopyRect, DefWindowProcW, CallWindowProcW, SetWindowLongW, SystemParametersInfoA, IsIconic, GetWindowPlacement, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, GetClassNameW, PtInRect, GetWindowTextW, SetWindowTextW, SetCursor, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, GetFocus, ModifyMenuW, EnableMenuItem, CheckMenuItem, DestroyMenu, GetClientRect, SetWindowsHookExW, CallNextHookEx, GetMessageW, TranslateMessage, DispatchMessageW, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageW, GetCursorPos, ValidateRect, GetWindowThreadProcessId, SendMessageW, GetParent, GetWindowLongW, GetLastActivePopup, IsWindowEnabled, EnableWindow, MessageBoxW, UnhookWindowsHookEx, LoadCursorW, GetSystemMetrics, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, PostMessageW, PostQuitMessage, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, wsprintfW, SetWindowPos, UnregisterClassA > GDI32.dll: RectVisible, PtVisible, GetStockObject, DeleteDC, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutW, GetClipBox, SetMapMode, GetDeviceCaps, CreateBitmap, DeleteObject, SaveDC, RestoreDC, SetBkColor, SetTextColor, TextOutW > WINSPOOL.DRV: ClosePrinter, DocumentPropertiesW, OpenPrinterW > ADVAPI32.dll: RegQueryValueW, RegEnumKeyW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegOpenKeyExW, RegQueryValueExW, RegOpenKeyW, RegCloseKey, CreateProcessAsUserW, AdjustTokenPrivileges, SetTokenInformation, DuplicateTokenEx, LookupPrivilegeValueW, OpenProcessToken, StartServiceW, QueryServiceStatus, DeleteService, ControlService, CloseServiceHandle, CreateServiceW, OpenServiceW, OpenSCManagerW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SetSecurityDescriptorDacl, InitializeSecurityDescriptor > SHLWAPI.dll: PathFindExtensionW, PathIsDirectoryW, PathFindFileNameW > OLEAUT32.dll: -, -, - > WTSAPI32.dll: WTSQueryUserToken > LogFileMgr.dll: WriteLogW > FileFilterServicDLL.dll: IsInFileFilterW > EncryptLib.dll: IsInLTTEncryptDirectoryW ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set |
|
28.04.2009, 22:56
| #5 |
| | Probleme mit Trojaner hier der scan von MAM: Malwarebytes' Anti-Malware 1.36 Datenbank Version: 2056 Windows 6.0.6001 Service Pack 1 28.04.2009 23:40:17 mbam-log-2009-04-28 (23-40-17).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 232409 Laufzeit: 32 minute(s), 0 second(s) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 89 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 7 Infizierte Verzeichnisse: 9 Infizierte Dateien: 138 Infizierte Speicherprozesse: C:\Program Files\Antispy\Tmas.exe (Rogue.AntiSpy) -> Unloaded process successfully. C:\Windows\System32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully. Infizierte Speichermodule: C:\Program Files\Antispy\en-us.dll (Rogue.AntiSpy) -> Delete on reboot. C:\Program Files\Antispy\ssengine.dll (Rogue.AntiSpy) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\TypeLib\{204b1584-0186-4437-a3bd-c906d1bcf14c} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{03c43b29-e2be-4026-ab67-4d120664787e} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0412eeb8-5b5d-404f-9d5e-1d86650442a1} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04f8cefc-5408-4a86-945f-a3cf86bfc925} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{12f30b98-a09e-4325-b7e3-6394f0bfea4f} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{13cd3add-680b-4f4a-9b1f-d729634dd104} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1ab00f7a-51b7-4e30-aad5-6a2797fb974c} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{253d7b09-53b7-4bd8-9087-421fc31c0850} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{26c47809-2a15-4855-94ad-6e6841110b62} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2ae20efd-f14a-4977-abaa-8d77e84534e6} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2f3ada02-1a37-4d7b-af15-f662476e109e} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2fe26629-181f-4200-bc82-f4a500d64d95} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{33873e20-51fa-45e3-9405-ef4219bdbf7b} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{41510d4c-88ee-447d-bb5d-fecfb676c1dc} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{45f4de86-24af-46c0-b878-219efb2f06f5} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4daef14e-6c31-400a-86cc-60569686f1d7} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{510321d5-596d-4b3d-843d-d18cf370d95f} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{54787499-116b-48c5-816b-931999be9218} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{675e0c83-38c4-404f-b6b1-e7b4d36602e2} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{67ee568a-6122-43a5-8708-be0ade20d576} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{69fe2113-788b-42dc-b7bf-df70774870cb} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{70594eb2-fb91-4e27-a6d6-f53553755137} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{77b25ed3-0f60-4231-970b-092825832483} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7947cb81-91ea-4637-9c77-7cbb16850b02} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{79b22e45-dab8-42fa-90fd-7f3d89fd9e4a} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7deff114-1fc4-48af-a92b-00087453a480} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{831ca9ed-e683-40f8-9784-5a4e31eb8b3e} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{86aed898-a474-47bf-9031-c0a75458c91a} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{884044d2-96a8-4864-bf5b-c7201cdeaf99} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{902aa599-38c4-4fb2-bfe9-18c47ece4b5d} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{949da914-a97f-4ca0-bfcd-86d2c47e62e1} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{98decb51-c432-405f-aa26-671df705bdb8} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{995c5801-548d-4f5d-820f-71c326830259} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a4323003-581e-41d0-a7c3-4c92ddee5c43} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b0b7d131-c23f-4146-a8db-906894c4a75b} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b4b36233-074a-4b02-9bd2-3d931530e206} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cb087bf7-35c4-49c6-869a-8165a8349058} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d0a390b3-745b-4827-b8b5-37088d874c7a} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{dbd409f9-14af-4d72-95e3-3e3e34231015} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