| |
| |||||||
Log-Analyse und Auswertung: Popups - mit LogfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.08.2009, 14:38
| #4 |
 |  Popups - mit Logfile Vielen, vielen Dank für die Antwort. gegen Ende der Ausführung kamen auch keine "hat ein Problem festgestellt und muss beendet werden. ... [Problembereicht senden] [Nicht senden]" Fenster mehr.  VirusTotal b.exe Code:
ATTFilter Datei b.exe empfangen 2009.08.12 06:25:04 (UTC)
Status: Beendet
Ergebnis: 16/41 (39.03%)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.08.12 Trojan-Downloader.Win32.Renos!IK
AhnLab-V3 5.0.0.2 2009.08.11 Win-Trojan/Agent.137728.BB
AntiVir 7.9.1.0 2009.08.11 TR/Renos.SD
Antiy-AVL 2.0.3.7 2009.08.12 -
Authentium 5.1.2.4 2009.08.12 -
Avast 4.8.1335.0 2009.08.11 -
AVG 8.5.0.406 2009.08.12 Generic14.UMQ
BitDefender 7.2 2009.08.12 -
CAT-QuickHeal 10.00 2009.08.12 -
ClamAV 0.94.1 2009.08.12 -
Comodo 1951 2009.08.12 TrojWare.Win32.TrojanDownloader.FraudPack.~GF
DrWeb 5.0.0.12182 2009.08.12 -
eSafe 7.0.17.0 2009.08.11 Suspicious File
eTrust-Vet 31.6.6672 2009.08.11 -
F-Prot 4.4.4.56 2009.08.11 -
F-Secure 8.0.14470.0 2009.08.11 Trojan-Downloader:W32/Renos.gen!C
Fortinet 3.120.0.0 2009.08.12 -
GData 19 2009.08.12 -
Ikarus T3.1.1.64.0 2009.08.12 Trojan-Downloader.Win32.Renos
Jiangmin 11.0.800 2009.08.12 -
K7AntiVirus 7.10.816 2009.08.11 -
Kaspersky 7.0.0.125 2009.08.12 -
McAfee 5706 2009.08.11 -
McAfee+Artemis 5706 2009.08.11 Artemis!83567A4C57D9
McAfee-GW-Edition 6.8.5 2009.08.11 Trojan.Renos.SD
Microsoft 1.4903 2009.08.12 TrojanDownloader:Win32/Renos.IO
NOD32 4327 2009.08.11 Win32/TrojanDownloader.FakeAlert.AGB
Norman 6.01.09 2009.08.11 -
nProtect 2009.1.8.0 2009.08.12 -
Panda 10.0.0.14 2009.08.11 Suspicious file
PCTools 4.4.2.0 2009.08.11 -
Prevx 3.0 2009.08.12 -
Rising 21.42.20.00 2009.08.12 Trojan.DL.Win32.Undef.pvb
Sophos 4.44.0 2009.08.12 Mal/EncPk-JD
Sunbelt 3.2.1858.2 2009.08.12 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.08.12 -
TheHacker 6.3.4.3.381 2009.08.11 -
TrendMicro 8.950.0.1094 2009.08.12 -
VBA32 3.12.10.9 2009.08.12 -
ViRobot 2009.8.12.1880 2009.08.12 -
VirusBuster 4.6.5.0 2009.08.11 -
weitere Informationen
File size: 137728 bytes
MD5...: 83567a4c57d9d33ca0a8ce9c4b8478f7
SHA1..: 67b798688e0160156c78b23cac7e130cc0dbc4de
SHA256: bbf2918ba95abd40dc22ff864dc23cae8b407bc1f206945b9270fac4f7b23256
ssdeep: 3072:r8oxAiwqH6AY0TS9WJZqFvVwMXnBU0CahYOIUmN:rXk4RnqFv/e0dYBU8
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x12c9
timedatestamp.....: 0x47a032cd (Wed Jan 30 08:18:21 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.taxt 0x1000 0x3ac0 0x3c00 5.15 986143a38ada4c18ed5dda210fda30ba
.rdata 0x5000 0x1a15b 0x1a200 7.36 51095c61d6214866d7122dbddd412b06
