![]() |
|
Plagegeister aller Art und deren Bekämpfung: Dateien versteckt, Desktop leer - Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Dateien versteckt, Desktop leer - Trojaner? Guten Tag, Folgende Symptome sind aufgetreten: Der Desktop war ein leerer schwarzer Bildschirm, die meisten Dateien waren versteckt und diverse Anzeigen meldeten einen Defekt der Festplatte. Allgemein ähnliche Probleme, wie andere User, die sich über ein gewisses "TR/Kazy" beklagen. Ich hab bis jetzt unhide.exe ausgeführt und einen quickscan mit Malewarebytes gemacht, nach einem Neustart waren zumindestens die Order auf dem Desktop wieder sichtbar. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6649 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.05.2011 13:04:47 mbam-log-2011-05-23 (13-04-47).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 163262 Laufzeit: 8 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 26 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 13 Infizierte Verzeichnisse: 2 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{D032570A-5F63-4812-A094-87D007C23012} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D032570A-5F63-4812-A094-87D007C23012} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D032570A-5F63-4812-A094-87D007C23012} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorNE (Rogue.RegistryDoktor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4BD2D6C3-31DC-B947-23D0-DC52EC4F0C4C} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\XTTB00001.IEToolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\XTTB00001.IEToolbar (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (D:\DOKUME~1\RALFLI~1\ANWEND~1\MACROM~1\Common\baf3c07e1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (D:\DOKUME~1\RALFLI~1\ANWEND~1\MACROM~1\Common\baf3c07e1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (D:\DOKUME~1\RALFLI~1\ANWEND~1\MACROM~1\Common\baf3c07e1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (D:\DOKUME~1\RALFLI~1\ANWEND~1\MACROM~1\Common\baf3c07e1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (D:\DOKUME~1\RALFLI~1\ANWEND~1\MACROM~1\Common\baf3c07e1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (D:\DOKUME~1\RALFLI~1\ANWEND~1\MACROM~1\Common\baf3c07e1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (D:\DOKUME~1\RALFLI~1\ANWEND~1\MACROM~1\Common\baf3c07e1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (D:\DOKUME~1\RALFLI~1\ANWEND~1\MACROM~1\Common\baf3c07e1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe italc.ifo before1main) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: d:\dokumente und einstellungen\all users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully. c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: d:\dokumente und einstellungen\ralf link\anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully. d:\dokumente und einstellungen\all users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. c:\programme\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. Ich hoffe mir kann irgendjemand helfen, danke schon einmal. |
Themen zu Dateien versteckt, Desktop leer - Trojaner? |
.dll, antivirus, anzeige, avp, bildschirm, browser, dateien, dateien versteckt, desktop, desktop leer, disabletaskmgr, diverse, einstellungen, explorer, file, helper, hijack.shell, icq, microsoft, neustart, programme, recycle.bin, rogue.registrydoktor, rogue.winantivirus, rundll, schwarzer bildschirm, software, system, trojan.agent, trojaner, trojaner?, winlogon |