Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei Trojaner (https://www.trojaner-board.de/104925-bundespolizei-trojaner.html)

hood 08.11.2011 13:26
Bundespolizei Trojaner
 
hallo, habe seit gestern auch den bundespolizei trojaner auf meinem windows 7. wie gehe ich jetzt vor um ihn zu entfernen. habe die srep.exe schon auf einen stick gezogen. wo gebe ich den befehl start srep.exe ein?

hood 08.11.2011 13:45
so hier der text aus der shell.txt, nachdem der scan durchgelaufen ist:

WIN_7 X64
Running from K:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.


[System Process]
System
smss.exe
csrss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
explorer.exe
cmd.exe
conhost.exe
svchost.exe
WMIADAP.exe
WmiPrvSE.exe
cmd.exe
conhost.exe
srep.exe


HKLM\..\Run [avgnt] = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [Adobe ARM] = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU\..\Run [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] = "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKCU\..\Run [msnmsgr] = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\..\Run [vasja] = C:\Users\hood\AppData\Local\Temp\new.exe

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-949310690-1958226205-4055196132-1000\..\Winlogon; Shell =
HKU\S-1-5-21-949310690-1958226205-4055196132-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-949310690-1958226205-4055196132-1000\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-949310690-1958226205-4055196132-1000\..\Run [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] = "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-949310690-1958226205-4055196132-1000\..\Run [msnmsgr] = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-949310690-1958226205-4055196132-1000\..\Run [vasja] = C:\Users\hood\AppData\Local\Temp\new.exe


x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2870272- ]
No action taken
HKCUx6464\..\Winlogon; Shell =
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell =

==== FINISH 08.11-13.32 ====


was muss ich nun weiter tun


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131