[Knusperbert]

Hallo leute ich hab ein problem ich hab ein usb stick von nem kollegen und wir haben den in 2 rechnern reingesteckt.in meinem rechner zeigte er gleich Net-Worm.Win32.Kido.ir gefunden an.bei meinem vater der das gleiche viren programm drauf hat und akteuellere software hat,hat das programm das nicht angezeigt.. nun die frage hat mein rechner den virus jetzt auch? hab mir avz tool runtergeladen und füg das mal unten mal an den report bericht. villeicht kann mir ja einer was dazu sagen,ob ich den hab oder wie ich den entfernen kann?

AVZ Antiviral Toolkit log; AVZ version is 4.41
Scanning started at 21.07.2013 13:04:31
Database loaded: signatures - 297614, NN profile(s) - 2, malware removal microprograms - 56, signature database released 12.07.2013 13:39
Heuristic microprograms loaded: 403
PVS microprograms loaded: 9
Digital signatures of system files loaded: 565706
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.0.6002, Service Pack 2 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=137B00)
Kernel ntkrnlpa.exe found in memory at address 85A4B000
SDT = 85B82B00
KiST = 85AF76B4 (391)
Function NtAdjustPrivilegesToken (0C) intercepted (85C3B682->95F466BA), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtAlpcConnectPort (15) intercepted (85C3589D->95EF9C02), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtAlpcCreatePort (16) intercepted (85C0599C->95EF9F4A), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtAlpcSendWaitReceivePort (26) intercepted (85C88B72->95EFA390), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtClose (30) intercepted (85C85EC8->95EE228C), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtConnectPort (36) intercepted (85C18B67->95EF98DC), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreateEvent (3A) intercepted (85C5DECE->95EE2804), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreateMutant (43) intercepted (85C6B9A3->95EE26EA), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreatePort (47) intercepted (85BD0A59->95EF9DAE), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreateSection (4B) intercepted (85C7CFA5->95F4952, hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreateSemaphore (4C) intercepted (85C22D5B->95EE2924), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreateSymbolicLinkObject (4D) intercepted (85C0B345->95F09EF0), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreateThread (4E) intercepted (85CDCE14->95F489BC), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreateWaitablePort (73) intercepted (85BC5D26->95EF9E7C), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtDebugActiveProcess (74) intercepted (85CAFF04->95F48506), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtDeviceIoControlFile (7F) intercepted (85C9367A->95EE22D0), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtDuplicateObject (81) intercepted (85C43581->95F467FC), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtLoadDriver (A5) intercepted (85BB6E12->95F46464), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtMapViewOfSection (B1) intercepted (85C5B99C->95F09F10), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtNotifyChangeKey (B5) intercepted (85C0A5F4->95EF806C), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtOpenEvent (B intercepted (85C44DFF->95EE289A), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtOpenMutant (BF) intercepted (85C5CC88->95EE277A), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtOpenProcess (C2) intercepted (85C6C13F->95F480AE), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtOpenSection (C5) intercepted (85C5C794->95F497D4), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtOpenSemaphore (C6) intercepted (85BF0F06->95EE29BA), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtOpenThread (C9) intercepted (85C6763B->95F4871, hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtPlugPlayControl (CD) intercepted (85BFB935->95F09F00), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtQueryDirectoryObject (DB) intercepted (85C5C855->95EE2A44), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtQueryObject (ED) intercepted (85C313D4->95EF827A), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtQueueApcThread (FF) intercepted (85BFC885->95F491D4), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtReplyPort (10E) intercepted (85C2C770->95EFA174), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtReplyWaitReceivePort (10F) intercepted (85C85060->95EFA002), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtReplyWaitReceivePortEx (110) intercepted (85C84F0F->95EFA0B, hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtRequestWaitReplyPort (114) intercepted (85C8F142->95EFA1E4), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtResumeThread (11A) intercepted (85C66C5A->95F48EFE), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtSecureConnectPort (11E) intercepted (85C18740->95EF9A6A), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtSetContextThread (121) intercepted (85CDE2AB->95F4905C), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtSetInformationToken (133) intercepted (85C10C84->95EE2AE6), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtSetSystemInformation (13D) intercepted (85C31F14->95F4656E), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtSuspendProcess (14A) intercepted (85CDE73B->95F4824E), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtSuspendThread (14B) intercepted (85BE5943->95F48DA6), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtSystemDebugControl (14C) intercepted (85C43EF1->95EE2AF, hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtTerminateProcess (14E) intercepted (85C3C173->95F483AE), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtTerminateThread (14F) intercepted (85C67670->95F488B, hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtUnmapViewOfSection (15C) intercepted (85C5BC5F->95F4993C), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtWriteVirtualMemory (166) intercepted (85C58A2F->95F49666), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreateThreadEx (17E) intercepted (85C67125->95F48BFC), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Function NtCreateUserProcess (17F) intercepted (85C14C43->95F48660), hook C:\Windows\system32\DRIVERS\klif.sys, driver recognized as trusted
Functions checked: 391, intercepted: 48, restored: 0
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Driver loaded successfully
Checking - complete
2. Scanning RAM
Number of processes found: 72
Number of modules loaded: 921
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Users\Kevin\AppData\Local\Temp\~DF327B.tmp
Direct reading: C:\Users\Kevin\AppData\Local\Temp\~DFCBBE.tmp
Direct reading: C:\Users\Kevin\AppData\Local\Temp\~DFEADA.tmp
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
>>> C:\PROGRA~1\DAP\DAPIE.DLL HSC: suspicion for Adware.SpeedBit
>>> C:\PROGRA~1\DAP\DAPIE.DLL HSC: suspicion for Adware.SpeedBit
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suche)
>> Services: potentially dangerous service allowed: Schedule (Aufgabenplanung)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 101080, extracted from archives: 64405, malicious software found 0, suspicions - 0
Scanning finished at 21.07.2013 13:25:48
Time of scanning: 00:21:19
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address [ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]
For automatic scanning of files from the AVZ quarantine you can use the service [ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]

[Undertaker2011]

[ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]

§2. Posten von Beiträgen sowie Erstellen von Themen

Zitat:

2. Da das Forum in verschiedene Bereiche unterteilt ist, sollte beim Erstellen eines Themas darauf geachtet werden, dass es auch im richtigem Bereich erstellt wird.

Ist kein Problem des Betriebssystem, sondern Deiner Sicherheit!

[ckjthedogmaster]

Also, der Wurm gehört zur Gruppe von Conficker.

Es gibt n Tool, womit du dem Zuleibe rücken kannst:
Hab dir mal die komplette Seite rausgesucht.

[ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]

kk.exe - runterladen und ausführen.

Müsste am Ende neustarten. Danach mit Malwarebytes scannen.

Mfg

Mfg

[Knusperbert]

die seite gibts nicht. der zeigt mir immer ein fehler an. und malewarebytes kann ich nicth mehr ausführen der zeigt immer an testversion abgelaufen

[ckjthedogmaster]

Bei mir funktionierts, also der Link.

Hier mal der Direktlink zu der kk.exe

[ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]

[Knusperbert]

und wa mach ich wegen Malwarebytes? das ist bei mir abgelaufen

[ckjthedogmaster]

Einfach einmal das Mbam Cleaning Tool drüber laufen lassen, danach die neuste Version herunterladen:

[ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]