Plagegeister aller Art und deren Bekämpfung: 50€ - Virus
Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f189c2963f8c044281d9c955d83e7964
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 10:21:53
# local_time=2012-01-05 11:21:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 825344 62333831 902488 0
# compatibility_mode=5893 16776573 100 94 4780 77431818 0 0
# compatibility_mode=8192 67108863 100 0 3891 3891 0 0
# scanned=586
# found=0
# cleaned=0
# scan_time=146
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f189c2963f8c044281d9c955d83e7964
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-06 04:39:23
# local_time=2012-01-06 05:39:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 891270 62399757 968414 0
# compatibility_mode=5893 16776573 100 94 4005 77497744 0 0
# compatibility_mode=8192 67108863 100 0 69817 69817 0 0
# scanned=423
# found=0
# cleaned=0
# scan_time=90
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f189c2963f8c044281d9c955d83e7964
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-06 04:51:23
# local_time=2012-01-06 05:51:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=freeze
# scanned=130
# found=0
# cleaned=0
# scan_time=2
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f189c2963f8c044281d9c955d83e7964
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-06 06:42:14
# local_time=2012-01-06 07:42:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 893459 62401946 970603 0
# compatibility_mode=5893 16776574 100 94 6194 77499933 0 0
# compatibility_mode=8192 67108863 100 0 72006 72006 0 0
# scanned=254769
# found=87
# cleaned=0
# scan_time=5271
C:\Users\Nassim\AppData\Local\Temp\321.exe a variant of Win32/Kryptik.YLQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\fe48b4f-184cd3d9 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\fe48b4f-24642f4d a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\fe48b4f-50e871e3 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\fe48b4f-525151c9 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\fe48b4f-61bfeafc a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\fe48b4f-6bb2a5ee a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\478c76e3-12b9371e multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\3060a771-443cd5a5 a variant of Java/Exploit.CVE-2011-3544.Q trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5049\components\AcroFF0498.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5050\components\AcroFF0507.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5051\components\AcroFF0510.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5051\components\AcroFF0515.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5051\components\AcroFF0516.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5051\components\AcroFF0517.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5051\components\AcroFF0518.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5052\components\AcroFF0520.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5052\components\AcroFF0525.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5052\components\AcroFF0526.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5052\components\AcroFF0527.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5052\components\AcroFF0528.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5053\components\AcroFF0530.dll Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5053\components\AcroFF0535.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5053\components\AcroFF0536.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5053\components\AcroFF0537.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5053\components\AcroFF0538.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5054\components\AcroFF0540.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5054\components\AcroFF0545.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5054\components\AcroFF0546.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5054\components\AcroFF0547.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5054\components\AcroFF0548.dll a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5055\components\AcroFF0550.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5055\components\AcroFF0555.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5055\components\AcroFF0556.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5055\components\AcroFF0557.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5055\components\AcroFF0558.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5056\components\AcroFF0560.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5056\components\AcroFF0565.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5056\components\AcroFF0566.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5056\components\AcroFF0567.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5056\components\AcroFF0568.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5058\components\AcroFF0580.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5058\components\AcroFF0585.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5058\components\AcroFF0586.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5058\components\AcroFF0587.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5058\components\AcroFF0588.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5059\components\AcroFF0590.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5059\components\AcroFF0596.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5059\components\AcroFF0597.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5059\components\AcroFF0598.dll Win32/Spy.Banker.XAW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5060\components\AcroFF0600.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5060\components\AcroFF0605.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5060\components\AcroFF0606.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5060\components\AcroFF0607.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5060\components\AcroFF0608.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5061\components\AcroFF0610.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5061\components\AcroFF0615.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5061\components\AcroFF0616.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5061\components\AcroFF0617.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5061\components\AcroFF0618.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5062\components\AcroFF0620.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5062\components\AcroFF0625.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5062\components\AcroFF0626.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5062\components\AcroFF0627.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5062\components\AcroFF0628.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5063\components\AcroFF0630.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5063\components\AcroFF0635.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5063\components\AcroFF0636.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5063\components\AcroFF0637.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5064\components\AcroFF0640.dll probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5064\components\AcroFF0645.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5064\components\AcroFF0646.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5064\components\AcroFF0647.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Nassim\AppData\Roaming\5064\components\AcroFF0649.dll a variant of Win32/Spy.Banker.XBB trojan (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Setup_01c2.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Setup_1d07.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Setup_cb3d.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Setup_d89b.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Update_08b6.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Update_133a.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Update_155d.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Update_179d.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Update_33b4.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Update_57a3.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Update_ad5d.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Update_be46.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
E:\sicherung\c\Users\Nassim\AppData\Local\Temp\Update_c6b1.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I
Zum Thema 50€ - Virus - Hier nun die Ergebnisse von ESET:
Code:
Alles auswählen Aufklappen ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f189c2963f8c044281d9c955d83e7964
# end=stopped
# - 50€ - Virus...
06.01.2012, 19:46
Hybrid-Darstellung
