Moin, moin,
mich plagt folgendes:
- hatte offensichtlich den antimalware doctor auf meinem PC, diesen konnte ich mit rkill und malewarebytes entfernen..
log datei:
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4199
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18813
15.06.2010 12:15:10
mbam-log-2010-06-15 (12-15-10).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131534
Laufzeit: 10 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 30
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\Windows\System32\ecunzdlsbjunis.dll (Adware.Adrotator) -> Delete on reboot.
C:\Windows\System32\rjkawhnn.dll (Adware.Lifze) -> Delete on reboot.
C:\Windows\System32\eejvlwyw.dll (Adware.EZlife) -> Delete on reboot.
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{05579938-f6c0-4124-6e91-20d0f24ead1c} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{05579938-f6c0-4124-6e91-20d0f24ead1c} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{05579938-f6c0-4124-6e91-20d0f24ead1c} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05579938-f6c0-4124-6e91-20d0f24ead1c} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c18416a-2b51-47a8-8c4e-35e39f648c06} (Adware.Lifze) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7c18416a-2b51-47a8-8c4e-35e39f648c06} (Adware.Lifze) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c18416a-2b51-47a8-8c4e-35e39f648c06} (Adware.Lifze) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c18416a-2b51-47a8-8c4e-35e39f648c06} (Adware.Lifze) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{634b5d92-bf42-4fd0-abad-1c986563b880} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{634b5d92-bf42-4fd0-abad-1c986563b880} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{634b5d92-bf42-4fd0-abad-1c986563b880} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{634b5d92-bf42-4fd0-abad-1c986563b880} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qlbgyedbcbnbzt (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uucfdalxjumjecnp (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\setupupdater0000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Adware.Lifze) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yzowomoha (Trojan.Agent.U) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\System32\ecunzdlsbjunis.dll (Adware.Adrotator) -> Delete on reboot.
C:\Windows\System32\rjkawhnn.dll (Adware.Lifze) -> Delete on reboot.
C:\Users\kx\AppData\Roaming\04D25B83F4AE68836BAEBABE7C9BAD38\setupupdater0000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\nnfhjkmu.exe (Adware.Lifze) -> Quarantined and deleted successfully.
C:\Windows\System32\eejvlwyw.dll (Adware.EZlife) -> Delete on reboot.
C:\Windows\System32\qlbgyedbcbnbzt.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\kx\AppData\Local\Temp\rropyvnl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\kx\AppData\Local\Temp\Cfp.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\kx\AppData\Local\Temp\ejeny.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\kx\AppData\Local\duvcos.dll (Trojan.Agent.U) -> Delete on reboot.
C:\Users\kx\AppData\Local\Temp\Cfr.exe (Trojan.FakeAlert) -> Delete on reboot.
|
es wurde bei einem Scan von malewarebytes zumindest nichts mehr angezeigt.
- seitdem schlägt Kaspersky ständig Phishing-Alarm: Phishing-Adresse hxxp://*.mfdclk001.org/* URL: hxxp://cdn.mfdclk001.org/cvt4Y50e677qGbu1e83e09b89bcd0055893f76bf710383d606x ..und sehr ähnlich lautenden Webadressen. Auch ohne, dass ich einen Browser offen habe oder mich aktiv im Web bewege. Zusäzlich wollte der Internet Explorer nicht mehr starten.
- Ein Zurücksetzen des Systems brachte auch keine Verbesserung, außer dass der IE wieder funktioniert. Jetzt zeigte allerdings Kaspersky in der Monitorüberwachung: trojanisches Programm Packed.Win32.Krap.gx Datei: C:\Windows\Temp\hivq.tmp\svchost.exe.. das erfolgreich gelöscht wurde.
Weiterhin ständiger Phishing Alarm..
Für Hilfe wär ich sehr dankbar.. Danke im voraus.
17.06.2010, 11:46
Baum-Darstellung