Hallo, ich habe ein problem mit win32/cycbot. Ich hatte vor 2 Tagen offenbar eine fehlerhafte datei heruntergeladen, wodurch mir das malwareprogramm yieldmanager ne menge ärger bereitet hat. Das habe ich jetzt duch diverse programme kleingekriegt, direkt mein drittes antispywareprogramm scheints geschafft zu haben^^ dann hatte ich einen tag ruhe. Als ich dann mein antivirusprogramm nen scan machen ließ(microsoft security essential) kam direkt wieder eine meldung. ich habe also alle datein gelöscht, die gemeldet wurden. als ich dann ins internet ging8mozilla firefox) kam eine warnung, dass cycbot auf mich zugreifen will. also nochmal dieses teil gelöscht. die folge war, dass ein proxy mein internet vollständig blockierte.. also habe ich nochmal mein antispywareprogramm drüberlaufen lassen, und es entfernt.. doch nach dem neustart wieder das selbe problem...
malewarebites sagt nun folgendes:
Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 9
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12
Infizierte Speicherprozesse:
Code:
Alles auswählen Aufklappen ATTFilter
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> 1872 -> Not selected for removal.
c:\Users\Barney\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 908 -> Unloaded process successfully.
c:\Users\Barney\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 1568 -> Unloaded process successfully.
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 4264 -> Unloaded process successfully.
Infizierte Speichermodule:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\CL2GFOKBC9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\� (Hijack.Zones) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Barney\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Not selected for removal.
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files (x86)\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (PUP.Dealio) -> Not selected for removal.
c:\Users\Barney\AppData\Local\Temp\6fxCYS5O.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Barney\AppData\Local\Temp\Lvf1HOh9.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Barney\AppData\Local\Temp\RMwBn4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Barney\AppData\Local\Temp\rVSK25V.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Barney\AppData\Local\Temp\sL7ii.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Barney\AppData\Local\Temp\tJqYBoz.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Barney\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Barney\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
hier noch eine liste aller programme auf meinem rechner:
Code:
Alles auswählen Aufklappen ATTFilter
Acer Arcade Deluxe CyberLink Corp. 25.11.2010 99,9MB 3.0.7112
Acer Backup Manager NewTech Infosystems 03.11.2009 26,5MB 2.0.0.29
Acer Crystal Eye webcam Ver:1.1.124.1120 Chicony Electronics Co.,Ltd. 25.11.2010 1.1.124.1120
Acer ePower Management Acer Incorporated 25.11.2010 4.05.3004
Acer eRecovery Management Acer Incorporated 03.11.2009 4.05.3005
Acer GameZone Console Oberon Media, Inc. 03.11.2009 5.1.0.2
Acer GridVista Acer Inc. 25.11.2010 3.01.0730
Acer Registration Acer Incorporated 25.11.2010 1.02.3006
Acer ScreenSaver Acer Incorporated 25.11.2010 1.1.2009.1217
Acer Updater Acer Incorporated 03.11.2009 1.01.3017
Acer VCM Acer Incorporated 25.11.2010 4.05.3000
Acrobat.com Adobe Systems Incorporated 03.11.2009 1,61MB 1.6.65
Adobe AIR Adobe Systems Inc. 04.11.2009 1.5.0.7220
Adobe Audition 1.5 Adobe Systems 23.01.2011 1.5
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 25.11.2010 10.0.32.18
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 29.11.2010 6,00MB 10.1.102.64
Adobe Reader 9.1 MUI Adobe Systems Incorporated 03.11.2009 650MB 9.1.0
