Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Kriege Antivir nicht mehr weg....

Kriege Antivir nicht mehr weg....


Log-Analyse und Auswertung: Kriege Antivir nicht mehr weg....

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.07.2009, 03:02   #1
muuuh
 
Kriege Antivir nicht mehr weg.... - Standard

Kriege Antivir nicht mehr weg....


Mein Antivir zeigt mir viele verschiedene Viruswarnungen an! Unter anderem TR/PSW.WOW.ijw oder TR renos.okz oder BDS. REFPRON 98816C.12 oder tr spy agent.xel
Versuche sie zu schliessen funktioniert aber nicht...
Hier ist mein Logfile:
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:33:14, on 10.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\ComCenter\IWatch.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\explorer.exe
C:\Programme\...\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Avira\AntiVir Desktop\avcenter.exe
C:\Programme\Avira\AntiVir Desktop\avscan.exe
C:\Programme\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Dokumente und Einstellungen\Saturn\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.spiegel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = h**p=www.arcor.com:80
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\...\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\...\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cognac] C:\DOKUME~1\Saturn\LOKALE~1\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\ComCenter\IWatch.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03ED2674-0FA1-4CE6-8E4D-9FA8C9C8B1DF}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{03ED2674-0FA1-4CE6-8E4D-9FA8C9C8B1DF}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{03ED2674-0FA1-4CE6-8E4D-9FA8C9C8B1DF}: NameServer = 192.168.121.252,192.168.121.253
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: ,C:\DOKUME~1\Saturn\LOKALE~1\Temp\133015621mxx.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing)

--
End of file - 13106 bytes

Alt 10.07.2009, 03:22   #2
Kaos
 
Kriege Antivir nicht mehr weg.... - Standard

Kriege Antivir nicht mehr weg....


Hallo muuuh und

Lade dir Malwarebytes Anti-Malware. Lass alles gefundene entfernen und Poste das Ergebnis hier.

mfg, Kaos
__________________
Alt 10.07.2009, 08:51   #3
muuuh
 
Kriege Antivir nicht mehr weg.... - Standard

Kriege Antivir nicht mehr weg....


So, habe das mal gemacht und es scheint geholfen zu haben.
Hier ist der Bericht!
DC:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Dokumente und Einstellungen\Saturn\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-33cf-aax5-35gx1c642122} (Backdoor.IRCBot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxpers (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Delete on reboot.

Infizierte Dateien:
C:\WINDOWS\system32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe (Backdoor.IRCBot) -> Delete on reboot.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\Temp\260.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\Temp\~TM5A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\Temp\509.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\R4164ZX4\exkll[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\NLO570RF\wwgxyy[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\2AHSY658\wfcdqr[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\2AHSY658\rnbbctgfpd[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\IEEFHJ5W\fivijnnboc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\IYRJ7P4K\vfcggulym[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\IYRJ7P4K\uaobttgu[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\3OEO5M29\pwsggkycpq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\9TM8FG1R\vffgmffg[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\PKYCYWWK\pqz[1].exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\PKYCYWWK\flvjj[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\startmenü\programme\autostart\zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\RESTORE\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv351245771011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\Temp\BN5E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Saturn\Lokale Einstellungen\Temp\b.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Dokumente und Einstellungen\Saturn\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-33cf-aax5-35gx1c642122} (Backdoor.IRCBot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxpers (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Delete on reboot.

Infizierte Dateien:
C:\WINDOWS\system32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe (Backdoor.IRCBot) -> Delete on reboot.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\Temp\260.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\Temp\~TM5A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\Temp\509.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\R4164ZX4\exkll[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\NLO570RF\wwgxyy[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\2AHSY658\wfcdqr[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\2AHSY658\rnbbctgfpd[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\IEEFHJ5W\fivijnnboc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\IYRJ7P4K\vfcggulym[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\IYRJ7P4K\uaobttgu[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\3OEO5M29\pwsggkycpq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\9TM8FG1R\vffgmffg[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\PKYCYWWK\pqz[1].exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\temporary internet files\Content.IE5\PKYCYWWK\flvjj[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\startmenü\programme\autostart\zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\RESTORE\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv351245771011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\lokale einstellungen\Temp\BN5E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Saturn\Lokale Einstellungen\Temp\b.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Saturn\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

Danke für deine Hilfe....
__________________
Alt 10.07.2009, 14:20   #4
Kaos
 
Kriege Antivir nicht mehr weg.... - Standard

Kriege Antivir nicht mehr weg....