e1a2bff1-fa4d-4751-a8f3-ad08feac3f08} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e5fadfaf-f846-4287-b61d-33e7c5788819} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e793edd0-1f48-49e7-82b7-ebac16d4756c} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ee5065d0-cb02-4d7b-8754-b54a0bcbcf1c} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f8d8714e-ab4e-48ae-a451-e37998ab87b2} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe833532-2d3e-4a9a-8120-ff5c973bc279} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07593fe0-91a2-4de2-b52d-b20a45f2b76c} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{10789882-b27b-4a9f-81fa-4c063a9cccdc} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{135833b7-a91e-4717-b37e-4a83c95627cd} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1b11469e-028c-46d8-8ef4-bb6e2d4d17a7} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e605b18-54c3-4f6e-b8c1-99f00fe63ffd} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{21afb7d3-e1a8-4b36-9be4-442f49112040} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3af090bf-630e-4e72-81b6-95971fe2bb3f} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{40d0e0dc-4014-4571-bc93-84e84b00e338} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4fd85b64-417a-470f-a318-db5c79f9629f} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{50ff5331-0775-48e4-8f70-ea92a66700a2} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{567a4726-bf39-4d03-9638-ed2cfe66ec24} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6da8fdc9-dc0c-4d14-8c82-82a25418e6b5} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6faa3531-473f-4699-81be-c1572eb9864c} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{724a3aca-9793-4582-b8fe-e432af70dd9d} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{728e2f89-c3e2-4b08-962f-4ae9ce62dbd4} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{79ecba8e-56c2-429d-b8bd-c31b16775ca0} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7b89a5b0-7d32-4ecb-8590-bac4275b8abf} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{875675c7-be70-49b6-8663-e4bcec9fe3c9} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{87fe4356-63a3-41c3-8eeb-6532b3b60509} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8cf33fd4-ff01-4d36-9895-791f41177892} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{958ca8ae-b8cd-4945-8c29-45a5e7b9422f} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{976cf62f-f258-4378-a15b-908bb498bbb9} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9e30ccb4-3c4f-4706-8b11-25742ca52c6e} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ae9bb703-5149-4039-9244-d0b13ea20dff} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b68e5d87-2c1e-42b3-a2e9-16a6b43f650a} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bd1ab38b-788c-4bc4-a94a-352c6b4946cb} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c30c6ead-cc24-4bc8-b3b9-12aefcb2d7e3} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c745fb88-5e5a-47fd-805e-864aa8366578} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ca88c6e9-5f08-4084-9065-1ded88391b08} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cb8364a5-880c-454d-aaed-4b6518fb3e5b} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cc793bcc-c7c4-4906-8a5d-710019da59ed} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d0cdb539-1894-49a1-b851-02bcdda92dc6} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d4ac2fc2-8ae4-4092-b45e-8b5b4f6be86d} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e8182f2c-ced7-4026-8b9e-ae4981462a6b} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e9ba403b-d5e5-49f9-a404-badd0dee81f3} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ea454523-1adc-4247-b46b-84ecaa74e050} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{eadde710-fd35-417f-957e-fd2f10b142e2} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{edb85ba7-c733-4173-8a0a-73993f3f325e} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ee1e561e-0181-49ca-9d21-c72d00230c5b} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f31c06df-d052-4651-b336-9b5fdf817e16} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f3ab95d9-f416-4152-96a5-00fb605edef4} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{fa8a8e87-0854-4f0a-a304-9ae1dd339a7e} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{49750331-e6d0-4e91-a002-f56af37ec4c5} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{03a80b1d-5c6a-42c2-9dfb-81b6005d8023} (Rogue.AntiSpy) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{03a80b1d-5c6a-42c2-9dfb-81b6005d8023} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{03a80b1d-5c6a-42c2-9dfb-81b6005d8023} (Rogue.AntiSpy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. |
|
28.04.2009, 22:57
| #6 |
| | Probleme mit Trojaner hier der rest: Infizierte Verzeichnisse: C:\Windows\System32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Antispy (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Backup (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Help (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default (Rogue.AntiSpy) -> Quarantined and deleted successfully. Infizierte Dateien: C:\$Recycle.Bin\S-1-5-21-2714959321-1763349613-1932945215-1000\$RS7K35J.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\winglsetup.exe (Trojan.Vundo) -> Quarantined and deleted successfully. D:\Downloads\SetupAntivirusXP.exe (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Antispyware.log (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\crack.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\cwshredder.dll (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\en-us.dll (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Install.log (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\readme.txt (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\SpUninst.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\spyware.bak (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\spyware.dat3 (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\ssengine.dll (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\sshook.dll (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\ssmsg.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Tmas.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Tmas.exe.BAK (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\usrbl.dat (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\usrwl.dat (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\WebRegister.