| |
| |||||||
Log-Analyse und Auswertung: hijackthis, bitte weiterhelfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.07.2009, 13:33
| #13 |
 |  hijackthis, bitte weiterhelfen ich hoffe ich hab alles richtig gemacht. zu Code:
ATTFilter C:\Windows\msa.exe
c:\windows\system32\Ghost.pif <- Wurmverdacht!
C:\Windows\iun6002.exe
ghost.pif ist garnicht vorhanden finde ich nciht, die "suchfunktion" hat es auch nciht gefunden. iun6002.exe : Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 5.0.0.2 2009.07.30 -
AntiVir 7.9.0.234 2009.07.30 -
Antiy-AVL 2.0.3.7 2009.07.30 -
Authentium 5.1.2.4 2009.07.29 -
Avast 4.8.1335.0 2009.07.29 -
AVG 8.5.0.387 2009.07.30 -
BitDefender 7.2 2009.07.30 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.07.30 -
Comodo 1812 2009.07.30 -
DrWeb 5.0.0.12182 2009.07.30 -
eSafe 7.0.17.0 2009.07.29 -
eTrust-Vet 31.6.6647 2009.07.30 -
F-Prot 4.4.4.56 2009.07.29 -
F-Secure 8.0.14470.0 2009.07.30 -
Fortinet 3.120.0.0 2009.07.30 -
GData 19 2009.07.30 -
Ikarus T3.1.1.64.0 2009.07.30 -
Jiangmin 11.0.800 2009.07.30 -
K7AntiVirus 7.10.805 2009.07.29 -
Kaspersky 7.0.0.125 2009.07.30 -
McAfee 5692 2009.07.29 -
McAfee+Artemis 5692 2009.07.29 -
McAfee-GW-Edition 6.8.5 2009.07.30 -
Microsoft 1.4903 2009.07.30 -
NOD32 4290 2009.07.30 -
Norman 6.01.09 2009.07.29 -
nProtect 2009.1.8.0 2009.07.30 -
Panda 10.0.0.14 2009.07.30 -
PCTools 4.4.2.0 2009.07.29 -
Prevx 3.0 2009.07.30 -
Rising 21.40.32.00 2009.07.30 -
Sophos 4.44.0 2009.07.30 -
Sunbelt 3.2.1858.2 2009.07.29 -
Symantec 1.4.4.12 2009.07.30 -
TheHacker 6.3.4.3.378 2009.07.30 -
TrendMicro 8.950.0.1094 2009.07.30 -
VBA32 3.12.10.9 2009.07.30 -
ViRobot 2009.7.30.1861 2009.07.30 -
VirusBuster 4.6.5.0 2009.07.29 -
weitere Informationen
File size: 729088 bytes
MD5...: 80e41fbc33b6d5a605e53787de767048
SHA1..: dbf29b5f3a440bc38633de39f853ee7d73523682
SHA256: af3ba3406b220c70b855f98b2f5ffae87ff302e4abd03e967db346d75e0fb4d8
ssdeep: 12288:vpVgMjjZ6JvlAbDNuuGQx+yHqiDlgo2RxDnrceelv38GXKeauh0lobpA8:
v1x1HqiDlgboT//X3auxpA
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x5e905
timedatestamp.....: 0x3fb4ddab (Fri Nov 14 13:50:35 2003)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x83fee 0x84000 6.53 158c89f31f44c80fe31ceca9fb519df2
.rdata 0x85000 0x17f0e 0x18000 4.54 149a2b9760497a5270a82fc8e7464a0d
.data 0x9d000 0x1191c 0xe000 5.12 e21946808edf2e036ff480ec33bfde55
.rsrc 0xaf000 0x6778 0x7000 3.64 bf40d9f04b7f1f56903940535f80dee0
( 14 imports )
> WINMM.dll: waveOutGetNumDevs
> VERSION.dll: VerLanguageNameA, GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> KERNEL32.dll: GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, HeapFree, HeapAlloc, HeapReAlloc, GetTimeZoneInformation, GetSystemTime, GetLocalTime, ExitProcess, GetStartupInfoA, GetCommandLineA, GetACP, HeapSize, SetUnhandledExceptionFilter, GetEnvironmentVariableA, GlobalFlags, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStringTypeA, GetStringTypeW, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetErrorMode, LocalReAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetVersion, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, LockResource, FindResourceA, LoadResource, SystemTimeToFileTime, GetFileTime, FileTimeToSystemTime, WideCharToMultiByte, InterlockedDecrement, GetFullPathNameA, MoveFileA, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, GetTickCount, IsBadStringPtrA, FileTimeToLocalFileTime, FileTimeToDosDateTime, lstrcmpiA, LocalAlloc, LocalLock, LocalUnlock, GlobalReAlloc, IsDBCSLeadByte, lstrcatA, TlsGetValue, IsBadReadPtr, TlsFree, TlsSetValue, TlsAlloc, MultiByteToWideChar, GetPrivateProfileIntA, GlobalMemoryStatus, GetVolumeInformationA, GetComputerNameA, MoveFileExA, WritePrivateProfileStringA, GetPrivateProfileStringA, TerminateProcess, Sleep, GetDiskFreeSpaceA, lstrcmpA, GetCurrentDirectoryA, LoadLibraryExA, GetLogicalDriveStringsA, GetShortPathNameA, CopyFileA, FormatMessageA, LocalFree, CreateProcessA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, GetCurrentThread, GetCurrentProcess, GetWindowsDirectoryA, GetSystemDirectoryA, GetSystemDefaultLangID, GetDriveTypeA, MulDiv, InterlockedIncrement, FindNextFileA, FindFirstFileA, FindClose, RemoveDirectoryA, SetCurrentDirectoryA, CreateDirectoryA, GetFileAttributesA, SetFileAttributesA, WriteFile, ReadFile, CreateFileA, GetFileSize, SetFilePointer, SetEndOfFile, DeleteFileA, GetTempPathA, GetTempFileNameA, lstrcpyA, lstrlenA, lstrcpynA, ExpandEnvironmentStringsA, GetProcessVersion, GetModuleFileNameA, OpenProcess, CloseHandle, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetEnvironmentStrings, FreeEnvironmentStringsA, GetCurrentProcessId, FreeLibrary, GetVersionExA, GetLastError, SetLastError, HeapDestroy
