Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Unbekannter Virus/Malware (https://www.trojaner-board.de/92243-unbekannter-virus-malware.html)

Nexon 27.10.2010 10:35
Unbekannter Virus/Malware
 
Hallo,

Ich habe seit kurzem einen mir unebkannten Virus/Malware auf dem PC. Bisher sichtbare Anzeichen waren, dass ich ab und zu auf seltsame Sites umegleitet werde, dass der "Prozesse aller Benutzer anzeigen"-Button im Taskmanager nicht mehr funktioniert und dass sich verschiedene Programme aufgrund der Internetsicherheitseisntellungen nich mehr über ihre Verknüfung öffnen lassen - über die *.exe aber schon. Das Problem war recht plötzlich da.
Zudem öffnet sich, beim Surfen mit Firefox, hin und wieder der IE mit links für "DivX-Player-Updates" und ähnlichen späßchen.

Was mir im Taskmanager auffällt sind die Prozesse
Ksr.exe
Kss.exe
Ksu.exe

alle drei haben die Beschreibung "Silvers". Ich weiß nicht, was das sein soll.

HJT-Log: h**p://www.pasteme.org/8d9a8d61e5dfd457390aab366131c78a

Ich hoffe ihr könnt mir helfen.
MfG und einen schönen Tag

Offebsichtlich hat es sich primär um das Tdss.rootkit gehandelt.

Malwarebytes sagt folgendes:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
 
Datenbank Version: 4962
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
27.10.2010 13:30:11
mbam-log-2010-10-27 (13-30-11).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133796
Laufzeit: 5 Minute(n), 43 Sekunde(n)
 
Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 11
Infizierte Dateien: 104
 
Infizierte Speicherprozesse:
C:\Users\User\AppData\Local\Temp\Kss.exe (Rootkit.TDSS) -> Unloaded process successfully.
C:\Users\User\AppData\Local\Temp\Ksu.exe (Rootkit.TDSS) -> Unloaded process successfully.
C:\Users\User\AppData\Local\Temp\Ksr.exe (Rootkit.TDSS) -> Unloaded process successfully.
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Rootkit.TDSS) -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (c:\windows\system32\userinit.exe,C:\Windows\system32\MPK\mpk.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.
 
Infizierte Verzeichnisse:
C:\ProgramData\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Free Keylogger (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.
 
Infizierte Dateien:
C:\Users\User\AppData\Local\Temp\Kss.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\Ksu.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\Ksr.exe (Rootkit.TDSS) -> Delete on reboot.
C:\Users\User\AppData\Local\Temp\sshnas21.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\Ksp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\Ksq.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\Kst.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\Ksv.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\Ksw.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40419_8386441667 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40419_9113683218 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_4047042940 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_4086518056 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40451_4763852894 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40462_5151738773 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40464_6903753935 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40464_6909912847 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40464_7037096296 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40464_7047739931 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40464_7054574421 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40465_5599208449 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Free Keylogger\ REFOG Free Keylogger im Internet.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Free Keylogger\Jetzt bestellen!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Free Keylogger\Rabatt holen!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Free Keylogger\REFOG Free Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Brazilian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\icon.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Italian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Japanese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\lnkmst.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\MPKView.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Portuguese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\unins000.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Der Refog KGB Keylogger wirde übrigens von mir installiert, ich hab ihn jetzt aber auch mal entfernt. Hat dieses Rootkit auch einen Keylogger? Wenn ja müsste ich nämlich einiges an Passwörtern ändern...

MfG

Nexon 27.10.2010 17:44
Erledigt sich hiermit, ich werde Windows neu installieren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27