Hallo, ich bin froh das ich dieses Forum gefunden habe.
Es handelt sich hier um das altbekannte Problem mit dem "antimaleware doctor" auch ich bin nun betroffen
, ich hab die schritte von einer anderen anleitung in diesem forum mit den programmen "rkill und malewarebyte"(oder öhnliches) befolgt und wollte nun dazu meinen Log posten von malewarebytes da es irgendwie doch nicht ausreichte mit den 2 programmen wiel dieser "doctor" immernoch auf meinem pc wütet.
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4516
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
31.08.2010 20:14:46
mbam-log-2010-08-31 (20-14-46).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132785
Laufzeit: 5 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 25
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 22
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e6aed59b-f108-4a22-a073-a711c0bb7055} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e6aed59b-f108-4a22-a073-a711c0bb7055} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6aed59b-f108-4a22-a073-a711c0bb7055} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\maxeocnrws.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\macronsexw.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Dokumente und Einstellungen\***\Anwendungsdaten\485124559A7405F402ADAB9C6638B668\mediafix70700en02.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\maxeocnrws.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\macronsexw.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Eigene Dateien\downloads\IMAGE46453-facebook.com.JPG.jpg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\65.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\67.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\69.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\6B.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\wrsaemxcno.tmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\cnoeasrwmx.tmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\st_witty820_1930.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\010AEC94.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\Nvo.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\wintybrd.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wintybrdf.jpg (Malware.Trace) -> Quarantined and deleted successfully.
|
Des weiteren hab ich einen komplett scan mit malewarebytes gemacht aber das half mir auch ncht weiter.
Ich hoffe wirklich das mir jemand weiterhelfen kann und das es mir derjenige auch verständlich beschreibt weil ich quasi noch anfänger in solchen Pc Angelegenheiten bin.
ich bin wirklich am verzweifeln.
Liebe grüße casyra
31.08.2010, 22:02
Linear-Darstellung