.eddta 0x20000 0x2315d 0x1200 0.19 1623129520ccf8b54ed603f393884bb4
.reaac 0x44000 0x182b 0x1200 0.32 c1e88798a30fcfe2b218ef581b303074
.iddaa 0x46000 0x97c 0x800 0.01 a523d3d84cdbe083db993b1db58747ab
( 4 imports )
> KERNEL32.DLL: GetStringTypeW, GetFileType, GetCPInfo, GlobalFree, GetStringTypeA, Sleep, lstrcmpA, GetStdHandle, ExitProcess, FreeLibrary, lstrcpyA, GetConsoleCP, GetFileSize, lstrcatA, GetModuleHandleA, lstrlenA, GetDateFormatA
> ADVAPI32.DLL: RegLoadKeyW, RegQueryValueA, RegDeleteKeyW, RegQueryInfoKeyA, RegEnumValueA, RegFlushKey, RegOpenKeyA, RegReplaceKeyA, RegCreateKeyExA, RegLoadKeyA, RegOpenKeyExW, RegQueryValueW, RegDeleteKeyA, RegEnumKeyW, RegGetKeySecurity, RegOpenKeyExA, RegEnumKeyExW, RegDeleteValueW, RegCreateKeyW
> USER32.DLL: EndDialog, LoadMenuA, LoadCursorA, GetMenu, AlignRects, DrawTextW, GetDC, DialogBoxParamW, IsMenu, GetWindowTextLengthA, AppendMenuW, DialogBoxParamA, BlockInput, CalcMenuBar, DrawIconEx, GetDlgItem, DrawTextA
> KERNEL32.DLL: GetConsoleCP, WideCharToMultiByte, GetConsoleCP, lstrcmpA, GetConsoleCP, DeleteFileA, GetConsoleCP, GetLocalTime, GetConsoleCP, GetStringTypeA, GetConsoleCP, lstrlenA, GetConsoleCP, GetCPInfo, GetConsoleCP, lstrcpyA, GetConsoleCP
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Code:
ATTFilter Datei msxml71.dll empfangen 2009.08.12 06:31:10 (UTC)
Status: Beendet
Ergebnis: 9/41 (21.96%)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.08.12 -
AhnLab-V3 5.0.0.2 2009.08.11 Win-Trojan/Fakealert.207364
AntiVir 7.9.1.0 2009.08.11 -
Antiy-AVL 2.0.3.7 2009.08.12 -
Authentium 5.1.2.4 2009.08.12 -
Avast 4.8.1335.0 2009.08.11 -
AVG 8.5.0.406 2009.08.12 Downloader.Banload.ANTN
BitDefender 7.2 2009.08.12 -
CAT-QuickHeal 10.00 2009.08.12 -
ClamAV 0.94.1 2009.08.12 -
Comodo 1951 2009.08.12 -
DrWeb 5.0.0.12182 2009.08.12 -
eSafe 7.0.17.0 2009.08.11 -
eTrust-Vet 31.6.6672 2009.08.11 -
F-Prot 4.4.4.56 2009.08.11 -
F-Secure 8.0.14470.0 2009.08.11 -
Fortinet 3.120.0.0 2009.08.12 -
GData 19 2009.08.12 -
Ikarus T3.1.1.64.0 2009.08.12 -
Jiangmin 11.0.800 2009.08.12 -
K7AntiVirus 7.10.816 2009.08.11 -
Kaspersky 7.0.0.125 2009.08.12 -
McAfee 5706 2009.08.11 -
McAfee+Artemis 5706 2009.08.11 -
McAfee-GW-Edition 6.8.5 2009.08.11 Heuristic.LooksLike.Trojan.Fakealert.H
Microsoft 1.4903 2009.08.12 TrojanDownloader:Win32/Renos.IO
NOD32 4327 2009.08.11 Win32/TrojanDownloader.FakeAlert.AGF
Norman 6.01.09 2009.08.11 -
nProtect 2009.1.8.0 2009.08.12 Trojan/W32.Agent.207364.B
Panda 10.0.0.14 2009.08.11 -
PCTools 4.4.2.0 2009.08.11 -
Prevx 3.0 2009.08.12 High Risk Fraudulent Security Program
Rising 21.42.20.00 2009.08.12 Trojan.DL.Win32.Undef.puk
Sophos 4.44.0 2009.08.12 -
Sunbelt 3.2.1858.2 2009.08.12 -
