AntiVirusPro

startseite Gastbuch Kontakt
AntiVirusPro
AntiVirusPro

AntiVirusPro löschen

Link: Anti-Virus-Pro




C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\Antivirus 2008 PRO
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Programme\Antivirus 2008 PRO
C:\Programme\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Programme\Antivirus 2008 PRO\vscan.tsi
C:\Programme\Antivirus 2008 PRO\zlib.dll
C:\WINDOWS\Downloaded Program Files\setup.inf

Combofix 
2008-03-15 13:44 . 2008-03-15 13:44 DIR d-------- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Anti-Virus-Pro.com
2008-03-15 13:44 . 2008-03-15 13:44 DIR d-------- C:\Programme\AntiVirusPro
2008-03-15 13:43 . 2008-03-15 13:43 269,334 --a------ C:\WINDOWS\system32\snmpkn.bmp
2008-03-15 10:56 . 2008-03-15 06:03 245,760 --a------ C:\WINDOWS\altvxvm.dll
2008-03-15 10:56 . 2008-03-15 06:03 221,184 --a------ C:\WINDOWS\bokpkov.dll
2008-03-15 10:56 . 2008-03-15 06:03 176,128 --a------ C:\WINDOWS\etlrlws.dll
2008-03-15 10:56 . 2008-03-15 06:03 98,304 --a------ C:\WINDOWS\fmsxwqs.exe
2008-03-14 17:40 . 2008-03-14 17:40 173,518 --ah----- C:\WINDOWS\system32\BITB4.tmp
2008-03-04 15:02 . 2008-03-04 15:02 181,760 --a------ C:\WINDOWS\system32\msram.dll 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D504883-70CA-48BD-A282-639753D3B0CE}]
C:\WINDOWS\drnpfdxwlv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3A00219-19D4-4966-AECD-8ED34AB9EF7A}]
2008-03-04 15:02 181760 --a------ C:\WINDOWS\system32\msram.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{65F4F8C1-B31F-40B7-9D34-98CA11EAC387}"= "C:\WINDOWS\etlrlws.dll" 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wintask32"="wintask32.exe" []
"Pag Windows Monitor"="pag.exe" []
"388529725448"="AutomaticUpdates.exe" []
"4684735485910"="netdll32.exe" []
"Windows LoL Layer"="fhwples.exe" []
"Windows sys Layer"="ofdhzckktcuo.exe" []
"Cafe Security Center"="ntmp.exe" [] 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"wintask32"="wintask32.exe" []
"Pag Windows Monitor"="pag.exe" []
"Arcor Online"="" []
"388529725448"="AutomaticUpdates.exe" []
"4684735485910"="netdll32.exe" []
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [ ]
"Windows LoL Layer"="fhwples.exe" [] 
"Windows sys Layer"="ofdhzckktcuo.exe" [] 
"Cafe Security Center"="ntmp.exe" []
"ctfmona"="C:\WINDOWS\System32\ctfmona.exe" [ ] 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"wintask32"="wintask32.exe" []
"Pag Windows Monitor"="pag.exe" []
"388529725448"="AutomaticUpdates.exe" []
"4684735485910"="netdll32.exe" []
"Windows LoL Layer"="fhwples.exe" []
"Windows sys Layer"="ofdhzckktcuo.exe" []
"Cafe Security Center"="ntmp.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"wintask32"="wintask32.exe" []
"Cafe Security Center"="ntmp.exe" [] 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"altvxvm"= {2CFF7CC2-9B86-49B7-BB69-E30ED96B3186} - C:\WINDOWS\altvxvm.dll 
"bokpkov"= {2537455E-5AE8-46B4-A7A3-921851616419} - C:\WINDOWS\bokpkov.dll  

Scanne versteckte Dateien...

C:\WINDOWS\system32\ntos.exe 166912 bytes executable
C:\WINDOWS\system32\wsnpoem



mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: GNX Rolex - {0D504883-70CA-48BD-A282-639753D3B0CE} - C:\WINDOWS\drnpfdxwlv.dll (file missing)
O2 - BHO: FGCatchUrl - {B3A00219-19D4-4966-AECD-8ED34AB9EF7A} - C:\WINDOWS\system32\msram.dll
O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\iesearch.dll
O3 - Toolbar: etlrlws - {65F4F8C1-B31F-40B7-9D34-98CA11EAC387} - C:\WINDOWS\etlrlws.dll

