dragonage.exe
|
dragonage.exe, Win32.IRCBotO23 - Service: Dragon Age - Bioware - Unknown owner - C:\WINDOWS\System32\dllcache\dragonage.exe O23 - Service: Microsoft Star Window Service - Unknown owner - C:\WINDOWS\System32\dllcache\starwin32.exe O23 - Service: Italian Grand Prix - Unknown owner - C:\WINNT\system32\dllcache\grand.exe O23 - Service: MSCommmand - Unknown owner - C:\WINDOWS\System32\dllcache\mswincom32.exe O23 - Service: World Of Warcraft - Unknown owner - C:\WINDOWS\System32\dllcache\warcraft.exe C:\WINDOWS\system32\27031_redworld.exe C:\WINDOWS\system32\dllcache\mswincom32.exe Infected: Backdoor.Win32.VanBot.e C:\WINDOWS\system32\dllcache\warcraft.exe Infected: Backdoor.Win32.SdBot.avz C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[10].exe Infected: Backdoor.Win32.VanBot.e C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[11].exe Infected: Backdoor.Win32.VanBot.e C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[12].exe Infected: Backdoor.Win32.VanBot.e C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[13].exe Infected: Backdoor.Win32.VanBot.e C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[14].exe Infected: Backdoor.Win32.VanBot.e C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[15].exe Infected: Backdoor.Win32.VanBot.e C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[16].exe Infected: Backdoor.Win32.VanBot.e C:\WINDOWS\System32\dllcache und ok. kopiere rein und poste alles, was im Texteditor erscheint
HKLM\SYSTEM\CurrentControlSet\Services\DragonAge - Bioware HKLM\SYSTEM\CurrentControlSet\Services\Microsoft Star Window Service HKLM\SYSTEM\CurrentControlSet\Services\Italian Grand Prix HKLM\SYSTEM\CurrentControlSet\Services\wuauserv Start 4 HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess Start 4 Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF). HKLM\SOFTWARE\Microsoft\Ole EnableDCOM N HKLM\SYSTEM\CurrentControlSet\Control\Lsa lmcompatibilitylevel 1 HKLM\SYSTEM\CurrentControlSet\Control\Lsa restrictanonymous 1 Win32.IRCBot.wo attempts to terminate a number of processes related to security and anti-virus applications
|