Symantec 1.4.4.12 2009.08.12 Trojan Horse
TheHacker 6.3.4.3.381 2009.08.11 -
TrendMicro 8.950.0.1094 2009.08.12 -
VBA32 3.12.10.9 2009.08.12 -
ViRobot 2009.8.12.1880 2009.08.12 -
VirusBuster 4.6.5.0 2009.08.11 -
weitere Informationen
File size: 207364 bytes
MD5...: 00facd1b971649a3df94468fd21f41df
SHA1..: 40080b6285bb9760eaf7026c7300c8585443aa78
SHA256: e912f39178cf1507b202d803c2332fee451b671f9a0e1aebe8d008b6c282dcc8
ssdeep: 6144:WPt5kYbWwW2bY//pleiulPKajAQcHJxBgtf:WP8YbqawRlChKaUHJzgtf
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1511
timedatestamp.....: 0x46153324 (Thu Apr 05 17:34:28 2007)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
DATA 0x1000 0x2402 0x2600 5.35 72ea398ce1632c3be61ae8d9834ea0a6
.rdata 0x4000 0xb71 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.INIT 0x5000 0x2edc5 0x2ee00 7.29 c26f8f6c1525b7aef3d94d6887338d21
.b0593 0x34000 0x7a0 0x800 3.69 baea8d2d08fffb86e557a2d7a1297c56
.edata 0x35000 0x24d 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
.rsrc 0x36000 0x3d97c 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
( 4 imports )
> ADVAPI32.DLL: RegCloseKey, RegEnumValueW, RegDeleteKeyA, RegLoadKeyA, RegReplaceKeyA, RegQueryValueA, RegCreateKeyW, RegEnumValueA, RegOpenKeyA, RegQueryValueExW, RegQueryValueW
> KERNEL32.DLL: CopyFileExA, FindFirstFileA, ReadConsoleA, FindAtomA, CopyFileA, GetLastError, DeleteFileA, OpenFileMappingA, GlobalFree, GetFileTime, DeleteFileW, CreateProcessA, Sleep, WriteFile, CreateThread
> KERNEL32.DLL: ReadConsoleW, CreateThread, GlobalFree, FindFirstFileA, ReadConsoleA, FindAtomA, GetStdHandle, ExitThread, ReadFile, CreateDirectoryA, Sleep, GetFileSize, CopyFileA, GetCPInfo, GetComputerNameA, CreateProcessA, OpenFile, GetFileTime, DeleteFileW
> KERNEL32.DLL: ExitThread, ReadFile, CopyFileExW, CopyFileExA, CopyFileW, FindFirstFileA, GlobalFree, OpenFileMappingA, CopyFileA, DeleteFileA, OpenFile
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=67B5A376046C83992A2003D307F9CC007119C655' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=67B5A376046C83992A2003D307F9CC007119C655</a>
Code:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\DOKUME~1\***\LOKALE~1\Temp\b.exe" deleted successfully.
File "C:\WINDOWS\system32\msxml71.dll" deleted successfully.
Folder "C:\DOKUME~1\***\LOKALE~1\Temp" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
|
| Themen zu Popups - mit Logfile |
| adobe, avg, avg free, bho, bonjour, computer, e-mail, error, explorer, gen 2, generic, hijack, hijackthis, hkus\s-1-5-18, home, internet, internet explorer, keygen, logfile, magix, nicht sicher, opera, popup, popups, rundll, shell32.dll, system, temp, virus, windows, windows xp |
Baum-Darstellung