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Backup\Clean Session - 1222965848.ssb (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Backup\VST Clean Session - 1240857165.ssb (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Help\en-us.chm (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\cl2.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\cl3.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\cl4.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\cld.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\sc1.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\sc11.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\sc2.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\sc3.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\sc4.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\sc5.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\sc6.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Pinball\scd.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\cl2.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\cl3.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\cl4.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\cld.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\sc1.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\sc10.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\sc11.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\sc12.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\sc3.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\sc4.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\sc6.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\sc7.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\sc8.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Sounds\Tomcat\scd.wav (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\bg_common.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\bg_main.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\bg_messagedlg.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_activate.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_add.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_allow.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_bigdelete.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_bigdetails.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_bighelp.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_bigupdates.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_buy.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_cancel.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_clean.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_cleanprivacy.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_clear.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_config.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_cws.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_dbupdate.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_deny.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_details.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_disable.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_feedback.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_help.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_home.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_ok.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_options.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_remove.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_restore.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_save.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_scan.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_selecttoggle.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_start.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_stop.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_updates.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\btn_viewlog.ico (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\copyright.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\DetailsTemplate.htm (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_check_blank.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_check_finished.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_check_off.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_check_on.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_check_working.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_config_adv_scanners.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_config_cleaning.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_config_general.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_config_scanner.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_config_scanners.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_config_scheduling.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_config_sounds.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_config_vst.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_msg_bad.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_msg_error.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_msg_good.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_msg_info.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_msg_question.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_msg_uncertain.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_msg_verybad.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_msg_warning.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_scanner_cookie.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_scanner_folder.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_scanner_none.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_scanner_process.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_scanner_regykey.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_scanner_regyval.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_scanner_shortcutlink.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_scanner_suspect.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_scanner_winfile.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_std_check_off.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_std_check_on.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_threat_3.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_vst_manage.