Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Koobface + services.exe absturz pp11.exe ld12.exe etc

Koobface + services.exe absturz pp11.exe ld12.exe etc


Plagegeister aller Art und deren Bekämpfung: Koobface + services.exe absturz pp11.exe ld12.exe etc

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 25.08.2009, 18:43   #3
nerd_90
 
Koobface + services.exe absturz pp11.exe ld12.exe etc - Standard

Koobface + services.exe absturz pp11.exe ld12.exe etc


spybot search & destroy hat nix mehr gefunden.

naja danke schonmal
//seltsam posts falsch?

So nunmal zu meinem Problem.

Gestern bemerkte ich das Koobface (ld12.exe) sich seltsamerweise auf meinem System befindet.Beim ersten Booten des systems habe ich bemerkt,das die firefox.exe nicht mehr vorhanden war,hab dann in den taskmgr geschaut und bemerkt das ld12.exe aktiv ist.
hab dann ld12.exe im abgesicherten modus entfernt.
und Malwarebytes drüberlaufen lassen.
alles in quaratäne geschoben+deleted.

so nun hab ich versucht im normalen modus zu starten und dann bin ich nicht weiter gekommen als services.exe musste beendet werden blabla.gefolgt von einem zwangsreboot.nunja jetzt hab ich mir über abgesicherten modus mit netzwerkunterstützung firefox draufgeschmissen,und suche hier nach hilfe. (möglisch ohne neuaufsetzung des systems). Used winversion. XP prof sp2

hab schon oft mit malware kämpfen müssen,aber habs bisher alles ohne hilfe geschafft. naja hoffe hier finden sich helfer,die dafür bereit sind.

HJT Log:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:28, on 25.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O1 - Hosts: 89.149.209.11 3xlcash.tut
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [vmware-tray] E:\Programme\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "E:\Programme\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Programme\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware  (reboot)] "E:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.wmtransfer.com/WMAcceptor.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200789413515
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: awtqoPhH - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - C:\Programme\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Programme\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PMBot 2 (pmbot2) - The PHP Group - E:\xampp\php\php.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\Programme\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - e:\xampp\service.exe

--
End of file - 7831 bytes
Malwarebyteslog 1:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2690
Windows 5.1.2600 Service Pack 2 (Safe Mode)

24.8.2009 23:07:07
mbam-log-2009-08-24 (23-07-07).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|H:\|)
Durchsuchte Objekte: 158176
Laufzeit: 30 minute(s), 44 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 70

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:

C:\Dokumente und Einstellungen\Lux\Desktop\BITS Downloader\found\ld12.exfe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085210.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085253.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085254.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085358.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085360.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085376.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085377.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085634.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085648.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085649.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085664.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085677.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085680.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085771.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085787.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085801.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085802.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085803.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085804.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085822.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085832.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085856.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085861.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085935.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085936.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0085939.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086144.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086217.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086247.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086254.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086315.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086327.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086402.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086424.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086446.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086488.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086490.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086491.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086545.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086583.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086605.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086606.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086614.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086625.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086696.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086716.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086757.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086788.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086862.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086865.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086903.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086917.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086942.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0086984.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0087013.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0087038.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0087058.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0089012.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0089013.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0089019.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0089021.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0089023.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP82\A0089121.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP82\A0089223.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvtx86.aqmgu (Rootkit.Agent.C) -> Quarantined and deleted successfully.
E:\myterous exe's\ld12.exfe (Worm.Koobface) -> Quarantined and deleted successfully.
E:\myterous exe's\pp11.exfe (Worm.KoobFace) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0089014.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{7644A9BB-9F9E-4D95-A061-6AF3174EB10C}\RP81\A0089015.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
__________________
Geändert von nerd_90 (25.08.2009 um 18:50 Uhr)

 

Themen zu Koobface + services.exe absturz pp11.exe ld12.exe etc
1.exe, 8.tmp, absturz, administrator, code, content.ie5, crypto, desktop, dllcache, einstellungen, firefox, gen, gesperrt, internet, kaspersky, logfile, microsoft, mozilla, ntfs.sys, online, scan, security, services.exe, software, spybot, system, system volume information, system32, temp, virus.win32.virut.ce, windows


« Komische .exe Dateien, wie z.B. C:\1148,188.exe | Windows möchte Festplatte formatieren!!! »


Ähnliche Themen: Koobface + services.exe absturz pp11.exe ld12.exe etc


  1. Facebook Virus (Koobface oder so)
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (36)
  2. Worm.Koobface - bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (32)
  3. Worm.KoobFace --> HJT-Logfile
    Log-Analyse und Auswertung - 30.12.2010 (17)
  4. Mehrere Trojaner +koobface gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (38)
  5. Koobface-Abkömmling als Trojaner für Mac OS X
    Nachrichten - 28.10.2010 (0)
  6. Nachricht von der Koobface-Gang
    Nachrichten - 18.05.2010 (0)
  7. WORM/Koobface.cc u.a. gefunden
    Log-Analyse und Auswertung - 06.12.2009 (43)
  8. Worm.KoobFace, Trojan.BHO auf dem System :(
    Plagegeister aller Art und deren Bekämpfung - 05.12.2009 (17)
  9. Worm.KoobFace in C:\Windows
    Log-Analyse und Auswertung - 04.12.2009 (7)
  10. Fund von TR/REG.koobface.89
    Plagegeister aller Art und deren Bekämpfung - 20.11.2009 (4)
  11. Worm/Koobface.cif
    Log-Analyse und Auswertung - 28.10.2009 (1)
  12. services.exe füllt Arbeitsspeicher bis zum Absturz
    Log-Analyse und Auswertung - 09.10.2009 (0)
  13. Wurm = Net-Worm.Koobface.ze
    Plagegeister aller Art und deren Bekämpfung - 06.07.2009 (0)
  14. Koobface Wurm eingefangen
    Mülltonne - 01.01.2009 (0)
  15. services.exe hat ein problem festgestellt... danach folgt 1:00min bis absturz.
    Plagegeister aller Art und deren Bekämpfung - 25.05.2007 (2)
  16. Generetic host process for win32 services (bex netapi32.dll)(inet absturz fehler)
    Plagegeister aller Art und deren Bekämpfung - 11.05.2007 (5)
  17. Host Generic Services Absturz - Trojaner/Wurm????
    Plagegeister aller Art und deren Bekämpfung - 16.08.2006 (36)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Koobface + services.exe absturz pp11.exe ld12.exe etc - spybot search & destroy hat nix mehr gefunden. naja danke schonmal //seltsam posts falsch? So nunmal zu meinem Problem. Gestern bemerkte ich das Koobface (ld12.exe) sich seltsamerweise auf meinem System - Koobface + services.exe absturz pp11.exe ld12.exe etc...
Archiv
Du betrachtest: Koobface + services.exe absturz pp11.exe ld12.exe etc auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19