TR/Crypt.ULPM.Gen Trojan & BDS/Agent.49152.G

sandraline

Hallo,

gestern bei der Eingabe meiner Kreditkartendaten auf einer Mietwagenhomepage hat Windows ein Problem festgestellt und musste beendet werden, leider weiß ich nicht mehr was da stand. Da ich ziemlich schludrig mit meinem Rechner in letzter Zeit umgegangen bin und auch keinen aktuellen Virenschutz mehr hatte habe ich erstaml die Kreditkarte sperren lassen, Antivirpersonal neu installiert und durchlaufen lassen dabei wurden 9 Viren gefunden.. davon konnten nur 4 in Quarantäne verschoben werden, bin dann mit Malwarebytes drüber der hat die restlichen gelöscht.. habe mit Tuneuputilities den Rechner gewartet und dann war ich auch schon am Ende meines Lateins.. jetzt würde ich gerne wissen ob der Rechner wieder in Ordnung ist und sende euch mal die Logfiles von Antivir und Malewarebytes (habe heute morgen noch mal beide Scanner durchlaufen lassen da wurde nichts mehr gefunden):


Avira AntiVir Personal
Report file date: Freitag, 25. Februar 2011 21:18

Scanning for 2364983 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MADONNNA

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14.01.2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10.01.2011 13:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01.04.2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10.01.2011 13:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:50
VBASE002.VDF : 7.11.0.1 2048 Bytes 14.12.2010 13:23:50
VBASE003.VDF : 7.11.0.2 2048 Bytes 14.12.2010 13:23:50
VBASE004.VDF : 7.11.0.3 2048 Bytes 14.12.2010 13:23:50
VBASE005.VDF : 7.11.0.4 2048 Bytes 14.12.2010 13:23:50
VBASE006.VDF : 7.11.0.5 2048 Bytes 14.12.2010 13:23:50
VBASE007.VDF : 7.11.0.6 2048 Bytes 14.12.2010 13:23:50
VBASE008.VDF : 7.11.0.7 2048 Bytes 14.12.2010 13:23:50
VBASE009.VDF : 7.11.0.8 2048 Bytes 14.12.2010 13:23:50
VBASE010.VDF : 7.11.0.9 2048 Bytes 14.12.2010 13:23:50
VBASE011.VDF : 7.11.0.10 2048 Bytes 14.12.2010 13:23:50
VBASE012.VDF : 7.11.0.11 2048 Bytes 14.12.2010 13:23:50
VBASE013.VDF : 7.11.0.52 128000 Bytes 16.12.2010 14:54:35
VBASE014.VDF : 7.11.0.91 226816 Bytes 20.12.2010 16:12:47
VBASE015.VDF : 7.11.0.122 136192 Bytes 21.12.2010 18:09:26
VBASE016.VDF : 7.11.0.156 122880 Bytes 24.12.2010 08:41:13
VBASE017.VDF : 7.11.0.185 146944 Bytes 27.12.2010 13:39:57
VBASE018.VDF : 7.11.0.228 132608 Bytes 30.12.2010 15:23:58
VBASE019.VDF : 7.11.1.5 148480 Bytes 03.01.2011 16:45:39
VBASE020.VDF : 7.11.1.37 156672 Bytes 07.01.2011 08:30:06
VBASE021.VDF : 7.11.1.65 140800 Bytes 10.01.2011 12:12:43
VBASE022.VDF : 7.11.1.87 225280 Bytes 11.01.2011 13:47:36
VBASE023.VDF : 7.11.1.88 2048 Bytes 11.01.2011 13:47:36
VBASE024.VDF : 7.11.1.89 2048 Bytes 11.01.2011 13:47:36
VBASE025.VDF : 7.11.1.90 2048 Bytes 11.01.2011 13:47:36
VBASE026.VDF : 7.11.1.91 2048 Bytes 11.01.2011 13:47:37
VBASE027.VDF : 7.11.1.92 2048 Bytes 11.01.2011 13:47:37
VBASE028.VDF : 7.11.1.93 2048 Bytes 11.01.2011 13:47:37
VBASE029.VDF : 7.11.1.94 2048 Bytes 11.01.2011 13:47:37
VBASE030.VDF : 7.11.1.95 2048 Bytes 11.01.2011 13:47:37
VBASE031.VDF : 7.11.1.117 94208 Bytes 13.01.2011 12:34:25
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 10.01.2011 13:23:26
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 06.01.2011 16:51:44
AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10.01.2011 13:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10.01.2011 13:23:25
AEPACK.DLL : 8.2.4.7 512375 Bytes 06.01.2011 16:51:44
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 10.01.2011 13:23:25
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 06.01.2011 16:51:44
AEHELP.DLL : 8.1.16.0 246136 Bytes 10.01.2011 13:23:19
AEGEN.DLL : 8.1.5.1 397683 Bytes 06.01.2011 16:51:43
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:23:18
AECORE.DLL : 8.1.19.0 196984 Bytes 10.01.2011 13:23:18
AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10.01.2011 13:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10.01.2011 13:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10.01.2011 13:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10.01.2011 13:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10.01.2011 13:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10.01.2011 13:23:52

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\TEMP\AVGUARD_4dba16bf\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Freitag, 25. Februar 2011 21:18

The scan of running processes will be started
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en[1].exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'TuneUpUtilitiesApp32.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'WMPNetwk.exe' - '1' Module(s) have been scanned
Scan process 'TuneUpUtilitiesService32.exe' - '1' Module(s) have been scanned
Scan process 'TUProgSt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'WMPNSCFG.exe' - '1' Module(s) have been scanned
Scan process 'NPSAgent.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ContentTransferWMDetector.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\WINDOWS\mmcpsink.dll'
C:\WINDOWS\mmcpsink.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.49152.G back-door program
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\chardmin> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '57e28b89.qua'.


End of the scan: Freitag, 25. Februar 2011 21:23
Used time: 04:40 Minute(s)

The scan has been done completely.

0 Scanned directories
481 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
480 Files not concerned
3 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

Malwarebytes Bericht:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5880

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.02.2011 09:00:40
mbam-log-2011-02-26 (09-00-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 221370
Laufzeit: 1 Stunde(n), 0 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\System Volume Information\_restore{79F9B43C-7141-49C2-866E-27B8C28A4881}\RP568\A0108402.dll (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\gpupdate.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\usernt.dat (Malware.Trace) -> Quarantined and deleted successfully.

Danke schon mal im Voraus..