> USER32.dll: UnpackDDElParam, ReuseDDElParam, SetMenu, LoadMenuA, DestroyMenu, ReleaseCapture, TranslateAcceleratorA, LoadAcceleratorsA, SetRectEmpty, GetMessageA, ValidateRect, GetCursorPos, PtInRect, FillRect, DrawFocusRect, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, ClientToScreen, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, MapWindowPoints, GetSysColor, GetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, IsWindowVisible, UnregisterClassA, GetTopWindow, GetCapture, WinHelpA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetKeyState, SetWindowsHookExA, CallNextHookEx, GetClassLongA, BringWindowToTop, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, GetWindow, SystemParametersInfoA, GetWindowPlacement, SetActiveWindow, CreateDialogIndirectParamA, GetParent, SetFocus, IsWindowEnabled, ShowWindow, MoveWindow, GetDlgCtrlID, IsDialogMessageA, SendDlgItemMessageA, GetDlgItem, UnhookWindowsHookEx, GetWindowTextLengthA, LoadStringA, WaitForInputIdle, SetDlgItemTextA, SetWindowTextA, SetForegroundWindow, EndDialog, DialogBoxParamA, GetActiveWindow, GetClassNameA, CharUpperA, OemToCharA, CharNextA, CharPrevA, CharUpperBuffA, SetCursor, IsIconic, DrawIcon, DestroyIcon, ExitWindowsEx, LoadCursorA, UpdateWindow, RedrawWindow, GetDesktopWindow, GetWindowTextA, EnumWindows, GetWindowThreadProcessId, PostMessageA, ShowOwnedPopups, GetSysColorBrush, SetPropA, SetWindowPos, MessageBoxA, MsgWaitForMultipleObjects, GetSystemMetrics, EnableWindow, InvalidateRect, GetClientRect, GetDC, ReleaseDC, GetWindowRect, LoadIconA, SendMessageTimeoutA, TranslateMessage, DispatchMessageA, PeekMessageA, PostQuitMessage, IsWindow, GetWindowLongA, DefWindowProcA, SetWindowLongA, GetClassInfoA, RegisterClassA, CreateWindowExA, SendMessageA, DestroyWindow, wsprintfA, RegisterWindowMessageA, GetNextDlgTabItem
> GDI32.dll: SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SelectObject, RestoreDC, SaveDC, CreateCompatibleDC, BitBlt, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, ScaleWindowExtEx, SetWindowExtEx, DeleteObject, StretchDIBits, RealizePalette, SelectPalette, Rectangle, GetDeviceCaps, CreateFontA, CreateBitmap, SetTextColor, GetClipBox, GetBkColor, SetBkColor, SetBkMode, CreateICA, DeleteDC, GetTextMetricsA, RemoveFontResourceA, CreatePalette, GetStockObject, AddFontResourceA, CreateSolidBrush, CreateFontIndirectA, GetObjectA, ScaleViewportExtEx
> comdlg32.dll: GetFileTitleA, GetOpenFileNameA, GetSaveFileNameA
> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter
> ADVAPI32.dll: GetServiceDisplayNameA, RegOpenKeyExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, LookupPrivilegeValueA, AdjustTokenPrivileges, LookupAccountSidA, GetUserNameA, OpenThreadToken, OpenProcessToken, GetTokenInformation, AllocateAndInitializeSid, EqualSid, FreeSid, UnlockServiceDatabase, OpenSCManagerA, EnumServicesStatusA, QueryServiceStatus, ControlService, StartServiceA, DeleteService, CloseServiceHandle, CreateServiceA, OpenServiceA, RegCloseKey, RegConnectRegistryA, RegEnumValueA, RegEnumKeyExA, RegQueryInfoKeyA, RegSetValueExA, RegQueryValueExA
> SHELL32.dll: DragFinish, SHChangeNotify, ShellExecuteA, SHBrowseForFolderA, SHGetFileInfoA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, DragQueryFileA
> COMCTL32.dll: -
> ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance
> OLEAUT32.dll: -, -
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> NETAPI32.dll: Netbios
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
|
| Themen zu hijackthis, bitte weiterhelfen |
| ad-aware, adobe, alles weg, antivir, antivirus, avg, avgnt, avgnt.exe, avira, bho, bonjour, browser, computer, explorer, google update, gupdate, hijack, hijackthis, internet, internet explorer, local\temp, malware, nvidia, plug-in, problem, safer networking, security, seiten, senden, software, syswow64, temp, tuneup.defrag, tuprogst.exe, windows, öffnet |
Baum-Darstellung