| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus oder Falscher Alarm?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.05.2009, 00:53
| #1 |
| |  Virus oder Falscher Alarm? Hallo, mein kleiner Bruder hat leider was während meiner Abwesenheit heruntergeladen und Installiert, mein Virenscanner hat zwar keinen Alarm geschlagen, trotzdem habe ich den Installer mal durch virustotal laufen lassen und siehe da: Code:
ATTFilter Datei fo-fr298.exe empfangen 2009.05.17 20:43:07 (CET)
Status: Beendet
Ergebnis: 3/40 (7.50%)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.05.17 -
AhnLab-V3 5.0.0.2 2009.05.16 -
AntiVir 7.9.0.168 2009.05.17 -
Antiy-AVL 2.0.3.1 2009.05.15 -
Authentium 5.1.2.4 2009.05.17 -
Avast 4.8.1335.0 2009.05.16 -
AVG 8.5.0.336 2009.05.16 -
BitDefender 7.2 2009.05.17 -
CAT-QuickHeal 10.00 2009.05.15 Backdoor.Small.hvo
ClamAV 0.94.1 2009.05.16 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.17 -
eSafe 7.0.17.0 2009.05.17 -
eTrust-Vet 31.6.6508 2009.05.16 -
F-Prot 4.4.4.56 2009.05.17 -
F-Secure 8.0.14470.0 2009.05.16 -
Fortinet 3.117.0.0 2009.05.17 -
GData 19 2009.05.17 -
Ikarus T3.1.1.49.0 2009.05.17 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.17 -
McAfee 5618 2009.05.17 -
McAfee+Artemis 5618 2009.05.17 -
McAfee-GW-Edition 6.7.6 2009.05.17 -
Microsoft 1.4602 2009.05.17 -
NOD32 4080 2009.05.15 -
Norman 6.01.05 2009.05.16 -
nProtect 2009.1.8.0 2009.05.17 -
Panda 10.0.0.14 2009.05.17 -
PCTools 4.4.2.0 2009.05.17 -
Prevx 3.0 2009.05.17 -
Rising 21.29.62.00 2009.05.17 -
Sophos 4.41.0 2009.05.17 -
Sunbelt 3.2.1858.2 2009.05.17 -
Symantec 1.4.4.12 2009.05.17 -
TheHacker 6.3.4.1.326 2009.05.17 Backdoor/Small.hzg
TrendMicro 8.950.0.1092 2009.05.15 -
VBA32 3.12.10.5 2009.05.17 Backdoor.Win32.Small.hzj
ViRobot 2009.5.15.1737 2009.05.15 -
VirusBuster 4.6.5.0 2009.05.17 -
Bitte um Hilfe. Beste Grüße hier der Link: virustotal.com/de/analisis/18c5bcc0597023a9d9ea6ffe5f4ee2a1 |
|
18.05.2009, 07:25
| #2 |
  | Virus oder Falscher Alarm? Hallo... und
__________________ Führe folgende Programme aus: - Ccleaner - Malewarebytes - Superantispyware - Blacklight scannen lassen
4.) Erstelle mit HijackThis eine Liste der installierten Programme Hijackthis starten --> klicke "Open the Misc Tool Section" --> klicke "Misc Tools" --> klicke "Open uninstall Manager" --> klicke "Save List"
__________________ |
|
18.05.2009, 15:33
| #3 |
| | Virus oder Falscher Alarm? Hallo, danke erstmal für deine Hilfe,
__________________- CCleaner durchlaufen lassen. - Malwarebytes hat eine Regdata gefunden. Problem wurde behoben: Code:
ATTFilter Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
(Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Code:
ATTFilter 05/18/09 03:04:26 [Info]: BlackLight Engine 2.2.1092 initialized
05/18/09 03:04:26 [Info]: OS: 6.0 build 6001 (Service Pack 1)
05/18/09 03:04:26 [Note]: 7019 4
05/18/09 03:04:26 [Note]: 7005 0
05/18/09 03:12:32 [Note]: 7006 0
05/18/09 03:12:32 [Note]: 7027 0
05/18/09 03:12:34 [Note]: 7035 0
05/18/09 03:12:34 [Note]: 7026 0
05/18/09 03:12:34 [Note]: 7026 0
05/18/09 03:12:35 [Note]: FSRAW library version 1.7.1024
05/18/09 03:12:54 [Note]: 4015 77642
05/18/09 03:12:54 [Note]: 4027 77642 524288
05/18/09 03:12:54 [Note]: 4020 51015 393216
05/18/09 03:12:54 [Note]: 4018 51015 393216
05/18/09 03:18:33 [Note]: 4015 162107
05/18/09 03:18:33 [Note]: 4027 162107 262144
05/18/09 03:18:33 [Note]: 4020 10687 131072
05/18/09 03:18:33 [Note]: 4018 10687 131072
05/18/09 03:18:53 [Note]: 4015 548
05/18/09 03:18:53 [Note]: 4027 548 131072
05/18/09 03:18:53 [Note]: 4020 540 196608
