| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hilfe, währscheinlich Rootkit verseuchtes WinXP! digifast.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.05.2009, 14:17
| #2 |
| |  Hilfe, währscheinlich Rootkit verseuchtes WinXP! digifast.exe Da der erste Text zu lang war, hier noch mal das Malewarebytes-Logfile:
__________________Malewarebytes Logfile der entfernten Schädlinge: Malwarebytes' Anti-Malware 1.36 Datenbank Version: 2078 Windows 5.1.2600 Service Pack 2 06.05.2009 15:11:18 mbam-log-2009-05-06 (15-11-18).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 184704 Laufzeit: 51 minute(s), 49 second(s) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 17 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 18 Infizierte Speicherprozesse: C:\Dokumente und Einstellungen\CHansen\Anwendungsdaten\digifast\digifast.exe (Trojan.Dropper) -> Unloaded process successfully. Infizierte Speichermodule: C:\Programme\Mozilla Firefox\components\dfff.dll (Trojan.Agent.V) -> Delete on reboot. C:\Programme\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\digifast (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\digifast (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\WWShow (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Jcore (Trojan.BHO) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\CHansen\Anwendungsdaten\Twain (Trojan.Matcash) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\*****\Anwendungsdaten\digifast\digifast.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Programme\WWShow\WWShow.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Programme\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*****\Anwendungsdaten\digifast\DFUninstall.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CK6X447U\152[1].net (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FPOMATCB\155[1].net (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FPOMATCB\dfuninstaller.prod.v14000.18mar2009.exe[1].10b9665cc5f98c037e9b8dcc0e88929e (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\HP807PMX\163[1].net (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q230U8KR\156[1].net (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\components\dfff.dll (Trojan.Agent.V) -> Delete on reboot. C:\Programme\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot. C:\Dokumente und Einstellungen\CHansen\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot. |
| Themen zu Hilfe, währscheinlich Rootkit verseuchtes WinXP! digifast.exe |
| bho, c:\windows\temp, einstellungen, eraser, excel, explorer, firefox, flash player, format, google, hijack, hkus\s-1-5-18, internet, internet explorer, internet security, kaspersky, malwarebytes' anti-malware, mozilla, programme, rootkit, rundll, security, software, suche, system, temp, viren, windows internet, windows internet explorer, windows xp, windows\temp, wlan |
Baum-Darstellung