Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.02.2009, 17:15   #1
klosar
 
Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe - Standard

Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe



Hallo,

vor wenigen Tagen ist mein AntiVir guard angesprungen und hat
TR/Crypt.CFI.Gen in Datei D:\***\lojdce.exe gefunden. Diese Datei ist mir unbekannt und ich habe sie auch niemals aufgerufen.

Ein anchliessender AntiVir Scan fand den o.g. Trojaner noch einmal in einer namensgleichen Datei:

C:\Documents and Settings\All Users\Documents\lojdce.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was deleted!

In den folgenden Tagen habe ich mehrere vollstaendige AntiVir Scans (auch im abgesichrten Modus) durchgefuehrt, die alle einwandfrei beendet wurden. Auch ist zu keinem Zeitpunkt ein System-Fehler, hohe Prozessorlast oder anderes ungewoehnliches Verhalten meiner Kiste aufgetreten.

Ich wende mich an Euch, um Experten-Meinung einzuholen:

1. Kann AntiVir den Trojaner festgestellt haben, bevor er jemals aktiv werden konnte?
2. Wie wahrscheinlich ist es, dass der Parasit vollstaendig entfernt bzw. mein System noch infiziert ist, und wie kann man das zuverlaessig feststellen?
3. Wie wirkt sich ein aktiver Crypt.CFI.Gen aus und durch welche Dateien kann er aktiviert werden? (Habe ausgiebig gegoogelt, bin aber nicht so richtig schlau aus dem Gefunden geworden, Links zu genauer Info wuerden auch sehr helfen.)
4. Wie soll ich weiter verfahren (andere Scanner laufen lassen, ueber einen bestimmten Zeitraum keine persoenlichen Datenetc.)?

Darueber, woher und wie die mir unbekannte Datei Datei lojdce.exe auf meinen Rechner gekommen ist, kann ich nur mutmassen. Ich habe mir kurz zuvor the mainstream BitTorrent Client installiert und damit ein hier nicht erhaeltliches Album heruntergeladen. In dem zip file befanden sich mehrere mp3 und eine jpg Datei, kann der Trojaner darin versteckt gewesen sein. Sonst habe ich in den Tagen davor noch den RealPlayer, Mono fuer Windows (h**p://www.mono-project.com/Mono:Windows) und 2-3 andere OpenSource Tools installiert (und wieder deinstalliert).

Leider habe ich die infizierte Datei sofort geloescht und nicht in quarantaene gestellt, um sie auswerten lassen zu koennen. Anbei sende ich das Ergebnis des Avira Scans im abgesichrten Modus mit Virus-Meldung und einen aktuellen HijackThis Log (nach Entfernung), die vielleicht beim Beantworten meiner Fragen behilflich sein koennten.

Ueber schnelle Hilfe wuerde ich mich sehr freuen und moechte mich schon im Voraus bei Euch dafuer bedanken!

Schoen Gruesse,
Klosar

Code:
ATTFilter
Avira AntiVir Personal
Report file date: Tuesday, February 24, 2009  21:07

Scanning for 1264314 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         ***
Computer name:    ***

Version information:
BUILD.DAT     : 8.2.0.337      16934 Bytes  11/18/2008 13:05:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  11/25/2008 20:51:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes   7/19/2008 17:27:46
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  10/27/2008 17:25:45
ANTIVIR1.VDF  : 7.1.2.12     3336192 Bytes   2/11/2009 21:56:31
ANTIVIR2.VDF  : 7.1.2.55      248832 Bytes   2/20/2009 00:30:37
ANTIVIR3.VDF  : 7.1.2.75       91648 Bytes   2/24/2009 00:28:01
Engineversion : 8.2.0.88  
AEVDF.DLL     : 8.1.1.0       106868 Bytes   1/31/2009 16:11:37
AESCRIPT.DLL  : 8.1.1.52      348538 Bytes   2/24/2009 00:28:01
AESCN.DLL     : 8.1.1.7       127347 Bytes   2/14/2009 21:56:24
AERDL.DLL     : 8.1.1.3       438645 Bytes   11/7/2008 18:11:06
AEPACK.DLL    : 8.1.3.8       397684 Bytes    2/5/2009 16:10:38
AEOFFICE.DLL  : 8.1.0.33      196987 Bytes   1/20/2009 14:46:03
AEHEUR.DLL    : 8.1.0.97     1610103 Bytes   2/22/2009 00:30:41
AEHELP.DLL    : 8.1.2.0       119159 Bytes  11/19/2008 14:14:49
AEGEN.DLL     : 8.1.1.21      336244 Bytes   2/24/2009 00:28:00
AEEMU.DLL     : 8.1.0.9       393588 Bytes  10/16/2008 06:24:32
AECORE.DLL    : 8.1.6.6       176501 Bytes   2/18/2009 01:21:51
AEBB.DLL      : 8.1.0.3        53618 Bytes  10/16/2008 06:24:30
AVWINLL.DLL   : 1.0.0.12       15105 Bytes   7/19/2008 17:27:46
AVPREF.DLL    : 8.0.2.0        38657 Bytes   7/19/2008 17:27:46
AVREP.DLL     : 8.0.0.2        98344 Bytes   7/31/2008 19:53:09
AVREG.DLL     : 8.0.0.1        33537 Bytes   7/19/2008 17:27:46
AVARKT.DLL    : 1.0.0.23      307457 Bytes   4/14/2008 17:38:50
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes   7/19/2008 17:27:46
SQLITE3.DLL   : 3.3.17.1      339968 Bytes   4/14/2008 17:38:51
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes   7/19/2008 17:27:46
NETNT.DLL     : 8.0.0.1         7937 Bytes   4/14/2008 17:38:50
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes   7/19/2008 17:27:43
RCTEXT.DLL    : 8.0.52.0       86273 Bytes   7/19/2008 17:27:43