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_vst_threatgraph_0.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_vst_threatgraph_100.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_vst_threatgraph_25.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_vst_threatgraph_50.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_vst_threatgraph_75.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\icon_vst_warning.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\ProductLogo.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\splash.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\SplashBASIC.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\SplashPRO.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\SplashTRIAL.bmp (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Program Files\Antispy\Themes\Default\theme.ini (Rogue.AntiSpy) -> Quarantined and deleted successfully. C:\Windows\System32\ftp_non_crp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\ovfsth.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\Temp\msb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. Nach der löschung der 250 funde habe ich neugebootet. die meldungen kommen dennoch. was kann ich noch tun? Gruß ps: hoffentlich hab ich das nicht missverstanden das ich alle infos hier posten soll. ist doch eine menge. |
|
29.04.2009, 06:30
| #7 |
| | Probleme mit Trojaner Hi, bitte trotzdem Avenger wie beschrieben laufen lassen und auch den Fix mit HJ durchführen... Combofix Lade ComboFix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen. Weitere Anleitung unter:http://www.bleepingcomputer.com/comb...x-benutzt-wird Hinweis: unter : C:\WINDOWS\erdnt wird ein Backup angelegt. Alternative downloads: http://subs.geekstogo.com/ComboFix.exe prevx: http://www.prevx.com/freescan.asp Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters... ?C:\Program Files\Antispy\crack.exe? Dann noch eine Info am Rande, die aber nicht sehr gut ist: ftp_non_crp.exe ... This Process is a file infector which modifies program files to include a copy of the infection ... D. h. im Falle des Falles -> Neuaufsetzen... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
29.04.2009, 18:09
| #8 |
| | Probleme mit Trojaner hi, avenger: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "ovfsthxvmhrynvt" found! ImagePath: \systemroot\system32\drivers\ovfsthxrwoqxplg.sys Start Type: 1 (System) Rootkit scan completed. Completed script processing. ******************* Finished! Terminate. ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6001, Service Pack 1) Wed Apr 29 18:58:54 2009 18:58:54: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6001, Service Pack 1) Wed Apr 29 18:59:25 2009 18:59:25: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6001, Service Pack 1) Wed Apr 29 18:59:35 2009 18:59:35: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "ovfsthxvmhrynvt" found! ImagePath: \systemroot\system32\drivers\ovfsthxrwoqxplg.sys Start Type: 1 (System) Rootkit scan completed. Error: file "C:\Windows\TEMP\_A00FEAF9F.exe" not found! Deletion of file "C:\Windows\TEMP\_A00FEAF9F.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* |
|
29.04.2009, 19:04
| #9 |
| | Probleme mit Trojaner dieser ComboFix hat jetzt dreimal einen bluescreen verursacht. keine log datei. muss ich den vielleicht im abgesicherten modus machen? |
|
29.04.2009, 19:44
| #10 | |
| | Probleme mit TrojanerZitat:
so auch im abgesicherten modus gibts einen bluescreen. |
|
29.04.2009, 20:50
| #11 |
| | Probleme mit Trojaner Hi, da ist ein Rootkit am Werk... Gmer: http://www.trojaner-board.de/74908-anleitung-gmer-rootkit-scanner.html Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser beendet, wähle Copy und füge den Bericht ein. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
29.04.2009, 20:57
| #12 | |
| | Probleme mit TrojanerZitat:
GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-04-29 21:54:55 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- Code 87A1E110 ZwEnumerateKey Code 879CD110 ZwFlushInstructionCache Code 879DC10D IofCallDriver Code 876BE076 IofCompleteRequest ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 869301F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Services - GMER 1.0.15 ---- Service C:\Windows\system32\drivers\ovfsthxrwoqxplg.sys (*** hidden *** ) [SYSTEM] ovfsthxvmhrynvt <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- |
|
29.04.2009, 21:08
| #13 |
| | Probleme mit Trojaner Hi, shit, mal sehen wie lange der Akku vom Notebook noch mitmacht... Wir rücken ihm mit Avenger auf den Pelz... Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop: 2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Drivers to delete:
ovfsthxvmhrynvt
Files to delete:
C:\Windows\system32\drivers\ovfsthxrwoqxplg.sys
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Danach bitte sofort MAM hinterherjagen: Malwarebytes Antimalware (MAM). Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Fullscan und alles bereinigen lassen! Log posten. Alternativer Download: http://filepony.de/download-malwarebytes_anti_malware/, http://www.gt500.org/malwarebytes/mbam.jsp Poste beide Logs und noch ein neues Log von Gmer... Dann probieren wir nochmal Combofix... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
29.04.2009, 21:16
| #14 |
| | Probleme mit Trojaner Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "ovfsthxvmhrynvt" found! ImagePath: \systemroot\system32\drivers\ovfsthxrwoqxplg.sys Start Type: 4 (Disabled) Rootkit scan completed. Driver "ovfsthxvmhrynvt" deleted successfully. File "C:\Windows\system32\drivers\ovfsthxrwoqxplg.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. MAM scan läuft. schließ bitte dein netzteil an:-) ich brauch dich noch. |
|
29.04.2009, 21:19
| #15 |
| | Probleme mit Trojaner Hi, gut, ev. fängt jetzt schon Avira an zu motzen... Mache den Rest wie beschrieben und poste die Logs... Bis morgen, Akku ist fertig... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Probleme mit Trojaner |
| adobe, agere systems, antivir, antivirus, avg, avira, bho, browser, c:\windows\temp, disk director, encrypt, explorer, firefox, hijack, hijackthis, hkus\s-1-5-18, immer wieder, internet, internet explorer, löschen, mozilla, nvidia, ordner, pdf, plug-in, programme, rundll, software, system, temp, trojane, trojaner, tuneup.defrag, tuprogst.exe, vista, windows sidebar, windows\temp |
Linear-Darstellung
