Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   FF & Safari lädt keine AVir Seiten mehr (https://www.trojaner-board.de/67268-ff-safari-laedt-keine-avir-seiten-mehr.html)

richie77 26.12.2008 21:06
FF & Safari lädt keine AVir Seiten mehr
 
So ich denke mal nun ist es offiziell, mein Rechner ist doch infiziert. Ich nehm auch zurück was ich shadow in einem anderen Thread dahingehen gesagt habe:


Zitat:
an shadow => Übrigens: NUR Firefox ist problematisch im Bereich von Google-Verlinkungen. Safari zB ist problemlos. Ich denke also nicht, das von extremer Gefährdung schon die Rede sein sollte.
Da ist ja gefährlicher, dass ich Windows seit 2 Jahren nicht mehr formatiert habe
Wie im Titel erwähnt kann kein Zugriff mehr auf Seiten mit Antiviren oder Antispy-Programmen erfolgen. Der Aufbau der Seiten geht teilweise quälend langsam. Ich dachte heute schon, dass ich es geschafft habe, nachdem ich alte Fragmente von ICQ gelöscht habe, aber das war nur von kurzer Dauer...

Hier mein HJT logfile:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:50, on 26.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Notebook Hardware Control\nhc.exe
C:\Programme\HP DVD\Umbrella\DVDTray.exe
C:\Programme\Dell\QuickSet\Quickset.exe
C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Safari\Safari.exe
c:\dell\E-center\gtb2.exe
c:\dell\E-center\gtb.exe
c:\dell\E-center\gtb2.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
c:\dell\E-center\gtb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = w*w.google.ch/ig/dell?hl=de&client=dell-row&channel=ch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.google.ch/hws/sb/dell-row/de/side.html?channel=ch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.ch/hws/sb/dell-row/de/side.html?channel=ch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.ch/hws/sb/dell-row/de/side.html?channel=ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = w*w.google.ch/ig/dell?hl=de&client=dell-row&channel=ch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [DVDTray] "C:\Programme\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Programme\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: h**p://solutions.3united.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD37E0A-08D2-4F85-867F-25C9A6384DC8}: NameServer = 213.163.230.1,213.163.231.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -  - C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13479 bytes
Das log wurde durchsucht, ich hoffe ich habe keine Namen oder Links übersehen. Ansonsten wäre ein Hinweis sehr nett :)

Ich stelle das jetzt hier rein und werde noch versuchen das Malwarebytes Anti-Malware laufen zu lassen.

System:
Dell XPS M1710
Win XP Professional V2002 SP3
Intel CoreDuo T2500 @ 2,00GHz
2,00 GB RAM
Nvidia GeForce 7900 GTX @ 512 MB RAM

Browser
Firefox 3.0.5
Safari 3.2.1

richie77 27.12.2008 11:09
Nachtrag:

Malwarebytes Programm lässt sich nicht ausführen. Auch nicht im abgesicherten Modus... :heulen:

richie77 27.12.2008 19:07
Ich weiss, ihr habt sicher viel um die Ohren. Vielleicht findet jemand die Zeit sich dem ganzen zu widmen. Danke!

Aggro Berlin 27.12.2008 19:49
Hallo,

werte bitte diese Datei bei VirusTotal - Kostenloser online Viren- und Malwarescanner. Anschließend alles reinkopieren was auf der Seite zu sehen ist.

Code:
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

5.) Poste ein neues Hijackthis Logfile, nimm dazu diese umbenannte hijackthis.exe
Editiere die Links und privaten Infos!!

richie77 27.12.2008 20:54
*hust* danke aggro berlin!

aber ich komm doch auf die seite gar nicht rein! :heulen:

kann mit dem hjt-log das oben steht nichts gemacht werden?

richie77 28.12.2008 19:24
so. hab auf einem zweitrechner die virustotal seite besucht. dort wird angeboten, dass man dateien via e-mail schicken kann, um diese zu scannen.

ich finde das eine wichtige information, da doch einige wie ich das problem haben, nicht auf die seite selbst für den scan zugreifen zu können!

