Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   1. AntiVIR - 1 Fund TR/Spy.Gen 2. Malwarebytes - 51 Funde (https://www.trojaner-board.de/84397-1-antivir-1-fund-tr-spy-gen-2-malwarebytes-51-funde.html)

RedBull 01.04.2010 13:27
1. AntiVIR - 1 Fund TR/Spy.Gen 2. Malwarebytes - 51 Funde
 
Hallo,

hab als erstes mit AntiVIR gescannt und bin von scan zu scan, von 123 auf 1 Fund runtergekommen und der letzte ist der TR/Spy.Gen!

Da ich nicht mehr weiter weiß hab ich hier im forum die anleitung vor dem posten durchgemacht und bei malwarebytes gab es 51 funde!

hier das ergebnis von malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3941

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

01.04.2010 14:18:48
mbam-log-2010-04-01 (14-18-48).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 128872
Laufzeit: 5 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 11
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 31

Infizierte Speicherprozesse:
c:\programme\internet explorer\wmpscfgs.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgaurd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\reader_s.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Temp\Rfp.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Temp\Rfq.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Temp\xencsormwa.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSvc.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ms.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuaucldt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Temp\Temporäre Internetdateien\Content.IE5\7VLYZXQK\xb[1].txt (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\....\F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\....\wuaucldt .exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Rxifea.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\....\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\syncman.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\....\syncman.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\....\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Explorer\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\...\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\...\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Adobe\acrotray .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\....\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\....\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\...\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

cosinus 01.04.2010 14:42
Hallo,

poste bitte RSIT Logfiles


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19