Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MS Antivrus 2008 endlich weg?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.09.2008, 15:29   #1
SveGe
 
MS Antivrus 2008 endlich weg? - Standard

MS Antivrus 2008 endlich weg?



Ich habe mich die letzten 3 Stunden mit dem MS AntiVirus 2008 herumgeschlagen. Dank diesem Forum habe ich SDFIX genutzt und habe nachher das weiter unten folgende Log erhalten:
Gerade bin ich dabei dieses Sophon Programm durchlaufen zu lassen welches mit dabei war und werde danach wohl noch mal Malwarebytes scannen lass und zum guten Schluss Avira Antivir.
Ist dann bei mir wieder alles im Lot?


SDFix: Version 1.223
Run by Administrator on 10.09.2008 at 14:41

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Dokumente und Einstellungen\Administrator\Desktop\Zips\SDFix\SDFix

Checking Services :

Rootkit Found :
C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku

Name :
tdssserv

Path :
\systemroot\system32\drivers\TDSSserv.sys

tdssserv - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value
Restoring Windows Product ID To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\lphcv0bj0egdj.exe - Deleted
C:\WINDOWS\system32\fccbcCuV.dll - Deleted
C:\WINDOWS\system32\phcv0bj0egdj.bmp - Deleted
C:\WINDOWS\system32\blphcv0bj0egdj.scr - Deleted
C:\Dokumente und Einstellungen\Administrator\Desktop\Error Cleaner.url - Deleted
C:\Dokumente und Einstellungen\Administrator\Favoriten\Error Cleaner.url - Deleted
C:\Dokumente und Einstellungen\Administrator\Desktop\Privacy Protector.url - Deleted
C:\Dokumente und Einstellungen\Administrator\Favoriten\Privacy Protector.url - Deleted
C:\Dokumente und Einstellungen\Administrator\Desktop\Spyware&Malware Protection.url - Deleted
C:\Dokumente und Einstellungen\Administrator\Favoriten\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\Programme\PCHealthCenter\0.exe - Deleted
C:\Programme\PCHealthCenter\0.gif - Deleted
C:\Programme\PCHealthCenter\1.exe - Deleted
C:\Programme\PCHealthCenter\1.gif - Deleted
C:\Programme\PCHealthCenter\1.ico - Deleted
C:\Programme\PCHealthCenter\2.exe - Deleted
C:\Programme\PCHealthCenter\2.gif - Deleted
C:\Programme\PCHealthCenter\2.ico - Deleted
C:\Programme\PCHealthCenter\3.exe - Deleted
C:\Programme\PCHealthCenter\3.gif - Deleted
C:\Programme\PCHealthCenter\4.exe - Deleted
C:\Programme\PCHealthCenter\5.exe - Deleted
C:\Programme\PCHealthCenter\7.exe - Deleted
C:\Programme\PCHealthCenter\sc.html - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt3.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt320.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt32D.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt332.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt336.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt346.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt348.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt34F.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt351.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt376.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt379.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt4.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt6.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt7.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt8.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.ttA.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.ttB.tmp - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt8.tmp.vbs - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\lwpwer.exe.bat - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\smchk.exe.bat - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\windfr.exe.bat - Deleted
C:\WINDOWS\system32\a.exe - Deleted
C:\WINDOWS\vmgspntbter.dll - Deleted
C:\Programme\MSA\msa0.dat - Deleted
C:\Programme\MSA\msa1.dat - Deleted
C:\Programme\MSA\MSA.cpl - Deleted
C:\Programme\MSA\MSA.exe - Deleted
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TmpRecentIcons\MS Antivirus.lnk - Deleted
C:\Dokumente und Einstellungen\Administrator\Desktop\Casino.url - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\lwpwer.exe - Deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\dtseqrxk.dll - Deleted
C:\WINDOWS\fqbewlna.dll - Deleted
C:\WINDOWS\mgxfebsq.dll - Deleted
C:\WINDOWS\mqgldfvo.exe - Deleted
C:\WINDOWS\system32\1.ico - Deleted
C:\WINDOWS\system32\2.ico - Deleted
C:\WINDOWS\system32\casino1.ico - Deleted
C:\WINDOWS\system32\casino2.ico - Deleted
C:\WINDOWS\system32\casino3.ico - Deleted
C:\WINDOWS\system32\MSA.cpl - Deleted
C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
C:\WINDOWS\system32\tdssadw.dll - Deleted
C:\WINDOWS\system32\tdssinit.dll - Deleted
C:\WINDOWS\system32\tdssl.dll - Deleted
C:\WINDOWS\system32\tdsslog.dll - Deleted
C:\WINDOWS\system32\tdssmain.dll - Deleted
C:\WINDOWS\system32\tdssservers.dat - Deleted



