|
Gut - diese Maßnahme plus das: Zitat:
|
ich glaub ich weiß wiso ich den trojaner vundo ned wegbekomm! weil ich die systemwiederherstellung deaktivieren muss bevor ich den vundo mit vundofix entferne! |
Von Removal-Tools halte ich ohnehin wenig. Nein, damit meine ich nicht die Arbeit, die die fleißigen Programmierer in deren Entwicklung stecken, teils sogar in ihrer Freizeit - das ist aller Ehren wert. Nur: Da Schädlinge oft weitere nachladen, ist nicht nachvollziehbar, ob nicht evtl. nachgeladene Schädlinge eines ganz anderen Typs weiterhin auf dem System verbleiben. Das Risiko, das man damit eingeht, ist auch angesichts der vorliegenden Internetkriminalität im Hinblick auf Identitätsdiebstahl, Geldwäsche und Spam- sowie Malwareverteilung schlichtweg zu groß. Besser ist es, man kauft sich ein Image-Programm und spielt dann im Falle eines Falles ein sauberes Image zurück. Von Vorteil ist natürlich, wenn es erst gar nicht zu Infektionen des Systems kommt - damit hat man am wenigesten Arbeit und kann es am stressfreiesten nutzen. |
stimmt :party: |
Hier der hijack this log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:12:59, on 10.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\CyberLink\PowerCinema\PCMService.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Programme\HP\HP Software Update\HPwuSchd2.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\aon\AONMES~1\aonMessageCenter.exe C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\qwerty12.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\ArchiCrypt Stealth 4\IJStealth4Svc.exe C:\WINDOWS\system32\svchost.exe C:\programme\gemeinsame dateien\installshield\updateservice\issch.exe C:\Programme\Windows Defender\MSASCui.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\aon\aonUpdate\aonUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Yahoo!\Widgets\YahooWidgetEngine.exe c:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Programme\Symantec\LiveUpdate\AUPDATE.EXE C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\VundoFix.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_AT&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_AT&c=63&bd=PAVILION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_AT&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;<local> R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IE7Pro\IE7Pro.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {68464d08-5658-4ac9-8309-0e81882b3004} - C:\WINDOWS\system32\grpeui.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\tmp49.tmp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [1aonmessagecenter] C:\PROGRA~1\aon\AONMES~1\aonMessageCenter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISUSScheduler] "c:\programme\gemeinsame dateien\installshield\updateservice\issch.exe" -start O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [aonUpdate] C:\Programme\aon\aonUpdate\aonUpdate.exe /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programme\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IE7Pro\IE7Pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IE7Pro\IE7Pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175184314359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180704674687 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41DE6D27-FD3D-40F7-A2B0-4631B91B9462}: NameServer = 195.3.96.67,195.3.96.68 O17 - HKLM\System\CCS\Services\Tcpip\..\{96545225-E179-45D5-845D-54B99A0C5F05}: NameServer = 195.3.96.67 195.3.96.68 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\windows\system32\jkhffdd.dll O20 - Winlogon Notify: grpeui - C:\WINDOWS\SYSTEM32\grpeui.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Stealth Service Helper (StealthInjectorService) - Softwareentwicklung Remus - C:\Programme\ArchiCrypt Stealth 4\IJStealth4Svc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 15734 bytes |
