Windows 7 machts möglich: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" eingefangen

markusg · 20.12.2011, 20:59

sollte das hier sein
putty.exe Windows Prozess - Was ist das?
kannst ja mal gucken ob der speicherort passt

biester_weg · 20.12.2011, 21:12

Hmm, MBM nochmal laufen lassen:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8403

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20.12.2011 21:07:21
mbam-log-2011-12-20 (21-06-49).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 251570
Time elapsed: 15 minute(s), 15 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\surfer\AppData\Roaming\Nousci\eputmy.exe (Trojan.ZbotR.Gen) -> 3008 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{939B7691-2F36-7F5B-B32D-332810CEC2E0} (Trojan.ZbotR.Gen) -> Value: {939B7691-2F36-7F5B-B32D-332810CEC2E0} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7883E39C-EACC-11E0-B64C-806E6F6E6963} (Trojan.Agent) -> Value: {7883E39C-EACC-11E0-B64C-806E6F6E6963} -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
f:\hostrun.exe (Trojan.Winlock) -> No action taken.
c:\Users\surfer\AppData\Roaming\Nousci\eputmy.exe (Trojan.ZbotR.Gen) -> No action taken.

Und:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8403

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20.12.2011 21:07:31
mbam-log-2011-12-20 (21-07-31).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 251570
Time elapsed: 15 minute(s), 15 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\surfer\AppData\Roaming\Nousci\eputmy.exe (Trojan.ZbotR.Gen) -> 3008 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{939B7691-2F36-7F5B-B32D-332810CEC2E0} (Trojan.ZbotR.Gen) -> Value: {939B7691-2F36-7F5B-B32D-332810CEC2E0} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7883E39C-EACC-11E0-B64C-806E6F6E6963} (Trojan.Agent) -> Value: {7883E39C-EACC-11E0-B64C-806E6F6E6963} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
f:\hostrun.exe (Trojan.Winlock) -> Quarantined and deleted successfully.
c:\Users\surfer\AppData\Roaming\Nousci\eputmy.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

biester_weg · 20.12.2011, 21:26

vom Stick nochmal geholt?
CCleaner: muß man den Prefetch auch löschen, wie bei XP immer empfohlen wurde?

Windows 7 machts möglich: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" eingefangen

Log-Analyse und Auswertung: Windows 7 machts möglich: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" eingefangen