|
Log-Analyse und Auswertung: Virtumonde & Security Center disabeldWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
10.03.2009, 15:37 | #1 |
| Virtumonde & Security Center disabeld Hallo liebes Trojaner-Board Team. Erstmal vielen Dank für eure Hilfe, super das ihr das macht. Ich habe ein kleines Problem. Normalerweise krieg ich mein Systeem selber sauber aber dieses mal weis ich nicht mehr weiter. Ich hab auch schon gegoogelt und mir andere Posts durchgelesen, aber so wie ich das verstanden habe is Virtumonde bei jedem ein wenig anders. So was ich bisher gemacht habe. CCleaner Adaware Malwarebytes - Antimalware Spybot S&D Hijackthis Konnte das Problem nicht beheben. Was macht mein Systeem. Bei jedem neustart schaltet sich das Hauseigene Windows Vista Security Center aus. Bei Ausführen/Services starte ich dies jedes mal Manuell. Desweiteren kriege ich in der Taskleiste immer bericht von etwas das mir ein Programm andrehen möchte. Also nochma danke für die Hilfe, hier folgen jetzt die Logfiles. ======================================== Spybot 05.03.2009 23:17:35 - ##### check started ##### 05.03.2009 23:17:35 - ### Version: 1.6.2 05.03.2009 23:17:35 - ### Date: 5-3-2009 23:17:35 05.03.2009 23:17:38 - ##### checking bots ##### 05.03.2009 23:19:42 - found: Microsoft.Windows.ActiveDesktop Gebruikerinstellingen 05.03.2009 23:19:42 - found: Microsoft.Windows.ActiveDesktop Gebruikerinstellingen 05.03.2009 23:19:42 - found: Microsoft.Windows.Explorer Instellingen 05.03.2009 23:19:42 - found: Microsoft.Windows.Explorer Instellingen 05.03.2009 23:19:42 - found: Microsoft.WindowsSecurityCenter.TaskManager Instellingen 05.03.2009 23:19:42 - found: Microsoft.WindowsSecurityCenter.TaskManager Instellingen 05.03.2009 23:19:42 - found: Microsoft.WindowsSecurityCenter_disabled Instellingen 05.03.2009 23:21:11 - found: Win32.Winlagons.co Data 05.03.2009 23:21:25 - found: Virtumonde.atr File ======================================================== MSCONFIG Naam van besturingssysteem Microsoft® Windows Vista™ Home Premium Versie 6.0.6001 Service Pack 1 Build 6001 Andere beschrijving van besturingssysteem Niet beschikbaar Leverancier van besturingssysteem Microsoft Corporation Systeemnaam Systeemfabrikant ASUSTeK Computer Inc. Systeemmodel M70Vr Systeemtype Op x86 gebaseerde pc Processor Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz, 2000 MHz, 2 core('s), 2 logische processor(s) BIOS-versie/datum American Megatrends Inc. 207.000, 22-7-2008 SMBIOS-versie 2.5 Map met Windows C:\Windows Systeemmap C:\Windows\system32 Opstartapparaat \Device\HarddiskVolume2 Landinstelling Nederland HAL (Hardware Abstraction Layer) Versie = "6.0.6001.22150" Gebruikersnaam Tijdzone West-Europa (standaardtijd) Geïnstalleerd fysiek geheugen (RAM) 4,00 GB Totaal fysiek geheugen 3,00 GB Beschikbaar fysiek geheugen 1,79 GB Totaal virtueel geheugen 6,19 GB Beschikbaar virtueel geheugen 5,01 GB Ruimte voor wisselbestand 3,29 GB Wisselbestand C:\pagefile.sys ================================================== HijackThis Uninstall 32 Bit HP CIO Components Installer Ad-Aware Ad-Aware Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 8.1.3 - Nederlands Agere Systems HDA Modem AppCore Apple Mobile Device Support Apple Software Update Ask Toolbar ASUS CopyProtect ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear eXtreme ASUS Security Protect Manager ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Virtual Camera Asus_Camera_ScreenSaver ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 AuthenTec Fingerprint Sensor Minimum Install Bonjour ccc-Branding ccCommon CCleaner (remove only) ChkMail Command & Conquer™ Red Alert™ 3 Component Framework Curse Client CyberLink LabelPrint CyberLink Power2Go CyberLink Power2Go DAEMON Tools Toolbar DivX Codec DivX Converter DivX Player DivX Web Player Dolby Control Center EA Download Manager ERUNT 1.1j EVEREST Home Edition v2.20 Express Gate Free YouTube to Mp3 Converter version 3.1 Grand Theft Auto IV HijackThis 2.0.2 