Anleitung von Virustotal.com
Zitat:
Erstellen Sie eine neue E-Mail mit der Empfängeradresse scan@virustotal.com
1. Als Betreff der E-Mail tragen Sie bitte SCAN ein.
2. Hängen Sie die verdächtige Datei an die erstellte E-Mail an. Als Größenlimit sind 20 MByte festgelegt. E-Mails, welche diese Größe überschreiten werden vom System verworfen.
3. Nach Analyse erhalten Sie sofort einen Bericht zum Dateiscan. Die Antwortzeiten des Systems hängen zum Zeitpunkt ihrer Analyseanfrage von der momentanen Auslastung unserer Serversysteme ab.
ich habe die von Aggro Berlin benannten Dateien eingesendet. folgendes kam zurück:

Code:
Complete scanning result of "rundll32.exe", processed in VirusTotal at 12/28/2008 19:16:14 (CET).

[ file data ]
* name..: rundll32.exe
* size..: 33792
* md5...: f6b34cd47caf6d68106b9f8055f35c50
* sha1..: b20d4ccb44bbb2b1de1e8d61d4152b9553571841
* peid..: -

[ scan result ]
a-squared        4.0.0.73/20081228        found nothing
AhnLab-V3        2008.12.25.0/20081227        found nothing
AntiVir        7.9.0.45/20081228        found nothing
Authentium        5.1.0.4/20081228        found nothing
Avast        4.8.1281.0/20081228        found nothing
AVG        8.0.0.199/20081228        found nothing
BitDefender        7.2/20081228        found nothing
CAT-QuickHeal        10.00/20081227        found nothing
ClamAV        0.94.1/20081228        found nothing
Comodo        834/20081228        found nothing
DrWeb        4.44.0.09170/20081228        found nothing
eSafe        7.0.17.0/20081228        found nothing
eTrust-Vet        31.6.6276/20081224        found nothing
Ewido        4.0/20081228        found nothing
F-Prot        4.4.4.56/20081227        found nothing
F-Secure        8.0.14332.0/20081228        found nothing
Fortinet        3.117.0.0/20081228        found nothing
GData        19/20081228        found nothing
Ikarus        T3.1.1.45.0/20081228        found nothing
K7AntiVirus        7.10.568/20081227        found nothing
Kaspersky        7.0.0.125/20081228        found nothing
McAfee        5477/20081228        found nothing
McAfee+Artemis        5477/20081228        found nothing
Microsoft        1.4205/20081228        found nothing
NOD32        3719/20081227        found nothing
Norman        5.80.02/20081226        found nothing
Panda        9.0.0.4/20081228        found nothing
PCTools        4.4.2.0/20081228        found nothing
Prevx1        V2/20081228        found nothing
Rising        21.09.62.00/20081228        found nothing
SecureWeb-Gateway        6.7.6/20081228        found nothing
Sophos        4.37.0/20081228        found nothing
Sunbelt        3.2.1809.2/20081222        found nothing
Symantec        10/20081228        found nothing
TheHacker        6.3.1.4.201/20081228        found nothing
TrendMicro        8.700.0.1004/20081226        found nothing
VBA32        3.12.8.10/20081228        found nothing
ViRobot        2008.12.26.1536/20081226        found nothing
VirusBuster        4.5.11.0/20081228        found nothing

[ notes ]
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f6b34cd47caf6d68106b9f8055f35c50
Code:
Complete scanning result of "stsystra.exe", processed in VirusTotal at 12/28/2008 19:15:56 (CET).

[ file data ]
* name..: stsystra.exe
* size..: 282624
* md5...: ad2506958de1937c16c553c0a1be0572
* sha1..: d89d3b381f249df4e057a7d02b8e7f9073ec75c9
* peid..: Armadillo v1.71

