Malwarebytes findet mehrere Trojan.Agents und Trojan.Downloader
Mein Computer ist noch funktionsfähig, aber nicht mehr uneingeschränkt. Ein Problem habe ich schon länger: Ich kann mir bei Google zwar noch Suchergebnisse anzeigen lassen, diese aber nicht mehr einfach per Mausclick aufrufen. Tue ich das, werde ich zum Teil mehrfach umgeleitet und lande meist wieder auf der leeren Google-Startseite (ich behelfe mir so, dass ich die Seiten über die Cache-Version ansteuere).
Zweites Problem: Die EXE einer Pokerseite, die ich sicher schon 100 x heruntergeladen habe, wird jetzt als infiziert identifiziert und sofort gelöscht. Installation fällt damit aus. Es handelt sich hier um CarbonPoker aus dem Merge-Network, also keine unseriöse no name Klitsche.
Der Malbwarebytes-Log sieht wie folgt aus: Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.23.08
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx-PC [administrator]
23.07.2012 16:37:34
mbam-log-2012-07-23 (18-59-32).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413718
Time elapsed: 2 hour(s), 20 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\xxxx\AppData\Roaming\dpnkbr.dll (Trojan.Agent) -> No action taken.
Registry Keys Detected: 7
HKCU\SOFTWARE\6BTOP2GA8A (Trojan.FakeAlert) -> No action taken.
HKCU\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKCU\SOFTWARE\UO8KTAT1GY (Trojan.FakeAlert) -> No action taken.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.
HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dpnkbr (Trojan.Agent) -> Data: rundll32.exe "C:\Users\xxx\AppData\Roaming\dpnkbr.dll",Update -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XREOMBWW (Trojan.Agent) -> Data: rundll32 "C:\Users\xxx\AppData\Roaming\pegi-fiy.dll",Jnfv -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\xxx\AppData\Local\{06ef39b7-06a0-be4e-775a-9a1c16bfc672}\n. -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UO8KTAT1GY (Trojan.FakeAlert) -> Data: C:\Users\xxx\AppData\Local\Temp\Elx.exe -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
C:\Users\xxx\AppData\Roaming\dpnkbr.dll (Trojan.Agent) -> No action taken.
C:\Users\xxx\AppData\Roaming\pegi-fiy.dll (Trojan.Agent) -> No action taken.
C:\Users\xxx\AppData\Local\{06ef39b7-06a0-be4e-775a-9a1c16bfc672}\n (Trojan.Agent.BVXGen) -> No action taken.
C:\Users\xxx\Desktop\Need for Speed Carbon\Crack + SN\KeyGen\EA Games Generic Keygen 190.exe (RiskWare.Tool.CK) -> No action taken.
C:\Windows\Installer\{06ef39b7-06a0-be4e-775a-9a1c16bfc672}\n (Trojan.Agent.BVXGen) -> No action taken.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> No action taken.
(end)
|
ADW-Cleaner gibt folgenden Log aus: Zitat:
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Software
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\khdcrs9d.default\prefs.js
Found : user_pref("CT3072253.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3072253.FirstTime", "true");
Found : user_pref("CT3072253.FirstTimeFF3", "true");
Found : user_pref("CT3072253.UserID", "UN55697702097887689");
Found : user_pref("CT3072253.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3072253.autoDisableScopes", -1);
Found : user_pref("CT3072253.cbcountry_001", "DE");
Found : user_pref("CT3072253.cbfirsttime", "Tue Jul 24 2012 12:01:50 GMT+0200");
Found : user_pref("CT3072253.defaultSearch", "FALSE");
Found : user_pref("CT3072253.embeddedsData", "[{\"appId\":\"129571859753931591\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3072253.enableAlerts", "always");
Found : user_pref("CT3072253.enableSearchFromAddressBar", "FALSE");
Found : user_pref("CT3072253.firstTimeDialogOpened", "true");
Found : user_pref("CT3072253.fixPageNotFoundError", "true");
Found : user_pref("CT3072253.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3072253.fixUrls", true);
Found : user_pref("CT3072253.installId", "fft4B16.tmp.exe");
Found : user_pref("CT3072253.installType", "XPE");
Found : user_pref("CT3072253.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3072253.isNewTabEnabled", true);
Found : user_pref("CT3072253.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3072253.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3072253.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Found : user_pref("CT3072253.openThankYouPage", "false");
Found : user_pref("CT3072253.openUninstallPage", "FALSE");
Found : user_pref("CT3072253.search.searchAppId", "129571859753931591");
Found : user_pref("CT3072253.search.searchCount", "0");
Found : user_pref("CT3072253.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3072253.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3072253.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3072253.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3072253.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3072253.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3072253.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343114399307");
Found : user_pref("CT3072253.serviceLayer_services_appTracking_lastUpdate", "1343114401603");
Found : user_pref("CT3072253.serviceLayer_services_appsMetadata_lastUpdate", "1343161391025");
Found : user_pref("CT3072253.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343114391662");
Found : user_pref("CT3072253.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343203126309");
Found : user_pref("CT3072253.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343114391705");
Found : user_pref("CT3072253.serviceLayer_services_searchAPI_lastUpdate", "1343203126296");
Found : user_pref("CT3072253.serviceLayer_services_serviceMap_lastUpdate", "1343211065749");
Found : user_pref("CT3072253.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343114391739");
Found : user_pref("CT3072253.serviceLayer_services_toolbarSettings_lastUpdate", "1343210325975");
Found : user_pref("CT3072253.serviceLayer_services_translation_lastUpdate", "1343211065914");
Found : user_pref("CT3072253.settingsINI", true);
Found : user_pref("CT3072253.shouldFirstTimeDialog", "false");
Found : user_pref("CT3072253.smartbar.CTID", "CT3072253");
Found : user_pref("CT3072253.smartbar.Uninstall", "0");
Found : user_pref("CT3072253.smartbar.toolbarName", "uTorrentControl2 ");
Found : user_pref("CT3072253.toolbarBornServerTime", "24-7-2012");
Found : user_pref("CT3072253.toolbarCurrentServerTime", "25-7-2012");
Found : user_pref("CT3072253.url_history0001", "hxxp://de.wikipedia.org/wiki/Sportfive:::clickhandler:::1343[...]
-\\ Opera v [Unable to get version]
File : C:\Users\xxx\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [7086 octets] - [25/07/2012 13:23:22]
########## EOF - C:\AdwCleaner[R1].txt - [7214 octets] ##########
|
Schon jetzt Danke für jede Hilfe. |
