![]() |
|
Plagegeister aller Art und deren Bekämpfung: MS Antivrus 2008 endlich weg?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() MS Antivrus 2008 endlich weg? Ich habe mich die letzten 3 Stunden mit dem MS AntiVirus 2008 herumgeschlagen. Dank diesem Forum habe ich SDFIX genutzt und habe nachher das weiter unten folgende Log erhalten: Gerade bin ich dabei dieses Sophon Programm durchlaufen zu lassen welches mit dabei war und werde danach wohl noch mal Malwarebytes scannen lass und zum guten Schluss Avira Antivir. Ist dann bei mir wieder alles im Lot? SDFix: Version 1.223 Run by Administrator on 10.09.2008 at 14:41 Microsoft Windows XP [Version 5.1.2600] Running From: C:\Dokumente und Einstellungen\Administrator\Desktop\Zips\SDFix\SDFix Checking Services : Rootkit Found : C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku Name : tdssserv Path : \systemroot\system32\drivers\TDSSserv.sys tdssserv - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Restoring Windows Product ID To Remove Fake Virus Alert Restoring Time Format To Remove Fake Virus Alert Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\lphcv0bj0egdj.exe - Deleted C:\WINDOWS\system32\fccbcCuV.dll - Deleted C:\WINDOWS\system32\phcv0bj0egdj.bmp - Deleted C:\WINDOWS\system32\blphcv0bj0egdj.scr - Deleted C:\Dokumente und Einstellungen\Administrator\Desktop\Error Cleaner.url - Deleted C:\Dokumente und Einstellungen\Administrator\Favoriten\Error Cleaner.url - Deleted C:\Dokumente und Einstellungen\Administrator\Desktop\Privacy Protector.url - Deleted C:\Dokumente und Einstellungen\Administrator\Favoriten\Privacy Protector.url - Deleted C:\Dokumente und Einstellungen\Administrator\Desktop\Spyware&Malware Protection.url - Deleted C:\Dokumente und Einstellungen\Administrator\Favoriten\Spyware&Malware Protection.url - Deleted C:\WINDOWS\privacy_danger\index.htm - Deleted C:\WINDOWS\privacy_danger\images\capt.gif - Deleted C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted C:\WINDOWS\privacy_danger\images\down.gif - Deleted C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted C:\Programme\PCHealthCenter\0.exe - Deleted C:\Programme\PCHealthCenter\0.gif - Deleted C:\Programme\PCHealthCenter\1.exe - Deleted C:\Programme\PCHealthCenter\1.gif - Deleted C:\Programme\PCHealthCenter\1.ico - Deleted C:\Programme\PCHealthCenter\2.exe - Deleted C:\Programme\PCHealthCenter\2.gif - Deleted C:\Programme\PCHealthCenter\2.ico - Deleted C:\Programme\PCHealthCenter\3.exe - Deleted C:\Programme\PCHealthCenter\3.gif - Deleted C:\Programme\PCHealthCenter\4.exe - Deleted C:\Programme\PCHealthCenter\5.exe - Deleted C:\Programme\PCHealthCenter\7.exe - Deleted C:\Programme\PCHealthCenter\sc.html - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt3.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt320.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt32D.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt332.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt336.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt346.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt348.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt34F.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt351.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt376.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt379.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt4.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt6.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt7.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt8.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.ttA.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.ttB.tmp - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\.tt8.tmp.vbs - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\lwpwer.exe.bat - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\smchk.exe.bat - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\windfr.exe.bat - Deleted C:\WINDOWS\system32\a.exe - Deleted C:\WINDOWS\vmgspntbter.dll - Deleted C:\Programme\MSA\msa0.dat - Deleted C:\Programme\MSA\msa1.dat - Deleted C:\Programme\MSA\MSA.cpl - Deleted C:\Programme\MSA\MSA.exe - Deleted C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TmpRecentIcons\MS Antivirus.lnk - Deleted C:\Dokumente und Einstellungen\Administrator\Desktop\Casino.url - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\lwpwer.exe - Deleted C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\removalfile.bat - Deleted C:\WINDOWS\dtseqrxk.dll - Deleted C:\WINDOWS\fqbewlna.dll - Deleted C:\WINDOWS\mgxfebsq.dll - Deleted C:\WINDOWS\mqgldfvo.exe - Deleted C:\WINDOWS\system32\1.ico - Deleted C:\WINDOWS\system32\2.ico - Deleted C:\WINDOWS\system32\casino1.ico - Deleted C:\WINDOWS\system32\casino2.ico - Deleted C:\WINDOWS\system32\casino3.ico - Deleted C:\WINDOWS\system32\MSA.cpl - Deleted C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted C:\WINDOWS\system32\tdssadw.dll - Deleted C:\WINDOWS\system32\tdssinit.dll - Deleted C:\WINDOWS\system32\tdssl.dll - Deleted C:\WINDOWS\system32\tdsslog.dll - Deleted C:\WINDOWS\system32\tdssmain.dll - Deleted C:\WINDOWS\system32\tdssservers.dat - Deleted Folder C:\Programme\PCHealthCenter - Removed Folder C:\WINDOWS\privacy_danger - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 14:49:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Programme\DAEMON Tools Pro\" "h0"=dword:00000000 "hdf12"=hex:17,8d,83,a5,6d,39,69,d3,1c,e5,fc,a9,eb,b8,07,27,85,0d,cd,1d,36,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,cf,20,9a,ff,4e,0d,58,4a,23,b4,bc,10,31,ea,3e,da,11,.. "hdf12"=hex:49,2e,dd,04,4d,79,06,ed,e2,93,21,a5,18,6d,2e,ca,f1,ff,90,8c,e6,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:97,d0,53,09,7b,10,1d,73,47,d9,54,a1,89,a2,c6,67,78,0c,f8,00,a3,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Programme\DAEMON Tools Pro\" "h0"=dword:00000000 "hdf12"=hex:17,8d,83,a5,6d,39,69,d3,1c,e5,fc,a9,eb,b8,07,27,85,0d,cd,1d,36,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,cf,20,9a,ff,4e,0d,58,4a,23,b4,bc,10,31,ea,3e,da,11,.. "hdf12"=hex:49,2e,dd,04,4d,79,06,ed,e2,93,21,a5,18,6d,2e,ca,f1,ff,90,8c,e6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:97,d0,53,09,7b,10,1d,73,47,d9,54,a1,89,a2,c6,67,78,0c,f8,00,a3,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\Programme\\Trillian\\trillian.exe"="C:\\Programme\\Trillian\\trillian.exe:*:Enabled:Trillian" "C:\\Programme\\Warcraft III\\war3.exe"="C:\\Programme\\Warcraft III\\war3.exe:*:Enabled:Warcraft III" "C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"="C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client" "C:\\Dokumente und Einstellungen\\Administrator\\Desktop\\pickup.listchecker.exe"="C:\\Dokumente und Einstellungen\\Administrator\\Desktop\\pickup.listchecker.exe:*:Enabled ![]() "C:\\Programme\\mIRC\\mirc.exe"="C:\\Programme\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " "C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service" "C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"="C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\Garena.exe:*:Enabled:Garena" "C:\\Programme\\Quake III Arena\\quake3.exe"="C:\\Programme\\Quake III Arena\\quake3.exe:* ![]() "C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main" "C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD" "C:\\Programme\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Programme\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater" "C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Programme\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server" "C:\\Programme\\Microsoft Games\\Age of Empires II\\empires2.exe"="C:\\Programme\\Microsoft Games\\Age of Empires II\\empires2.exe:* ![]() "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\\Programme\\THQ\\Dawn Of War\\W40k.exe"="C:\\Programme\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:* ![]() [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOKUME~1\ADMINI~1\Desktop\Zips\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 8 Sep 2008 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ccba472a05828aa2a3ee32c96c6466ca\BIT209.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ddcdc34461145abcbfe2d51292b74a9e\BITEF.tmp" Finished! |
Themen zu MS Antivrus 2008 endlich weg? |
1.exe, 1.tmp, 8.tmp, administrator, antivirus, application, avira, bonjour, components, controlset002, desktop, download, drivers, einstellungen, error, fake virus, format, helper, homepage, kgygaavl.sys, log, malwarebytes, nvidia, programm, programme, registry, saver, scan, screensaver, security, skype.exe, spyware, system, temp, windows, windows live messenger, windows xp, windows\system32\drivers |