Archiv
Ansicht:   
Suche   erweiterte Suche

Nachricht aus dem Archiv

Christina [Gast] schrieb am 25.April.2010, 18:36:25 in der Kategorie pc.security

ave.exe Virus - getarnt als Windows Firewall / Vorgehen

Sorry, hat ein wenig gedauert, aber ich glaub jetzt hab ich es geschafft. hier ist mal der report von malwarebytes:

Malwarebytes\' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4033

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

25.04.2010 17:01:19
mbam-log-2010-04-25 (17-01-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 106114
Laufzeit: 4 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 3
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\FIREFOX.EXE\\shell\\open\\command\\(default) (Hijack.StartMenuInternet) -> Bad: (\"C:\\Users\\moi\\AppData\\Local\\ave.exe\" /START \"C:\\Program Files\\Mozilla Firefox\\firefox.exe\") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\IEXPLORE.EXE\\shell\\open\\command\\(default) (Hijack.StartMenuInternet) -> Bad: (\"C:\\Users\\moi\\AppData\\Local\\ave.exe\" /START \"C:\\Program Files\\Internet Explorer\\iexplore.exe\") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\FIREFOX.EXE\\shell\\safemode\\command\\(default) (Hijack.StartMenuInternet) -> Bad: (\"C:\\Users\\moi\\AppData\\Local\\ave.exe\" /START \"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\\Program Files\\Mozilla Firefox\\extensions\\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\\Program Files\\Mozilla Firefox\\extensions\\{9CE11043-9A15-4207-A565-0C94C42D590D}\\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\\Program Files\\Mozilla Firefox\\extensions\\{9CE11043-9A15-4207-A565-0C94C42D590D}\\chrome\\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\\Users\\moi\\AppData\\Local\\Temp\\Temp1_final cut windosw [crack][fixed].zip\\patch.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\\Program Files\\Mozilla Firefox\\extensions\\{9CE11043-9A15-4207-A565-0C94C42D590D}\\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\\Program Files\\Mozilla Firefox\\extensions\\{9CE11043-9A15-4207-A565-0C94C42D590D}\\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\\Program Files\\Mozilla Firefox\\extensions\\{9CE11043-9A15-4207-A565-0C94C42D590D}\\chrome\\content\\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.









und hier ist das logfile von avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file \"c:\\windows\\system32\\comuid32.dll\" not found!
Deletion of file \"c:\\windows\\system32\\comuid32.dll\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\Windows\\System32\\console32.dll\" not found!
Deletion of file \"C:\\Windows\\System32\\console32.dll\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\Users\\moi\\AppData\\Local\\ave.exe\" not found!
Deletion of file \"C:\\Users\\moi\\AppData\\Local\\ave.exe\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\ProgramData\\CertEnrollUI32.dll\" not found!
Deletion of file \"C:\\ProgramData\\CertEnrollUI32.dll\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\Windows\\System32\\atiumdva32.dll\" not found!
Deletion of file \"C:\\Windows\\System32\\atiumdva32.dll\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\ProgramData\\cdosys32.dll\" not found!
Deletion of file \"C:\\ProgramData\\cdosys32.dll\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\Users\\moi\\AppData\\Local\\Temp\\3B13.tmp\" not found!
Deletion of file \"C:\\Users\\moi\\AppData\\Local\\Temp\\3B13.tmp\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\Users\\moi\\AppData\\Local\\Temp\\4859.tmp\" not found!
Deletion of file \"C:\\Users\\moi\\AppData\\Local\\Temp\\4859.tmp\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: \"C:\\Users\\moi\\AppData\\Local\\Temp\\Temp1_final cut windosw [crack][fixed].zip\" is a folder, not a file!
Deletion of file \"C:\\Users\\moi\\AppData\\Local\\Temp\\Temp1_final cut windosw [crack][fixed].zip\" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use \"Folders to delete:\" instead of \"Files to delete:\" to delete a directory


Error: file \"C:\\Users\\moi\\AppData\\Local\\b5bq8uC1G1B\" not found!
Deletion of file \"C:\\Users\\moi\\AppData\\Local\\b5bq8uC1G1B\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\ProgramData\\b5bq8uC1G1B\" not found!
Deletion of file \"C:\\ProgramData\\b5bq8uC1G1B\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\ProgramData\\1113184691\" not found!
Deletion of file \"C:\\ProgramData\\1113184691\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\ProgramData\\540798596\" not found!
Deletion of file \"C:\\ProgramData\\540798596\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\ProgramData\\sl1104837654\" not found!
Deletion of file \"C:\\ProgramData\\sl1104837654\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\Users\\moi\\AppData\\Roaming\\02000000250a30a4891P.manifest\" not found!
Deletion of file \"C:\\Users\\moi\\AppData\\Roaming\\02000000250a30a4891P.manifest\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\Users\\moi\\AppData\\Roaming\\02000000250a30a4891C.manifest\" not found!
Deletion of file \"C:\\Users\\moi\\AppData\\Roaming\\02000000250a30a4891C.manifest\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\Users\\moi\\AppData\\Roaming\\02000000250a30a4891S.manifest\" not found!
Deletion of file \"C:\\Users\\moi\\AppData\\Roaming\\02000000250a30a4891S.manifest\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file \"C:\\Users\\moi\\AppData\\Roaming\\02000000250a30a4891O.manifest\" not found!
Deletion of file \"C:\\Users\\moi\\AppData\\Roaming\\02000000250a30a4891O.manifest\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder \"C:\\Users\\moi\\AppData\\Roaming\\SystemProc\" not found!
Deletion of folder \"C:\\Users\\moi\\AppData\\Roaming\\SystemProc\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder \"C:\\Users\\moi\\AppData\\Local\\b5bq8uC1G1B\" not found!
Deletion of folder \"C:\\Users\\moi\\AppData\\Local\\b5bq8uC1G1B\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder \"C:\\ProgramData\\b5bq8uC1G1B\" not found!
Deletion of folder \"C:\\ProgramData\\b5bq8uC1G1B\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder \"C:\\ProgramData\\1113184691\" not found!
Deletion of folder \"C:\\ProgramData\\1113184691\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder \"C:\\ProgramData\\540798596\" not found!
Deletion of folder \"C:\\ProgramData\\540798596\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder \"C:\\ProgramData\\sl1104837654\" not found!
Deletion of folder \"C:\\ProgramData\\sl1104837654\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder \"C:\\Users\\moi\\Desktop\\final cut windosw [crack][fixed]\" not found!
Deletion of folder \"C:\\Users\\moi\\Desktop\\final cut windosw [crack][fixed]\" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Archiv
Ansicht:   
Suche   erweiterte Suche
Auf unserer Web-Seite werden Cookies eingesetzt, um diverse Funktionalitäten zu gewährleisten. Hier erfährst du alles zum Datenschutz