hier virustotal auswertung Complete scanning result of "Setup.exe", received in VirusTotal at 07.10.2007, 20:31:07 (CET). Antivirus Version Update Result AhnLab-V3 2007.7.7.0 07.10.2007 Win-Trojan/Agent.146470 AntiVir 7.4.0.39 07.10.2007 TR/Dldr.Agent.auv.17 Authentium 4.93.8 07.09.2007 W32/Downloader.BDXS Avast 4.7.997.0 07.09.2007 Win32:Trojan-gen. {UPX!} AVG 7.5.0.476 07.09.2007 Downloader.Agent.IWY BitDefender 7.2 07.10.2007 Trojan.Downloader.Agent.AUV CAT-QuickHeal 9.00 07.10.2007 TrojanDownloader.Agent.auv ClamAV devel-20070416 07.10.2007 Trojan.Downloader-10526 DrWeb 4.33 07.10.2007 Trojan.DownLoader.19426 eSafe 7.0.15.0 07.10.2007 Win32.Agent.auv eTrust-Vet 30.8.3777 07.10.2007 no virus found Ewido 4.0 07.10.2007 Downloader.Agent.auv FileAdvisor 1 07.10.2007 High threat detected Fortinet 2.91.0.0 07.10.2007 W32/Agent.AUV!tr.dldr F-Prot 4.3.2.48 07.09.2007 W32/Downloader.BDXS Ikarus T3.1.1.8 07.10.2007 Trojan-Downloader.Win32.Agent.auv Kaspersky 4.0.2.24 07.10.2007 Trojan-Downloader.Win32.Agent.auv McAfee 5071 07.10.2007 no virus found Microsoft 1.2704 07.10.2007 TrojanDownloader:Win32/Agent!C22F NOD32v2 2390 07.10.2007 Win32/TrojanDownloader.Agent.NJC Norman 5.80.02 07.10.2007 W32/Agent.BERZ Panda 9.0.0.4 07.10.2007 Trj/Downloader.NCS Sophos 4.19.0 07.06.2007 no virus found Sunbelt 2.2.907.0 07.07.2007 no virus found Symantec 10 07.10.2007 no virus found TheHacker 6.1.6.144 07.09.2007 Trojan/Downloader.Agent.auv VBA32 3.12.0.2 07.09.2007 Trojan-Downloader.Win32.Agent.auv VirusBuster 4.3.23:9 07.10.2007 Trojan.DL.Agent.SNC Webwasher-Gateway 6.0.1 07.10.2007 Trojan.Dldr.Agent.auv.17 Aditional Information File size: 146470 bytes MD5: d1d9070c830f59f8c0e02914924e55d5 SHA1: 2b22d370cb54fccfcbaea203733b017d2ac33d49 packers: UPX packers: UPX Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=d1d9070c830f59f8c0e02914924e55d5 packers: UPX |
Code: C:\WINDOWS\system32\qwerty12.exe |
Wenn das die Datei ist, die Du mir zugeschickt hast, und Du sie aus besagter Quelle geladen und installiert hattest, dann erklärt sich der Malwarebefall von selbst, denn: Dieser Schädling will eine Menge von Dateien nachladen, die für sich jeweils unterschiedlichste Funktionen haben: Von Backdoor über Keylogger ist alles dabei. Du musst dringend Deine Zugangsdaten / Passwörter von einem sauberen System aus ändern - hast Du vielleicht ein Zweitsystem zur Verfügung? |
hier die virustotal auswertungen: qwerty12.exe : File qwerty12.exe received on 07.11.2007 19:59:33 (CET) Current status: queued waiting scanning finished Antivirus Versión Last Update Result AhnLab-V3 2007.7.11.1 20070711 no virus found AntiVir 7.4.0.39 20070711 TR/Crypt.XPACK.Gen Authentium 4.93.8 20070710 no virus found Avast 4.7.997.0 20070711 no virus found AVG 7.5.0.476 20070711 Obfustat.UB BitDefender 7.2 20070711 Trojan.Fotomoto.A CAT-QuickHeal 9.00 20070711 (Suspicious) - DNAScan ClamAV devel-20070416 20070711 no virus found DrWeb 4.33 20070711 no virus found eSafe 7.0.15.0 20070710 suspicious Trojan/Worm eTrust-Vet 30.8.3779 20070711 no virus found Ewido 4.0 20070711 Trojan.Small FileAdvisor 1 20070711 no virus found Fortinet 2.91.0.0 20070711 W32/Agent.AOY!tr F-Prot 4.3.2.48 20070710 no virus found Ikarus T3.1.1.8 20070711 Trojan.Fotomoto.A Kaspersky 4.0.2.24 20070711 no virus found McAfee 5072 20070711 no virus found Microsoft 1.2704 20070711 no virus found NOD32v2 2393 20070711 no virus found Norman 5.80.02 20070711 no virus found Panda 9.0.0.4 20070711 no virus found Sophos 4.19.0 20070706 no virus found Sunbelt 2.2.907.0 20070711 VIPRE.Suspicious Symantec 10 20070711 no virus found TheHacker 6.1.6.144 20070709 no virus found VBA32 3.12.0.2 20070710 no virus found VirusBuster 4.3.23:9 20070711 no virus found Webwasher-Gateway 6.0.1 20070711 Trojan.Crypt.XPACK.Gen Aditional information File size: 55235 bytes MD5: 2467b720c07ea66e9c023d1c12017b7e SHA1: 69dd93bfa9e1a03f434fdd652b983cc06aea582b Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. tmp49.tmp.dll : File tmp49.tmp.dll received on 07.11.2007 20:03:57 (CET) Current status: queued waiting scanning finished Antivirus Versión Last Update Result AhnLab-V3 2007.7.11.1 20070711 no virus found AntiVir 7.4.0.39 20070711 no virus found Authentium 4.93.8 20070710 no virus found Avast 4.7.997.0 20070711 no virus found AVG 7.5.0.476 20070711 no virus found BitDefender 7.2 20070711 no virus found CAT-QuickHeal 9.00 20070711 no virus found ClamAV devel-20070416 20070711 no virus found DrWeb 4.33 20070711 no virus found eSafe 7.0.15.0 20070710 