05/18/09 03:18:53 [Note]: 4018 540 196608
05/18/09 03:20:30 [Note]: 4015 1658
05/18/09 03:20:30 [Note]: 4027 1658 65536
05/18/09 03:20:30 [Note]: 4020 608 65536
05/18/09 03:20:30 [Note]: 4018 608 65536
05/18/09 03:25:28 [Note]: 4015 2469
05/18/09 03:25:28 [Note]: 4027 2469 65536
05/18/09 03:25:28 [Note]: 4020 608 65536
05/18/09 03:25:28 [Note]: 4018 608 65536
05/18/09 10:59:50 [Note]: 7007 0
- Hijacklog der Installieren Programme Code:
ATTFilter 2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3DMark06
Active@ ISO Burner v 1.7
Adobe AIR
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe Reader 9 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AGEIA PhysX v7.09.13
Apple Software Update
ATI PCI Express (3GIO) Filter Driver
ATITool Overclocking Utility
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Catalyst Control Center - Branding
CCleaner (remove only)
Choice Guard
Connect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DOSShell 1.4
fonomo-pidgin 0.1.5
Fraps (remove only)
Free YouTube to Mp3 Converter version 3.1
FreePDF XP (Remove only)
G15_TeamSpeak (NSIS)
GTK+ Runtime 2.14.7 rev a (nur entfernen)
HijackThis 2.0.2
HWiNFO32 Version 2.38
Java(TM) 6 Update 13
kuler
Last.fm 1.5.4.24567
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.21)
MSVCRT
Napster
Napster Burn Engine
Nettalk 6.5
PDF Settings CS4
Photoshop Camera Raw
Pidgin
PixiePack Codec Pack
QuickTime
Real Alternative 1.8.2
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
sipgate X-Lite 1105c ger
Skype™ 4.0
SpeedFan (remove only)
Suite Shared Configuration CS4
Sun Java Runtime Environment and JMF
SUPERAntiSpyware Free Edition
TeamSpeak 2 RC2
TextMaker Viewer
Trillian
TrueCrypt
Trust WB-1400T Webcam
UltraVNC 1.0.5.3
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VideoLAN VLC media player 0.8.6i
VMware Workstation
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live-Uploadtool
World of Warcraft
World of Warcraft FREE Trial
XviD MPEG-4 Video Codec
You Don't Know Jack 4 1.00
Zattoo 3.3.1 Beta
 Sind die Funde von den Antivirendienste denn besorgniserregend? Habe auch mal den Onlinevirencheck bei CAT-QuickHeal gemacht, wo ganz abenteuerliche / viele Viren gefunden wurde (habe leider vergessen / es irgnoriert welche), von Programmen die - gehe ich mal von aus - sicher nicht mit Viren verseucht waren (Napster.exe zB war irgendein Trojan). War auch nicht der selbe Virus wie der, der in dem Installer gefunden wurde.Ps. Hier noch der normale Hijack-log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:59:52, on 18.05.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\PixArt\Pac207\Monitor.exe C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\sipgate X-Lite\sipgateXLite.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\conime.exe C:\Users\Michael\Downloads\HiJackThis.exe C:\Windows\SysWOW64\notepad.exe C:\Program Files\iTunes\iTunes.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: sipgate X-Lite.lnk = C:\Program Files (x86)\sipgate X-Lite\sipgateXLite.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {09175D10-323C-4127-A679-5FA02855A4B2} (onlnscan Control) - http://download6.quickheal.com/onlnscan/nt/activex/onlnscan.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8054 bytes Geändert von jkcgn1 (18.05.2009 um 16:04 Uhr) |
|
| Themen zu Virus oder Falscher Alarm? |
| abwesenheit, aktualisierung, alarm, artemis, auswertung, beste, bruder, code, datei, defender, empfangen, gen 2, hijack, installer, installiert, kleiner, laufen, link, nichts, scan, scanner, sorge, virenscan, virenscanner, virus, virustotal |
Linear-Darstellung
