Hallo Undoreal,
der Log ist etwas chaotisch, ich poste ihn gleich weiter unten. Die Datei liegt noch in Quarantäne. Ich kann sie in die Zwischenablage kopieren lassen oder aber wiederherstellen.
Ich könnte auch bis morgen warten, da habe ich wieder Zugriff auf meinen Hauptrechner, wo die XProtect.sys bisher unangetastet liegt und diese zur Vefügung stellen.
An welches Labor sendet man sie am besten? GDATA wird sie wohl nicht annehmen, da habe ich schon viele Falsch-Alarme hingesendet und die Signaturen anpassen lassen, da meldete aber eine der Engines von GDATA, dass hier ein Fehler vorhanden ist und ich war mir sicher, dass es ungefährliche Dateien sind.
<threat id="47142" name="Trojan-Downloader.Win32.VB.ahc" level="2" category="Trojan Downloader" type="Malware" quarantineId="{85C04909-3DCC-4F5C-80DE-3803D4541BCB}" adviseType="3" canQuarantine="true" author="" optionalScan="0" removalType="0" actionRequested="3" cleanerResult="3"><authorURL></authorURL><desc>A Trojan Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="c:\WINDOWS\system32\drivers\xprotector.sys"><attr n="path" v="c:\WINDOWS\system32\drivers\xprotector.sys" /><attr n="fileSize" v="40256" /><attr n="md5" v="E87EF942B225B23247DB60DE56F62C1C" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR -1"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR" /><attr n="valueType" v="-1" /><attr n="valueName" v="" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\DisplayName 1"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR" /><attr n="valueType" v="1" /><attr n="valueName" v="DisplayName" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum -1"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum" /><attr n="valueType" v="-1" /><attr n="valueName" v="" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum\0 1"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum" /><attr n="valueType" v="1" /><attr n="valueName" v="0" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum\Count 4"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum" /><attr n="valueType" v="4" /><attr n="valueName" v="Count" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum\NextInstance 4"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR\Enum" /><attr n="valueType" v="4" /><attr n="valueName" v="NextInstance" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\ErrorControl 4"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR" /><attr n="valueType" v="4" /><attr n="valueName" v="ErrorControl" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\ImagePath 2"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR" /><attr n="valueType" v="2" /><attr n="valueName" v="ImagePath" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Security -1"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR\Security" /><attr n="valueType" v="-1" /><attr n="valueName" v="" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Security\Security 3"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR\Security" /><attr n="valueType" v="3" /><attr n="valueName" v="Security" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Start 4"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR" /><attr n="valueType" v="4" /><attr n="valueName" v="Start" /></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPROTECTOR\Type 4"><attr n="hive" v="HKEY_LOCAL_MACHINE" /><attr n="key" v="SYSTEM\CurrentControlSet\Services\XPROTECTOR" /><attr n="valueType" v="4" /><attr n="valueName" v="Type" /></trace></traces></threat>
17.03.2009, 00:05
Baum-Darstellung