[ scan result ]
a-squared        4.0.0.73/20081228        found nothing
AhnLab-V3        2008.12.25.0/20081227        found nothing
AntiVir        7.9.0.45/20081228        found nothing
Authentium        5.1.0.4/20081228        found nothing
Avast        4.8.1281.0/20081228        found nothing
AVG        8.0.0.199/20081228        found nothing
BitDefender        7.2/20081228        found nothing
CAT-QuickHeal        10.00/20081227        found nothing
ClamAV        0.94.1/20081228        found nothing
Comodo        834/20081228        found nothing
DrWeb        4.44.0.09170/20081228        found nothing
eSafe        7.0.17.0/20081228        found nothing
eTrust-Vet        31.6.6276/20081224        found nothing
Ewido        4.0/20081228        found nothing
F-Prot        4.4.4.56/20081227        found nothing
F-Secure        8.0.14332.0/20081228        found nothing
Fortinet        3.117.0.0/20081228        found nothing
GData        19/20081228        found nothing
Ikarus        T3.1.1.45.0/20081228        found nothing
K7AntiVirus        7.10.568/20081227        found nothing
Kaspersky        7.0.0.125/20081228        found nothing
McAfee        5477/20081228        found nothing
McAfee+Artemis        5477/20081228        found nothing
Microsoft        1.4205/20081228        found nothing
NOD32        3719/20081227        found nothing
Norman        5.80.02/20081226        found nothing
Panda        9.0.0.4/20081228        found nothing
PCTools        4.4.2.0/20081228        found nothing
Prevx1        V2/20081228        found nothing
Rising        21.09.62.00/20081228        found nothing
SecureWeb-Gateway        6.7.6/20081228        found nothing
Sophos        4.37.0/20081228        found nothing
Sunbelt        3.2.1809.2/20081222        found nothing
Symantec        10/20081228        found nothing
TheHacker        6.3.1.4.201/20081228        found nothing
TrendMicro        8.700.0.1004/20081226        found nothing
VBA32        3.12.8.10/20081228        found nothing
ViRobot        2008.12.26.1536/20081226        found nothing
VirusBuster        4.5.11.0/20081228        found nothing
Code:
Complete scanning result of "tcpsvcs.exe", processed in VirusTotal at 12/28/2008 19:15:46 (CET).

[ file data ]
* name..: tcpsvcs.exe
* size..: 19456
* md5...: 7a1a532f14fde28489dc349c6e404a67
* sha1..: a4d764eb6ba806b461aa0b148e1cb7dbf9daa564
* peid..: -

[ scan result ]
a-squared        4.0.0.73/20081228        found nothing
AhnLab-V3        2008.12.25.0/20081227        found nothing
AntiVir        7.9.0.45/20081228        found nothing
Authentium        5.1.0.4/20081228        found nothing
Avast        4.8.1281.0/20081228        found nothing
AVG        8.0.0.199/20081228        found nothing
BitDefender        7.2/20081228        found nothing
CAT-QuickHeal        10.00/20081227        found nothing
ClamAV        0.94.1/20081228        found nothing
Comodo        834/20081228        found nothing
DrWeb        4.44.0.09170/20081228        found nothing
eSafe        7.0.17.0/20081228        found nothing
eTrust-Vet        31.6.6276/20081224        found nothing
Ewido        4.0/20081228        found nothing
F-Prot        4.4.4.56/20081227        found nothing
F-Secure        8.0.14332.0/20081228        found nothing
Fortinet        3.117.0.0/20081228        found nothing
GData        19/20081228        found nothing
Ikarus        T3.1.1.45.0/20081228        found nothing
K7AntiVirus        7.10.568/20081227        found nothing
Kaspersky        7.0.0.125/20081228        found nothing
McAfee        5477/20081228        found nothing
McAfee+Artemis        5477/20081228        found nothing
Microsoft        1.4205/20081228        found nothing
NOD32        3719/20081227        found nothing
Norman        5.80.02/20081226        found nothing
Panda        9.0.0.4/20081228        found nothing
PCTools        4.4.2.0/20081228        found nothing
Prevx1        V2/20081228        found nothing
Rising        21.09.62.00/20081228        found nothing
SecureWeb-Gateway        6.7.6/20081228        found nothing
Sophos        4.37.0/20081228        found nothing
Sunbelt        3.2.1809.2/20081222        found nothing
Symantec        10/20081228        found nothing
TheHacker        6.3.1.4.201/20081228        found nothing
TrendMicro        8.700.0.1004/20081226        found nothing
VBA32        3.12.8.10/20081228        found nothing
ViRobot        2008.12.26.1536/20081226        found nothing
VirusBuster        4.5.11.0/20081228        found nothing

[ notes ]
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=7a1a532f14fde28489dc349c6e404a67
Code:
Complete scanning result of "PnkBstrA.exe", processed in VirusTotal at 12/28/2008 19:14:54 (CET).