no virus found eTrust-Vet 30.8.3779 20070711 no virus found Ewido 4.0 20070711 no virus found FileAdvisor 1 20070711 no virus found Fortinet 2.91.0.0 20070711 no virus found F-Prot 4.3.2.48 20070710 no virus found Ikarus T3.1.1.8 20070711 no virus found Kaspersky 4.0.2.24 20070711 no virus found McAfee 5072 20070711 no virus found Microsoft 1.2704 20070711 no virus found NOD32v2 2393 20070711 no virus found Norman 5.80.02 20070711 no virus found Panda 9.0.0.4 20070711 Suspicious file Sophos 4.19.0 20070706 no virus found Sunbelt 2.2.907.0 20070711 VIPRE.Suspicious Symantec 10 20070711 no virus found TheHacker 6.1.6.144 20070709 no virus found VBA32 3.12.0.2 20070710 no virus found VirusBuster 4.3.23:9 20070711 no virus found Webwasher-Gateway 6.0.1 20070711 Win32.Malware.gen (suspicious) Aditional information File size: 61103 bytes MD5: 37044c9997dc472eff5faf261aaa5af9 SHA1: 0b4aa5d60c30be24c252d05982394d58a75c2313 Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. grpeui.dll : File grpeui.dll received on 07.11.2007 20:00:42 (CET) Current status: queued waiting scanning finished Antivirus Versión Last Update Result AhnLab-V3 2007.7.11.1 20070711 no virus found AntiVir 7.4.0.39 20070711 ADSPY/DuncanMonit.D Authentium 4.93.8 20070710 no virus found Avast 4.7.997.0 20070711 no virus found AVG 7.5.0.476 20070711 Obfustat.IF BitDefender 7.2 20070711 no virus found CAT-QuickHeal 9.00 20070711 no virus found ClamAV devel-20070416 20070711 no virus found DrWeb 4.33 20070711 no virus found eSafe 7.0.15.0 20070710 no virus found eTrust-Vet 30.8.3779 20070711 no virus found Ewido 4.0 20070711 no virus found FileAdvisor 1 20070711 no virus found Fortinet 2.91.0.0 20070711 no virus found F-Prot 4.3.2.48 20070710 no virus found Ikarus T3.1.1.8 20070711 no virus found Kaspersky 4.0.2.24 20070711 no virus found McAfee 5072 20070711 no virus found Microsoft 1.2704 20070711 no virus found Norman 5.80.02 20070711 no virus found Panda 9.0.0.4 20070711 Suspicious file Sophos 4.19.0 20070706 no virus found Sunbelt 2.2.907.0 20070711 VIPRE.Suspicious Symantec 10 20070711 no virus found TheHacker 6.1.6.144 20070709 no virus found VBA32 3.12.0.2 20070710 no virus found VirusBuster 4.3.23:9 20070711 no virus found Webwasher-Gateway 6.0.1 20070711 no virus found Aditional information File size: 92554 bytes MD5: 2f80045b7b380c73da12edf73efcbb78 SHA1: e79dae8ca71c8b1753c476aa61452047e9e8dc78 Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. und jkhffdd.dll : File jkhffdd.dll received on 07.11.2007 20:04:54 (CET) Current status: queued waiting scanning finished Antivirus Versión Last Update Result AhnLab-V3 2007.7.11.1 20070711 no virus found AntiVir 7.4.0.39 20070711 TR/Crypt.XPACK.Gen Authentium 4.93.8 20070710 no virus found Avast 4.7.997.0 20070711 no virus found BitDefender 7.2 20070711 no virus found CAT-QuickHeal 9.00 20070711 no virus found ClamAV devel-20070416 20070711 no virus found DrWeb 4.33 20070711 no virus found eTrust-Vet 30.8.3779 20070711 no virus found Ewido 4.0 20070711 no virus found FileAdvisor 1 20070711 no virus found Fortinet 2.91.0.0 20070711 no virus found F-Prot 4.3.2.48 20070710 no virus found Kaspersky 4.0.2.24 20070711 no virus found McAfee 5072 20070711 no virus found Microsoft 1.2704 20070711 no virus found NOD32v2 2393 20070711 no virus found Norman 5.80.02 20070711 no virus found Panda 9.0.0.4 20070711 Suspicious file Sophos 4.19.0 20070706 no virus found Sunbelt 2.2.907.0 20070711 VIPRE.Suspicious Symantec 10 20070711 no virus found TheHacker 6.1.6.144 20070709 no virus found VBA32 3.12.0.2 20070710 no virus found VirusBuster 4.3.23:9 20070711 no virus found Webwasher-Gateway 6.0.1 20070711 Trojan.Crypt.XPACK.Gen Aditional information File size: 13019 bytes MD5: d8571c8e24362cf62ca522a959861d75 SHA1: 4de9e0910cca782d58085d7214509bbed2d92e73 Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. |
Bitte aufgrund der schlechten Erkennung durch Virenscanner alle vier Dateien in ein Archiv packen und an die bereits bekannte Mailadresse senden. Allerdings bleibe ich dabei: Das System gehört neu aufgesetzt. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 14:32 Uhr. |
Copyright ©2000-2024, Trojaner-Board