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, February 24, 2009  21:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'PDFXCview.exe' - '1' Module(s) have been scanned
Scan process 'TrueCrypt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'thunderbird.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'trayicon.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'PCSuite.exe' - '1' Module(s) have been scanned
Scan process 'RMClock.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'sipgateXLite.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'netdrive.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb12.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'TaskSwitch.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd2.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'FlashEnc.exe' - '1' Module(s) have been scanned
Scan process 'iTouch.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'uGuru_Event_Receiver.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'ndsvc.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
78 processes with 78 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!
Boot sector 'E:\'
    [INFO]      No virus was found!
Boot sector 'F:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '84' files ).


Starting the file scan:

Begin scan in 'C:\' <WINXPMCE>
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Documents and Settings\All Users\Documents\lojdce.exe
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      The file was deleted!


End of the scan: Tuesday, February 24, 2009  23:13
Used time:  2:06:45 Hour(s)

The scan has been canceled!

  16272 Scanning directories
 504991 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 504989 Files not concerned
   7707 Archives were scanned
      1 Warnings
      1 Notes
         
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:32 AM, on 2/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Netdrive\ndsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Drivers\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Drivers\Logitech\iTouch\iTouch.exe
C:\Drivers\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\FlashEnc\FlashEnc.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Netdrive\netdrive.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Communications\sipgate X-Lite\sipgateXLite.exe
C:\Communications\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Drivers\RMClock\RMClock.exe
C:\Program Files\IPSec Client\trayicon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\download\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GuruClock] C:\Drivers\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [ABIT uGuru] C:\Drivers\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Drivers\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [FlashEnc] C:\Program Files\FlashEnc\FlashEnc.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Netdrive] "C:\Program Files\Netdrive\netdrive.exe" -tray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Communications\sipgate X-Lite\sipgateXLite.exe"
O4 - HKCU\..\Run: [Skype] "C:\Communications\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RMClock] C:\Drivers\RMClock\RMClockLauncher.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetDrive Service (ndsvc) - SolutionBox - C:\Program Files\Netdrive\ndsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13345 bytes
         

Geändert von klosar (28.02.2009 um 17:25 Uhr)

Antwort

Themen zu Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe
antivir, antivir guard, askbar, auswerten, avgnt.exe, avira, bho, bonjour, c.exe, crypt.cfi.gen, dllhost.exe, excel, firefox.exe, frage, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, infizierte datei, internet, internet explorer, jusched.exe, kis, logon.exe, monitor, moved, mp3, nt.dll, object, parasit, rundll, scan, schnelle hilfe, server, skype.exe, software, solution, svchost.exe, trojaner, unbekannte datei, windows, wuauclt.exe



Ähnliche Themen: Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe


  1. BoBrowser entfernt - trotzdem sollen jpg Dateien als BoBrowser HTML Documents geöffnet werden
    Log-Analyse und Auswertung - 14.09.2015 (1)
  2. Trojan.Ransom.Win32.Foreign.kvfa gefunden in C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip
    Log-Analyse und Auswertung - 01.06.2014 (21)
  3. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  4. TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (9)
  5. Trojaner: "HEUR:Exploit.Java.CVE-2012-1723.gen" in c:\documents and settings\ela\appdata\local\temp\jar_cache8475908429309578927.tmp
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (6)
  6. user/**/documents/services/svchost.exe - ja ne, ist klar
    Log-Analyse und Auswertung - 25.02.2013 (3)
  7. HEUR:Exploit.Java.CVE-2012-1723.gen in c:/documents and settings/.../appdata/locallow/sun/java/deployment/cache/6.0/1/3935ec1-7693a783
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (2)
  8. TR/Agent.amd.2 in C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (7)
  9. "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe
    Log-Analyse und Auswertung - 29.09.2012 (13)
  10. TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (8)
  11. Exploit.Java.CVE-2012-0507.be in C:\Documents and Settings\Jonathan\Appdata\LocalLow\Sun\Java [...]
    Log-Analyse und Auswertung - 16.04.2012 (8)
  12. C:\Users\XXXX\AppData\Roaming\Emwoe\ovews.exe -- ein TR/Crypt.xpack.gen
    Log-Analyse und Auswertung - 05.05.2011 (4)
  13. 'TR/Crypt.FKM.Gen' [trojan] in C:\Users\Elvis\AppData\Roaming\29388\mscjm.exe
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (14)
  14. TR/Crypt.ZPACK.Gen in C:\Users\***\AppData\Local\Temp\eapp32hst.dl
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (18)
  15. Trojaner TR/Crypt.XPACK.Gen in C:\Users\***\AppData\Local\Temp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (23)
  16. 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti
    Log-Analyse und Auswertung - 03.05.2010 (21)
  17. Crypt.CFI.Gen in lojdce.exe
    Log-Analyse und Auswertung - 08.03.2009 (0)

Zum Thema Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe - Hallo, vor wenigen Tagen ist mein AntiVir guard angesprungen und hat TR/Crypt.CFI.Gen in Datei D:\***\lojdce.exe gefunden. Diese Datei ist mir unbekannt und ich habe sie auch niemals aufgerufen. Ein anchliessender - Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe...
Archiv
Du betrachtest: Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.