[ file data ]
* name..: PnkBstrA.exe
* size..: 66872
* md5...: 831883b107684301f48ace752c963984
* sha1..: c3c4cb668c12cd267e6cf56e35ca3b29c768a71c
* peid..: -

[ scan result ]
a-squared        4.0.0.73/20081228        found nothing
AhnLab-V3        2008.12.25.0/20081227        found nothing
AntiVir        7.9.0.45/20081228        found nothing
Authentium        5.1.0.4/20081228        found nothing
Avast        4.8.1281.0/20081228        found nothing
AVG        8.0.0.199/20081228        found nothing
BitDefender        7.2/20081228        found nothing
CAT-QuickHeal        10.00/20081227        found nothing
ClamAV        0.94.1/20081228        found nothing
Comodo        834/20081228        found nothing
DrWeb        4.44.0.09170/20081228        found nothing
eSafe        7.0.17.0/20081228        found nothing
eTrust-Vet        31.6.6276/20081224        found nothing
Ewido        4.0/20081228        found nothing
F-Prot        4.4.4.56/20081227        found nothing
F-Secure        8.0.14332.0/20081228        found nothing
Fortinet        3.117.0.0/20081228        found nothing
GData        19/20081228        found nothing
Ikarus        T3.1.1.45.0/20081228        found nothing
K7AntiVirus        7.10.568/20081227        found nothing
Kaspersky        7.0.0.125/20081228        found nothing
McAfee        5477/20081228        found nothing
McAfee+Artemis        5477/20081228        found nothing
Microsoft        1.4205/20081228        found nothing
NOD32        3719/20081227        found nothing
Norman        5.80.02/20081226        found nothing
Panda        9.0.0.4/20081228        found nothing
PCTools        4.4.2.0/20081228        found nothing
Prevx1        V2/20081228        found nothing
Rising        21.09.62.00/20081228        found nothing
SecureWeb-Gateway        6.7.6/20081228        found nothing
Sophos        4.37.0/20081228        found nothing
Sunbelt        3.2.1809.2/20081222        found nothing
Symantec        10/20081228        found nothing
TheHacker        6.3.1.4.201/20081228        found nothing
TrendMicro        8.700.0.1004/20081226        found nothing
VBA32        3.12.8.10/20081228        found nothing
ViRobot        2008.12.26.1536/20081226        found nothing
VirusBuster        4.5.11.0/20081228        found nothing

[ notes ]
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=831883b107684301f48ace752c963984
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=831883b107684301f48ace752c963984
Code:
Complete scanning result of "HPZipm12.exe", processed in VirusTotal at 12/28/2008 19:14:45 (CET).

[ file data ]
* name..: HPZipm12.exe
* size..: 69632
* md5...: 9d84376931440f3679beef2a414fa493
* sha1..: fdc37ab1558881de5c444e9a7f560a5b5c5a04d2
* peid..: Armadillo v1.71