Folder C:\Programme\PCHealthCenter - Removed
Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 14:49:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Programme\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:17,8d,83,a5,6d,39,69,d3,1c,e5,fc,a9,eb,b8,07,27,85,0d,cd,1d,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,cf,20,9a,ff,4e,0d,58,4a,23,b4,bc,10,31,ea,3e,da,11,..
"hdf12"=hex:49,2e,dd,04,4d,79,06,ed,e2,93,21,a5,18,6d,2e,ca,f1,ff,90,8c,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:97,d0,53,09,7b,10,1d,73,47,d9,54,a1,89,a2,c6,67,78,0c,f8,00,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Programme\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:17,8d,83,a5,6d,39,69,d3,1c,e5,fc,a9,eb,b8,07,27,85,0d,cd,1d,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,cf,20,9a,ff,4e,0d,58,4a,23,b4,bc,10,31,ea,3e,da,11,..
"hdf12"=hex:49,2e,dd,04,4d,79,06,ed,e2,93,21,a5,18,6d,2e,ca,f1,ff,90,8c,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:97,d0,53,09,7b,10,1d,73,47,d9,54,a1,89,a2,c6,67,78,0c,f8,00,a3,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Programme\\Trillian\\trillian.exe"="C:\\Programme\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Programme\\Warcraft III\\war3.exe"="C:\\Programme\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"="C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
"C:\\Dokumente und Einstellungen\\Administrator\\Desktop\\pickup.listchecker.exe"="C:\\Dokumente und Einstellungen\\Administrator\\Desktop\\pickup.listchecker.exe:*:Enabledickup.listchecker"
"C:\\Programme\\mIRC\\mirc.exe"="C:\\Programme\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"="C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\Garena.exe:*:Enabled:Garena"
"C:\\Programme\\Quake III Arena\\quake3.exe"="C:\\Programme\\Quake III Arena\\quake3.exe:*isabled:quake3"
"C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Programme\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Programme\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Programme\\Microsoft Games\\Age of Empires II\\empires2.exe"="C:\\Programme\\Microsoft Games\\Age of Empires II\\empires2.exe:*isabled:Age of Empires II"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Programme\\THQ\\Dawn Of War\\W40k.exe"="C:\\Programme\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*isabled:a"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOKUME~1\ADMINI~1\Desktop\Zips\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 8 Sep 2008 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ccba472a05828aa2a3ee32c96c6466ca\BIT209.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ddcdc34461145abcbfe2d51292b74a9e\BITEF.tmp"

Finished!

Alt 10.09.2008, 16:35   #2
SveGe
 
MS Antivrus 2008 endlich weg? - Standard

MS Antivrus 2008 endlich weg?



