Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antivirus XP 2008 (https://www.trojaner-board.de/60161-antivirus-xp-2008-a.html)

TheBlackout 18.09.2008 15:30
Antivirus XP 2008
 
Hi
Habe diesen komigen Trojaner nun auch drauf.
Woher kommt das bitte?
Ich habe absolut nichts runtergeladen, auf einmal kam ein Pop Up von diesem Programm :schmoll:

naja, ich habe Malwarebytes Anti-Malware gefunden, installiert und es läuft.
reicht es wenn ich ihn nur über c laufen lasse? oder muss er auch über d und e?
(d sind nur installierte spiele, e nur fotos)
läuft mittlerweile seit 1,30Std, werde langsam ungeduldig :S
aber lasse natürlich weiterlaufen....

Gibt es noch etwas anderes was ich parallel machen kann?

MFG

TheBlackout 18.09.2008 16:10
da es halt nur spiele und bilder waren ging der rest extrem schnell :)
So, hier nun mein Log. Bin ich ihn los?
schonmal danke!

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1166
Windows 5.1.2600 Service Pack 2

18.09.2008 17:10:02
mbam-log-2008-09-18 (17-10-02).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 297153
Laufzeit: 2 hour(s), 3 minute(s), 50 second(s)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 10
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 12
Infizierte Dateien: 27

Infizierte Speicherprozesse:
C:\Programme\rhccrhj0et77\rhccrhj0et77.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\pphc9rhj0et77.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Programme\rhccrhj0et77\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Programme\rhccrhj0et77\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Programme\rhccrhj0et77\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\system32\blphc9rhj0et77.scr (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc9rhj0et77 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\rhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\rhccrhj0et77.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\rhccrhj0et77.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\desktop.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc9rhj0et77.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\lphc9rhj0et77.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\phc9rhj0et77.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc9rhj0et77.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Lokale Einstellungen\Temp\.tt4F.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

TheBlackout 20.09.2008 11:45
keine kurze hilfe? :(


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131