Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antivirus XP 2008 (https://www.trojaner-board.de/60161-antivirus-xp-2008-a.html)

TheBlackout 18.09.2008 15:30
Antivirus XP 2008
 
Hi
Habe diesen komigen Trojaner nun auch drauf.
Woher kommt das bitte?
Ich habe absolut nichts runtergeladen, auf einmal kam ein Pop Up von diesem Programm :schmoll:

naja, ich habe Malwarebytes Anti-Malware gefunden, installiert und es läuft.
reicht es wenn ich ihn nur über c laufen lasse? oder muss er auch über d und e?
(d sind nur installierte spiele, e nur fotos)
läuft mittlerweile seit 1,30Std, werde langsam ungeduldig :S
aber lasse natürlich weiterlaufen....

Gibt es noch etwas anderes was ich parallel machen kann?

MFG

TheBlackout 18.09.2008 16:10
da es halt nur spiele und bilder waren ging der rest extrem schnell :)
So, hier nun mein Log. Bin ich ihn los?
schonmal danke!

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1166
Windows 5.1.2600 Service Pack 2

18.09.2008 17:10:02
mbam-log-2008-09-18 (17-10-02).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 297153
Laufzeit: 2 hour(s), 3 minute(s), 50 second(s)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 10
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 12
Infizierte Dateien: 27

Infizierte Speicherprozesse:
C:\Programme\rhccrhj0et77\rhccrhj0et77.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\pphc9rhj0et77.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Programme\rhccrhj0et77\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Programme\rhccrhj0et77\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Programme\rhccrhj0et77\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\system32\blphc9rhj0et77.scr (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc9rhj0et77 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\rhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\rhccrhj0et77\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\rhccrhj0et77.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\rhccrhj0et77.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhccrhj0et77\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\desktop.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc9rhj0et77.scr (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\lphc9rhj0et77.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\phc9rhj0et77.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc9rhj0et77.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\christ-jun\Lokale Einstellungen\Temp\.tt4F.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

TheBlackout 20.09.2008 11:45
keine kurze hilfe? :(


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19