Das ist ingesamt ein echt schwerer Befall. Ich kann dir hier nur eine Neuinstallation empfehlen, es würde schneller gehen und wäre sicherer. Halte dich dabei bitte genau an die Anleitung.

Nach der Neuinstallation ist es wichtig, das du den Autostart für alle Laufwerke deaktivierst. Bevor du dann irgendwelche Dateien von einem externen Laufwerk benutzt prüfe diese gründlich auf Malware.

mfg, Kaos

Antwort

Themen zu Kriege Antivir nicht mehr weg....
adobe, antivir, antivir guard, avgnt, avgnt.exe, avira, bho, browser, desktop, einstellungen, explorer, firefox, hijack, hijackthis, hkus\s-1-5-18, home, internet, internet explorer, launch, logfile, mozilla, object, registry, senden, software, system, temp, weg..., windows, windows xp


« internet laggt + ist langsam | Firefox geht nicht aber Internet Explorer? »


Ähnliche Themen: Kriege Antivir nicht mehr weg....


  1. Windows 7: AntiVir startet nicht mehr
    Log-Analyse und Auswertung - 09.07.2014 (9)
  2. AntiVir funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (21)
  3. Avira Antivir funktioniert nicht mehr - updated auch nicht - sowie Windows Warnung
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (7)
  4. otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg
    Plagegeister aller Art und deren Bekämpfung - 23.02.2011 (21)
  5. Avira Antivir startet nicht mehr - Download von Dateien nicht mehr möglich
    Log-Analyse und Auswertung - 06.10.2010 (34)
  6. AntiVir meldet Trojaner - Kriege die nicht weg
    Log-Analyse und Auswertung - 16.08.2010 (5)
  7. Security Tool&Antivir Solution Pro - ich kriege es nicht gelöscht :(
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (9)
  8. Habe Windows Security Alerts kriege es nicht mehr weg
    Log-Analyse und Auswertung - 04.04.2010 (1)
  9. kann Antivir nicht mehr installieren (genau wie Java und Defrag geht auch nicht)
    Log-Analyse und Auswertung - 14.07.2009 (4)
  10. Avira Antivir startet nicht mehr
    Antiviren-, Firewall- und andere Schutzprogramme - 29.05.2009 (10)
  11. Antivir startet nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 08.04.2009 (7)
  12. Trojaner an Board? Antivir updated nicht mehr, Ad aware auch nicht...
    Log-Analyse und Auswertung - 12.02.2009 (22)
  13. Antivir hilft nicht mehr. 7 Virenfunde, die nicht gelöscht werden können
    Log-Analyse und Auswertung - 07.12.2008 (1)
  14. Antivir kann nicht mehr updaten
    Mülltonne - 21.10.2008 (0)
  15. AntiVir update geht nicht mehr.
    Mülltonne - 09.07.2008 (0)
  16. Antivir 7 NICHT mehr kostenlos alternative?
    Antiviren-, Firewall- und andere Schutzprogramme - 24.06.2006 (3)
  17. antivir startet nicht mehr!
    Log-Analyse und Auswertung - 04.03.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Kriege Antivir nicht mehr weg.... - Mein Antivir zeigt mir viele verschiedene Viruswarnungen an! Unter anderem TR/PSW.WOW.ijw oder TR renos.okz oder BDS. REFPRON 98816C.12 oder tr spy agent.xel Versuche sie zu schliessen funktioniert aber nicht... Hier - Kriege Antivir nicht mehr weg.......
Archiv
Du betrachtest: Kriege Antivir nicht mehr weg.... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130