O4 - HKLM\..\Run: [wintask32] wintask32.exe
O4 - HKLM\..\Run: [Pag Windows Monitor] pag.exe
O4 - HKLM\..\Run: [388529725448] AutomaticUpdates.exe
O4 - HKLM\..\Run: [4684735485910] netdll32.exe
O4 - HKLM\..\Run: [Windows LoL Layer] fhwples.exe
O4 - HKLM\..\Run: [Windows sys Layer] ofdhzckktcuo.exe
O4 - HKLM\..\Run: [Cafe Security Center] ntmp.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKLM\..\RunServices: [wintask32] wintask32.exe
O4 - HKLM\..\RunServices: [Pag Windows Monitor] pag.exe
O4 - HKLM\..\RunServices: [388529725448] AutomaticUpdates.exe
O4 - HKLM\..\RunServices: [4684735485910] netdll32.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] fhwples.exe
O4 - HKLM\..\RunServices: [Windows sys Layer] ofdhzckktcuo.exe
O4 - HKLM\..\RunServices: [Cafe Security Center] ntmp.exe
O4 - HKCU\..\Run: [wintask32] wintask32.exe
O4 - HKCU\..\Run: [Pag Windows Monitor] pag.exe
O4 - HKCU\..\Run: [388529725448] AutomaticUpdates.exe
O4 - HKCU\..\Run: [4684735485910] netdll32.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe
O4 - HKCU\..\Run: [Windows LoL Layer] fhwples.exe
O4 - HKCU\..\Run: [Windows sys Layer] ofdhzckktcuo.exe

O21 - SSODL: altvxvm - {2CFF7CC2-9B86-49B7-BB69-E30ED96B3186} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: bokpkov - {2537455E-5AE8-46B4-A7A3-921851616419} - C:\WINDOWS\bokpkov.dll

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


Beispiel:

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern 

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D504883-70CA-48BD-A282-639753D3B0CE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3A00219-19D4-4966-AECD-8ED34AB9EF7A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{65F4F8C1-B31F-40B7-9D34-98CA11EAC387}"=-
[-HKEY_CLASSES_ROOT\clsid\{65f4f8c1-b31f-40b7-9d34-98ca11eac387}]
[-HKEY_CLASSES_ROOT\etlrlws.1]
[-HKEY_CLASSES_ROOT\TypeLib\{0588B0D8-A150-41F8-8990-AC5DFE0905E5}]
[-HKEY_CLASSES_ROOT\etlrlws]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wintask32"=-
"Pag Windows Monitor"=-
"388529725448"=-
"4684735485910"=-
"Windows LoL Layer"=-
"Windows sys Layer"=-
"Cafe Security Center"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wintask32"=-
"Pag Windows Monitor"=-
"388529725448"=-
"4684735485910"=-
"Windows LoL Layer"=-
"Windows sys Layer"=-
"Cafe Security Center"=-
"ctfmona"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"wintask32"=-
"Pag Windows Monitor"=-
"388529725448"=-
"4684735485910"=-
"Windows LoL Layer"=-
"Windows sys Layer"=-
"Cafe Security Center"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"wintask32"=-
"Cafe Security Center"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"altvxvm"=-
"bokpkov"=-

Folder::
C:\WINDOWS\privacy_danger
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Anti-Virus-Pro.com
C:\Programme\AntiVirusPro
C:\WINDOWS\system32\wsnpoem

File::
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\snmpkn.bmp
C:\WINDOWS\system32\iesearch.dll
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\system32\msram.dll

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.
cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen danach: Combofix noch einmal anwenden
PC neustarten


anderer PC

Combofix

2008-03-17 07:26 . 2008-03-17 07:26 DIR d-------- C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Anti-Virus-Pro.com
2008-03-17 07:26 . 2008-03-17 07:26 269,334 --a------ C:\WINDOWS\system32\dorapgb.bmp
2008-03-17 06:43 . 2008-03-18 07:33 DIR d-------- C:\Programme\AntiVirusPro
2008-03-17 06:43 . 2008-03-17 06:43 269,334 --a------ C:\WINDOWS\system32\qlormhgbeh.bmp


otmoveIt

C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\snqdsjapcjqd.bmp
C:\WINDOWS\system32\balcbidobmh.bmp
C:\WINDOWS\system32\dorapgb.bmp
C:\WINDOWS\system32\qlormhgbeh.bmp
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Anti-Virus-Pro.com
C:\Programme\AntiVirusPro


C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe

AntiVir 7.6.0.75 2008.03.26 TR/Peed.A.190
AVG 7.5.0.516 2008.03.26 SHeur.BAZN
BitDefender 7.2 2008.03.26 Trojan.Peed.Gen
DrWeb 4.44.0.09170 2008.03.26 Trojan.Packed.142
F-Prot 4.4.2.54 2008.03.26 W32/STZ_like!Generic
Microsoft 1.3301 2008.03.26 Trojan:Win32/Tibs.FZ


virus-protect.org Valid HTML 4.0 Ranking-Hits