So, dass ist das Malware Ergebnis:

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1134
Windows 5.1.2600 Service Pack 2

10.09.2008 16:34:12
mbam-log-2008-09-10 (16-34-12).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 127497
Laufzeit: 1 hour(s), 3 minute(s), 21 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 27
Infizierte Dateiobjekte der Registrierung: 9
Infizierte Verzeichnisse: 0
Infizierte Dateien: 37

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\nryitkkk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqPjGab.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fuhdnj.dll (Trojan.Vundo) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{231617ee-a4b7-4f79-b95e-a95e5e072900} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{231617ee-a4b7-4f79-b95e-a95e5e072900} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{448f8542-2d77-4707-b423-a46133582c48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{448f8542-2d77-4707-b423-a46133582c48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\24d89631 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur330.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur33c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur322.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur329.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur323.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur330.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur33c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur322.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur329.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur323.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqpjgab -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqpjgab -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\urqPjGab.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\baGjPqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\baGjPqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuhdnj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nryitkkk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kkktiyrn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2O45I7QX\cntr[1].gif (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ASEFV267\CAZETPOZ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\DE612X42\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XGWOD8O4\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0000011.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001006.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001007.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001009.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001011.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001013.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001014.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001056.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001060.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001061.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001065.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9C324C7-D71C-4448-B228-FA0B74EE343E}\RP0\A0001058.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\erkn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcDSLfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urhjmjpk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoNHYq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvULCRKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programme\MSA\MSA.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdsspopup.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdsspopup1.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdsspopup2.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdsspopup3.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR323.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\YUR8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
__________________


Alt 11.09.2008, 23:58   #3
SveGe
 
MS Antivrus 2008 endlich weg? - Standard

MS Antivrus 2008 endlich weg?



Ich pushe das mal ein wenig...
Antivir hat übrigens nochmal 11 Viren gefunden und gelöscht.
__________________

Alt 12.09.2008, 00:02   #4
Silent sharK
 

MS Antivrus 2008 endlich weg? - Standard

MS Antivrus 2008 endlich weg?



Hi,
Zitat:
Antivir hat übrigens nochmal 11 Viren gefunden und gelöscht.
Genauer Pfad bitte angeben.

Sonst:

ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)
__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.


Antwort

Themen zu MS Antivrus 2008 endlich weg?
1.exe, 1.tmp, 8.tmp, administrator, antivirus, application, avira, bonjour, components, controlset002, desktop, download, drivers, einstellungen, error, fake virus, format, helper, homepage, kgygaavl.sys, log, malwarebytes, nvidia, programm, programme, registry, saver, scan, screensaver, security, skype.exe, spyware, system, temp, windows, windows live messenger, windows xp, windows\system32\drivers



Ähnliche Themen: MS Antivrus 2008 endlich weg?


  1. nationzoom ist endlich weg!
    Lob, Kritik und Wünsche - 03.01.2014 (0)
  2. Ende des Mainstream-Supports für Windows Server 2008 und 2008 R2 steht fest
    Nachrichten - 25.09.2012 (0)
  3. Bin ich sie endlich los?
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (7)
  4. Bin ich den Trojaner endlich los???
    Mülltonne - 30.01.2008 (1)
  5. Ich bin endlich Reich!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2007 (0)
  6. Endlich sauber?
    Log-Analyse und Auswertung - 03.12.2007 (3)
  7. Bin ich endlich Virenfrei ??? LOG FILE ?
    Log-Analyse und Auswertung - 16.10.2007 (16)
  8. System endlich sauber`?
    Log-Analyse und Auswertung - 05.07.2007 (2)
  9. na Endlich
    Mülltonne - 12.06.2005 (0)
  10. Endlich DSL - und ein Megaproblem :(
    Netzwerk und Hardware - 09.09.2004 (18)
  11. CWS-Endlich weg!
    Plagegeister aller Art und deren Bekämpfung - 14.07.2004 (2)
  12. KDE 3.1 ist endlich fertig
    Alles rund um Mac OSX & Linux - 28.01.2003 (3)

Zum Thema MS Antivrus 2008 endlich weg? - Ich habe mich die letzten 3 Stunden mit dem MS AntiVirus 2008 herumgeschlagen. Dank diesem Forum habe ich SDFIX genutzt und habe nachher das weiter unten folgende Log erhalten: Gerade - MS Antivrus 2008 endlich weg?...
Archiv
Du betrachtest: MS Antivrus 2008 endlich weg? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.