| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 1. AntiVIR - 1 Fund TR/Spy.Gen 2. Malwarebytes - 51 FundeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.04.2010, 13:27
| #1 |
 |  1. AntiVIR - 1 Fund TR/Spy.Gen 2. Malwarebytes - 51 Funde Hallo, hab als erstes mit AntiVIR gescannt und bin von scan zu scan, von 123 auf 1 Fund runtergekommen und der letzte ist der TR/Spy.Gen! Da ich nicht mehr weiter weiß hab ich hier im forum die anleitung vor dem posten durchgemacht und bei Malwarebytes gab es 51 funde! hier das ergebnis von malwarebytes: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3941 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 01.04.2010 14:18:48 mbam-log-2010-04-01 (14-18-48).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 128872 Laufzeit: 5 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 11 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 31 Infizierte Speicherprozesse: c:\programme\internet explorer\wmpscfgs.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgaurd.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\reader_s.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\Temp\Rfp.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Temp\Rfq.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Temp\xencsormwa.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\WINDOWS\system32\BtwSvc.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\d.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ms.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wuaucldt.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Temp\Temporäre Internetdateien\Content.IE5\7VLYZXQK\xb[1].txt (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\....\F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\....\wuaucldt .exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Rxifea.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\....\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\syncman.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\....\syncman.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\....\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Internet Explorer\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\...\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\...\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Adobe\acrotray .exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\....\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\....\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\...\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. |
|
| Themen zu 1. AntiVIR - 1 Fund TR/Spy.Gen 2. Malwarebytes - 51 Funde |
| adobe, anti-malware, antivir, backdoor.bot, content.ie5, dateien, einstellungen, ergebnis, explorer, file, forum, heuristics.reserved.word.exploit, image, malwarebytes, microsoft, nicht mehr, programme, rundll, rundll32.exe, sched.exe, services, software, system, system32, temp, tr/spy.gen, trojan.agent, trojan.downloader, trojan.dropper, trojan.fraudpack, trojan.gootkit, trojan.hiloti, update, wuaucld |
Linear-Darstellung