Hotspot Shield 1.10 HP Photosmart All-In-One Software 9.0 ITECIR iTunes Java(TM) 6 Update 11 LightScribe System Software 1.14.17.1 LiveUpdate (Symantec Corporation) LiveUpdate (Symantec Corporation) Malwarebytes' Anti-Malware Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.6) MSXML 4.0 SP2 (KB954430) NB Probe Norton AntiVirus Norton AntiVirus Help Norton Confidential Core Norton Internet Security Norton Internet Security Norton Internet Security (Symantec Corporation) Norton Protection Center P4P QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver Reason 3.0.4 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 Rockstar Games Social Club SecureW2 EAP Suite 1.0.6 for Windows Silent Hunter 4 Wolves of the Pacific Skype™ 3.8 SPBBC 32bit Spybot - Search & Destroy Stronghold Legends Symantec Real Time Storage Protection Component Synaptics Pointing Device Driver System Requirements Lab TeamSpeak 2 RC2 TVAnts 1.0 Uninstall 1.0.0.1 USB2.0 1.3M UVC WebCam Veoh Web Player Beta Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Vuze WIDCOMM Bluetooth Software Winamp Windows Media Player Firefox Plugin WinFlash WinRAR Wireless Console 2 World of Warcraft World of Warcraft FREE Trial ===================================================== HijackThis LogFile Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:23:03, on 10-3-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Windows\System32\inf\rundll33.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\P4P\P4P.exe C:\Windows\AsScrPro.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\frmwrk32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynAsus.exe C:\Program Files\Curse\CurseClient.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.asus.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\Windows\system32\inf\rundll33.exe C:\Windows\xccdf16_090305a.dll xccd16 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: APSHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 11518 bytes |
10.03.2009, 16:31 | #2 |
| Virtumonde & Security Center disabeld Hallo Soryn,
__________________könntest Du bitte die Malwarebytes-Logfile noch posten (vom letzten Scan). Möchte gerne einen Blick darauf werfen bevor wir den nächsten Schritt gehen. Grüße a5cl3p1o5
__________________ |
10.03.2009, 16:37 | #3 |
| Virtumonde & Security Center disabeld Das is zwar auf Niederländisch aber da steht das eine Datei infectiert wurde.
__________________Diese is ganz unten genannt. ---------------------------------------------- Malwarebytes' Anti-Malware 1.34 Database versie: 1820 Windows 6.0.6001 Service Pack 1 5-3-2009 19:27:53 mbam-log-2009-03-05 (19-27-53).txt Scan type: Volledige Scan (C:\|D:\|) Objecten gescand: 117328 Verstreken tijd: 54 minute(s), 59 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\VCRedist\redist32.exe (Trojan.Vundo) -> Delete on reboot. |
10.03.2009, 16:57 | #4 |
| Virtumonde & Security Center disabeld Ich rate Dir ComboFix auszuführen. Dies ist jedoch nicht ganz ungefährlich. Du kannst natürlich auch warten bis jemand aus dem Kompetenzteam Dich dazu auffordert. Ansonsten lese folgende Anleitung bitte genau durch und befolge diese. Führe bitte auch zuvor nochmals CCleaner aus und stecke ALLE USB-Speichergeräte an den Computer an. Lade Dir dann ComboFix runter und benutze es nach der oben genannten Anleitung. Die Logfile bei File-Upload hochladen und anschließend hier verlinken. Grüße a5cl3p1o5
__________________ a5cl3p1o5, ehemals 45cl3p1u5 |
Themen zu Virtumonde & Security Center disabeld |
ad-watch, add-on, askbar, bho, browser, components, computer, cpu, defender, excel, firefox, flash player, hijackthis logfile, home, internet, internet explorer, intrusion prevention, menu.exe, microsoft.windowssecuritycenter_disabled, mp3, neustart, plug-in, programm, rundll, safer networking, security, service pack 1, software, super, symantec, system, taskleiste, toolbars, trojaner-board, virtumonde, vista, vista security, windows, windows defender, windows sidebar |