[ scan result ]
a-squared        4.0.0.73/20081228        found nothing
AhnLab-V3        2008.12.25.0/20081227        found nothing
AntiVir        7.9.0.45/20081228        found nothing
Authentium        5.1.0.4/20081228        found nothing
Avast        4.8.1281.0/20081228        found nothing
AVG        8.0.0.199/20081228        found nothing
BitDefender        7.2/20081228        found nothing
CAT-QuickHeal        10.00/20081227        found nothing
ClamAV        0.94.1/20081228        found nothing
Comodo        834/20081228        found nothing
DrWeb        4.44.0.09170/20081228        found nothing
eSafe        7.0.17.0/20081228        found nothing
eTrust-Vet        31.6.6276/20081224        found nothing
Ewido        4.0/20081228        found nothing
F-Prot        4.4.4.56/20081227        found nothing
F-Secure        8.0.14332.0/20081228        found nothing
Fortinet        3.117.0.0/20081228        found nothing
GData        19/20081228        found nothing
Ikarus        T3.1.1.45.0/20081228        found nothing
K7AntiVirus        7.10.568/20081227        found nothing
Kaspersky        7.0.0.125/20081228        found nothing
McAfee        5477/20081228        found nothing
McAfee+Artemis        5477/20081228        found nothing
Microsoft        1.4205/20081228        found nothing
NOD32        3719/20081227        found nothing
Norman        5.80.02/20081226        found nothing
Panda        9.0.0.4/20081228        found nothing
PCTools        4.4.2.0/20081228        found nothing
Prevx1        V2/20081228        found nothing
Rising        21.09.62.00/20081228        found nothing
SecureWeb-Gateway        6.7.6/20081228        found nothing
Sophos        4.37.0/20081228        found nothing
Sunbelt        3.2.1809.2/20081222        found nothing
Symantec        10/20081228        found nothing
TheHacker        6.3.1.4.201/20081228        found nothing
TrendMicro        8.700.0.1004/20081226        found nothing
VBA32        3.12.8.10/20081228        found nothing
ViRobot        2008.12.26.1536/20081226        found nothing
VirusBuster        4.5.11.0/20081228        found nothing

[ notes ]
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=9d84376931440f3679beef2a414fa493
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9d84376931440f3679beef2a414fa493
Code:
Complete scanning result of "nvsvc32.exe", processed in VirusTotal at 12/28/2008 19:14:09 (CET).

[ file data ]
* name..: nvsvc32.exe
* size..: 155716
* md5...: a9fb3ef9a6385b56e8a6bd758ac01b94
* sha1..: df193e8e0273c5ebcd437f476afaa7c9adb1637d
* peid..: Armadillo v1.71

[ scan result ]
a-squared        4.0.0.73/20081228        found nothing
AhnLab-V3        2008.12.25.0/20081227        found nothing
AntiVir        7.9.0.45/20081228        found nothing
Authentium        5.1.0.4/20081228        found nothing
Avast        4.8.1281.0/20081228        found nothing
AVG        8.0.0.199/20081228        found nothing
BitDefender        7.2/20081228        found nothing
CAT-QuickHeal        10.00/20081227        found nothing
ClamAV        0.94.1/20081228        found nothing
Comodo        834/20081228        found nothing
DrWeb        4.44.0.09170/20081228        found nothing
eSafe        7.0.17.0/20081228        found nothing
eTrust-Vet        31.6.6276/20081224        found nothing
Ewido        4.0/20081228        found nothing
F-Prot        4.4.4.56/20081227        found nothing
F-Secure        8.0.14332.0/20081228        found nothing
Fortinet        3.117.0.0/20081228        found nothing
GData        19/20081228        found nothing
Ikarus        T3.1.1.45.0/20081228        found nothing
K7AntiVirus        7.10.568/20081227        found nothing
Kaspersky        7.0.0.125/20081228        found nothing
McAfee        5477/20081228        found nothing
McAfee+Artemis        5477/20081228        found nothing
Microsoft        1.4205/20081228        found nothing
NOD32        3719/20081227        found nothing
Norman        5.80.02/20081226        found nothing
Panda        9.0.0.4/20081228        found nothing
PCTools        4.4.2.0/20081228        found nothing
Prevx1        V2/20081228        found nothing
Rising        21.09.62.00/20081228        found nothing
SecureWeb-Gateway        6.7.6/20081228        found nothing
Sophos        4.37.0/20081228        found nothing
Sunbelt        3.2.1809.2/20081222        found nothing
Symantec        10/20081228        found nothing
TheHacker        6.3.1.4.201/20081228        found nothing
TrendMicro        8.700.0.1004/20081226        found nothing
VBA32        3.12.8.10/20081228        found nothing
ViRobot        2008.12.26.1536/20081226        found nothing
VirusBuster        4.5.11.0/20081228        found nothing

[ notes ]
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=a9fb3ef9a6385b56e8a6bd758ac01b94

H5N1 31.12.2008 00:56
Die hochgeladenen Dateien scheinen sauber zu sein (wenn ich jetzt nichts übersehen habe).

Was ist mit den anderen Tipps, die dir Aggro Berlin gegeben hat?


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19