Alcor Micro USB Card Reader Alcor Micro Corp. 03.11.2009 2,87MB 1.4.17.35005
Amazonia Oberon Media 25.11.2010
ATI Catalyst Install Manager ATI Technologies, Inc. 25.11.2010 22,1MB 3.0.754.0
Audacity 1.2.6 09.12.2010
Broadcom Gigabit NetLink Controller Broadcom Corporation 03.11.2009 0,36MB 12.33.03
CCleaner Piriform 23.01.2011 3.02
Chicken Invaders 2 Oberon Media 25.11.2010
Compatibility Pack für 2007 Office System Microsoft Corporation 03.12.2010 36,9MB 12.0.6425.1000
DAEMON Tools Toolbar DT Soft Ltd 04.12.2010 1.1.2.0185
Dairy Dash Oberon Media 25.11.2010
Dream Day First Home Oberon Media 25.11.2010
eBay Worldwide OEM 29.11.2010 100,00KB 2.1.0901
eSobi v2 esobi Inc. 03.11.2009 20,4MB 2.0.4.000274
Farm Frenzy 2 Oberon Media 25.11.2010
First Class Flurry Oberon Media 25.11.2010
Google Chrome Google Inc. 04.12.2010 8.0.552.237
Google Earth Plug-in Google 16.12.2010 39,8MB 6.0.1.2032
Granny In Paradise Oberon Media 25.11.2010
Heroes of Hellas Oberon Media 25.11.2010
ICQ Toolbar ICQ 24.01.2011 3.0.0
ICQ7.4 ICQ 24.01.2011 7.4
Identity Card Acer Incorporated 25.11.2010 1.00.3003
Intel(R) Management Engine Components Intel Corporation 05.11.2009 6.0.0.1179
Intel® Matrix Storage Manager Intel Corporation 25.11.2010
JDownloader AppWork UG (haftungsbeschränkt) 22.01.2011
Launch Manager Acer Inc. 25.11.2010 3.0.05
LSI HDA Modem LSI Corporation 25.11.2010 16,00KB 2.2.98
Malwarebytes' Anti-Malware Malwarebytes Corporation 25.01.2011 10,5MB
Merriam Websters Spell Jam Oberon Media 25.11.2010
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.12.2010 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 01.12.2010 2,94MB 4.0.30319
Microsoft Office Home and Student 2007 Microsoft Corporation 04.11.2009 12.0.6425.1000
Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 01.12.2010 12.0.6425.1000
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 03.12.2010 13,4MB 12.0.6425.1000
Microsoft Office Suite Activation Assistant Microsoft Corporation 03.11.2009 8,37MB 2.9
Microsoft Security Essentials Microsoft Corporation 24.01.2011 2.0.657.0
Microsoft Silverlight Microsoft Corporation 23.12.2010 68,7MB 4.0.51204.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.11.2010 1,72MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 01.12.2010 0,24MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.11.2010 0,41MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.11.2010 0,58MB 9.0.30729.4148
Microsoft Works Microsoft Corporation 16.12.2010 708MB 9.7.0621
Mozilla Firefox (3.6.13) Mozilla 25.01.2011 3.6.13 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 04.12.2010 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 04.12.2010 1,33MB 4.20.9876.0
MyWinLocker Egis Technology Inc. 03.11.2009 47,9MB 3.1.76.0
Norton Online Backup Symantec 03.11.2009 2,09MB 1.2.0.36
NTI Backup Now 5 NewTech Infosystems 03.11.2009 466MB 5.1.2.627
NTI Media Maker 8 NewTech Infosystems 03.11.2009 766MB 8.0.12.6623
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 25.11.2010 6.0.1.5969
Skype Toolbars Skype Technologies S.A. 04.12.2010 7,09MB 5.0.4126
Skype™ 5.0 Skype Technologies S.A. 04.12.2010 21,4MB 5.0.152
Synaptics Pointing Device Driver Synaptics Incorporated 25.11.2010 14.0.6.0
TeamSpeak 3 Client TeamSpeak Systems GmbH 04.12.2010
Welcome Center Acer Incorporated 25.11.2010 1.00.3008
Windows Live Anmelde-Assistent Microsoft Corporation 25.11.2010 1,94MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 25.11.2010 14.0.8089.0726
Windows Live Sync Microsoft Corporation 25.11.2010 2,79MB 14.0.8089.726
Windows Live-Uploadtool Microsoft Corporation 25.11.2010 0,22MB 14.0.8014.1029
WinRAR 04.12.2010
YouTube Downloader 2.6.3 BienneSoft 09.12.2010
YouTube Downloader Toolbar v4.1 Spigot, Inc. 10.12.2010 2,58MB 4.1
das ist mein erster post und ich hoffe ich habe alles richtig gemacht
Baum-Darstellung