Security Shield - komplett entfernt?

lullu · 30.06.2012, 21:56

Hallo zusammen!
Habe mir heute den Virus Security Shield eingefangen und dann laut der Anleitung in diesem Forum entfernt. Da rkill nicht funktioniert hat und der Virus auch erst entfernt war nachdem ich Malwarebytes Antimalware mit OTH hab durchlaufen lassen, wüsste ich gerne ob der Virus jetzt komplett entfernt ist...

1.Scan von Malwarebytes
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
*** :: HAMMER [limited]

30.06.2012 21:21:38
mbam-log-2012-06-30 (21-21-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308539
Time elapsed: 45 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Delete on reboot.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\uvbijyvmn.exe (Trojan.Lameshield) -> Delete on reboot.
C:\DATEN\Counter-Strike\platform\Admin\AdminServer.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\DATEN\Installationsdateien\SoftonicDownloader_fuer_windows-xp-mode.exe (PUP.OfferBundler.ST) -> Delete on reboot.
C:\DATEN\Spiele\Counter-Strike\platform\Admin\AdminServer.dll (Malware.Packer.Gen) -> Delete on reboot.
C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

2.Scan (mit OTH)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
*** :: HAMMER [limited]

30.06.2012 22:18:57
mbam-log-2012-06-30 (22-18-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 166749
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Delete on reboot.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL log
OTL logfile created on: 30.06.2012 22:41:21 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 70,49% Memory free
3,73 Gb Paging File | 3,32 Gb Available in Paging File | 89,19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 104,67 Gb Total Space | 5,85 Gb Free Space | 5,59% Space Free | Partition Type: NTFS

Computer Name: HAMMER | User Name: *** | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.30 22:37:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.04.14 17:42:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.02.18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.09.30 17:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2008.09.30 17:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.07.21 17:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.20 10:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2006.06.12 10:23:24 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
PRC - [2006.05.12 11:27:04 | 000,831,488 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006.05.03 20:11:02 | 000,520,192 | ---- | M] (SAMSUNG) -- C:\Programme\SAMSUNG\DisplayManager\dmhkcore.exe

========== Modules (No Company Name) ==========

MOD - [2011.06.23 21:40:32 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.04.14 17:42:36 | 001,016,280 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll
MOD - [2010.06.03 02:51:08 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.04.27 23:49:26 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2008.09.30 18:43:36 | 000,139,264 | ---- | M] () -- C:\Programme\OpenOffice.org 3\Basis\program\nsldap32v50.dll
MOD - [2008.07.29 16:11:38 | 000,297,984 | ---- | M] () -- C:\Programme\OpenOffice.org 3\Basis\program\libxmlsec.dll
MOD - [2008.07.29 15:59:22 | 000,165,376 | ---- | M] () -- C:\Programme\OpenOffice.org 3\Basis\program\libxslt.dll
MOD - [2008.07.29 15:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2006.05.12 11:27:04 | 000,831,488 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [2005.07.12 17:34:22 | 000,045,056 | ---- | M] () -- C:\Programme\SAMSUNG\MagicKBD\EasyBoxDll.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown (-1) | Unknown] -- -- (aszgadrf)
SRV - File not found [On_Demand | Unknown] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Unknown] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.09.23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Unknown] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.08.03 20:42:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.02.20 14:44:19 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.07.21 17:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Unknown] -- C:\Programme\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007.09.20 16:35:38 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\SYSTEM32\DRIVERS\TVICPORT.SYS -- (TVICPORT)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump)
DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] -- -- (Changer)
DRV - File not found [Unknown (-1) | Unknown (-1) | Unknown] -- -- (aszgadrf)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (anxwzi1h)
DRV - [2012.06.30 20:08:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.05.13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010.05.06 17:28:37 | 000,033,824 | ---- | M] () [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.04.20 23:06:32 | 000,721,904 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.12.05 07:26:40 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.09.24 10:05:58 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
DRV - [2007.09.24 10:05:58 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
DRV - [2007.05.03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006.11.21 12:24:56 | 000,369,152 | R--- | M] (DiBcom) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mod7700.sys -- (mod7700)
DRV - [2006.11.14 18:59:12 | 000,013,056 | R--- | M] (DiBcom S.A.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC)
DRV - [2006.06.27 13:50:36 | 010,148,480 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.04.06 07:20:44 | 004,258,816 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.01.18 11:41:58 | 000,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.01.16 04:15:24 | 000,470,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\SSB2413.sys -- (SSB2413)
DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005.11.01 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.11.01 18:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.02.01 16:55:40 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\DATEN\Nameless-RO\npkcrypt.sys -- (npkcrypt)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2000.08.24 02:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

Wie gesagt, bin etwas überfordert, sollte euch noch irgendwas an logs fehlen sagt bescheid..wär sehr dankbar über hilfe!

Security Shield - komplett entfernt?

Log-Analyse und Auswertung: Security Shield - komplett entfernt?

Security Shield - komplett entfernt?

Ähnliche Themen: Security Shield - komplett entfernt?