| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.02.2009, 18:15
| #1 |
| |  Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe Hallo, vor wenigen Tagen ist mein AntiVir guard angesprungen und hat TR/Crypt.CFI.Gen in Datei D:\***\lojdce.exe gefunden. Diese Datei ist mir unbekannt und ich habe sie auch niemals aufgerufen. Ein anchliessender AntiVir Scan fand den o.g. Trojaner noch einmal in einer namensgleichen Datei: C:\Documents and Settings\All Users\Documents\lojdce.exe [DETECTION] Is the TR/Crypt.CFI.Gen Trojan [NOTE] The file was deleted! In den folgenden Tagen habe ich mehrere vollstaendige AntiVir Scans (auch im abgesichrten Modus) durchgefuehrt, die alle einwandfrei beendet wurden. Auch ist zu keinem Zeitpunkt ein System-Fehler, hohe Prozessorlast oder anderes ungewoehnliches Verhalten meiner Kiste aufgetreten. Ich wende mich an Euch, um Experten-Meinung einzuholen: 1. Kann AntiVir den Trojaner festgestellt haben, bevor er jemals aktiv werden konnte? 2. Wie wahrscheinlich ist es, dass der Parasit vollstaendig entfernt bzw. mein System noch infiziert ist, und wie kann man das zuverlaessig feststellen? 3. Wie wirkt sich ein aktiver Crypt.CFI.Gen aus und durch welche Dateien kann er aktiviert werden? (Habe ausgiebig gegoogelt, bin aber nicht so richtig schlau aus dem Gefunden geworden, Links zu genauer Info wuerden auch sehr helfen.) 4. Wie soll ich weiter verfahren (andere Scanner laufen lassen, ueber einen bestimmten Zeitraum keine persoenlichen Datenetc.)? Darueber, woher und wie die mir unbekannte Datei Datei lojdce.exe auf meinen Rechner gekommen ist, kann ich nur mutmassen. Ich habe mir kurz zuvor the mainstream BitTorrent Client installiert und damit ein hier nicht erhaeltliches Album heruntergeladen. In dem zip file befanden sich mehrere mp3 und eine jpg Datei, kann der Trojaner darin versteckt gewesen sein. Sonst habe ich in den Tagen davor noch den RealPlayer, Mono fuer Windows (h**p://www.mono-project.com/Mono:Windows) und 2-3 andere OpenSource Tools installiert (und wieder deinstalliert). Leider habe ich die infizierte Datei sofort geloescht und nicht in quarantaene gestellt, um sie auswerten lassen zu koennen. Anbei sende ich das Ergebnis des Avira Scans im abgesichrten Modus mit Virus-Meldung und einen aktuellen HijackThis Log (nach Entfernung), die vielleicht beim Beantworten meiner Fragen behilflich sein koennten. Ueber schnelle Hilfe wuerde ich mich sehr freuen und moechte mich schon im Voraus bei Euch dafuer bedanken! Schoen Gruesse, Klosar Code:
ATTFilter Avira AntiVir Personal
Report file date: Tuesday, February 24, 2009 21:07
Scanning for 1264314 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: ***
Computer name: ***
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/25/2008 20:51:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 7/19/2008 17:27:46
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:25:45
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 21:56:31
ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 2/20/2009 00:30:37
ANTIVIR3.VDF : 7.1.2.75 91648 Bytes 2/24/2009 00:28:01
Engineversion : 8.2.0.88
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/31/2009 16:11:37
AESCRIPT.DLL : 8.1.1.52 348538 Bytes 2/24/2009 00:28:01
AESCN.DLL : 8.1.1.7 127347 Bytes 2/14/2009 21:56:24
AERDL.DLL : 8.1.1.3 438645 Bytes 11/7/2008 18:11:06
AEPACK.DLL : 8.1.3.8 397684 Bytes 2/5/2009 16:10:38
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/20/2009 14:46:03
AEHEUR.DLL : 8.1.0.97 1610103 Bytes 2/22/2009 00:30:41
AEHELP.DLL : 8.1.2.0 119159 Bytes 11/19/2008 14:14:49
AEGEN.DLL : 8.1.1.21 336244 Bytes 2/24/2009 00:28:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/16/2008 06:24:32
AECORE.DLL : 8.1.6.6 176501 Bytes 2/18/2009 01:21:51
AEBB.DLL : 8.1.0.3 53618 Bytes 10/16/2008 06:24:30
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/19/2008 17:27:46
AVPREF.DLL : 8.0.2.0 38657 Bytes 7/19/2008 17:27:46
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 19:53:09
AVREG.DLL : 8.0.0.1 33537 Bytes 7/19/2008 17:27:46
AVARKT.DLL : 1.0.0.23 307457 Bytes 4/14/2008 17:38:50
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 7/19/2008 17:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 4/14/2008 17:38:51
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 7/19/2008 17:27:46
NETNT.DLL : 8.0.0.1 7937 Bytes 4/14/2008 17:38:50
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 7/19/2008 17:27:43
RCTEXT.DLL : 8.0.52.0 86273 Bytes 7/19/2008 17:27:43
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Tuesday, February 24, 2009 21:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'PDFXCview.exe' - '1' Module(s) have been scanned
Scan process 'TrueCrypt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'thunderbird.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'trayicon.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'PCSuite.exe' - '1' Module(s) have been scanned
Scan process 'RMClock.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'sipgateXLite.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'netdrive.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb12.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'TaskSwitch.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd2.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'FlashEnc.exe' - '1' Module(s) have been scanned
Scan process 'iTouch.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'uGuru_Event_Receiver.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'ndsvc.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
78 processes with 78 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '84' files ).
Starting the file scan:
Begin scan in 'C:\' <WINXPMCE>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Documents\lojdce.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was deleted!
End of the scan: Tuesday, February 24, 2009 23:13
Used time: 2:06:45 Hour(s)
The scan has been canceled!
16272 Scanning directories
504991 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
504989 Files not concerned
7707 Archives were scanned
1 Warnings
1 Notes
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:32 AM, on 2/28/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Netdrive\ndsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Drivers\ABIT\ABIT uGuru\uGuru.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Drivers\Logitech\iTouch\iTouch.exe C:\Drivers\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe C:\Program Files\FlashEnc\FlashEnc.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\vsnpstd2.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Netdrive\netdrive.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Communications\sipgate X-Lite\sipgateXLite.exe C:\Communications\Skype\Phone\Skype.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Drivers\RMClock\RMClock.exe C:\Program Files\IPSec Client\trayicon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe E:\download\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [GuruClock] C:\Drivers\ABIT\ABIT uGuru\GuruClock.exe O4 - HKLM\..\Run: [ABIT uGuru] C:\Drivers\ABIT\ABIT uGuru\uGuru.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Drivers\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [FlashEnc] C:\Program Files\FlashEnc\FlashEnc.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [Netdrive] "C:\Program Files\Netdrive\netdrive.exe" -tray O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [XSC SIP Client] "C:\Communications\sipgate X-Lite\sipgateXLite.exe" O4 - HKCU\..\Run: [Skype] "C:\Communications\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RMClock] C:\Drivers\RMClock\RMClockLauncher.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: Festoon - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: vskype - (no CLSID) - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NetDrive Service (ndsvc) - SolutionBox - C:\Program Files\Netdrive\ndsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 13345 bytes Geändert von klosar (28.02.2009 um 18:25 Uhr) |
|
| Themen zu Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe |
| antivir, antivir guard, askbar, auswerten, avgnt.exe, avira, bho, bonjour, c.exe, crypt.cfi.gen, dllhost.exe, excel, firefox.exe, frage, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, infizierte datei, internet, internet explorer, jusched.exe, kis, logon.exe, monitor, moved, mp3, nt.dll, object, parasit, rundll, scan, schnelle hilfe, server, skype.exe, software, solution, svchost.exe, trojaner, unbekannte datei, windows, wuauclt.exe |
