Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Auswertung von Malwarebytes Bericht (https://www.trojaner-board.de/89537-auswertung-malwarebytes-bericht.html)

TakeEast 15.08.2010 18:22
Auswertung von Malwarebytes Bericht
 
Hi!
ich hatte bis vor kurzem den netten AV Security Suite Virus auf meinem Lappi, diesen habe ich dann mit dem Tutorial von euch gelöscht dafür schön mal ein fettes danke! nur um sicherzugehen, dass es auch wirklich weg ist würde ich gerne hier meinen Malwarebytes Bericht von euch auswerten lassen.
Ich hoffe ich bin hier im richtigen Forum gelandet, wenn nicht bitte ich um Vergebung da ich ein totaler Neuling bin.

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4433

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.08.2010 18:38:48
mbam-log-2010-08-15 (18-38-48).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135970
Laufzeit: 5 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 29
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 8
Infizierte Dateien: 20

Infizierte Speicherprozesse:
C:\Program Files (x86)\ResultDns\resultdns.exe (Adware.ResultDns) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Program Files (x86)\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gabpath (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDns) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b824c01c-eba5-4190-a7e0-b2d00b414b77} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b824c01c-eba5-4190-a7e0-b2d00b414b77} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7d1f30b-5f55-4026-a32e-98158ba428ac} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7d1f30b-5f55-4026-a32e-98158ba428ac} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e89644b5-6a15-4466-9731-0bb89ac5dfa1} (Adware.Tango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e89644b5-6a15-4466-9731-0bb89ac5dfa1} (Adware.Tango) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipusp (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kgqnmsbp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://home.tangotoolbar.com/) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Users\Carmen\AppData\Roaming\GabPath (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ResultDns (Adware.ResultDns) -> Delete on reboot.
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files (x86)\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Windows\System32\2778.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Users\Carmen\AppData\Local\Temp\eacxmrwons.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Carmen\AppData\Local\Temp\wzfc2c\The.Sims.2.IKEA.Home.Stuff.GENERIC_KEYGEN-FFF\fff-ea173.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsq99D0.tmp\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Users\Carmen\AppData\Roaming\GabPath\config.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Carmen\AppData\Roaming\GabPath\GPUninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\ResultDns\resultdns110.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\ProgramData\ResultDns\resultdns111.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome.manifest (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\install.rdf (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome\resultdns.jar (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences\prefs.js (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot.
C:\Program Files (x86)\ResultDns\uninstall.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\jnipmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Carmen\AppData\Local\bsgqmmukh\dgwdpwjshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\2778.dll (Adware.Tango) -> Quarantined and deleted successfully.
Weitere Informationen zu dem Rechner habe ich im Moment nicht, da ich ihn nicht hier habe, ich hoffe diese hier genügen.

Dann schon mal ein danke im voraus!
MFG

cosinus 15.08.2010 20:13
Zitat:
C:\Users\Carmen\AppData\Local\Temp\wzfc2c\The.Sims.2.IKEA.Home.Stuff.GENERIC_KEYGEN-FFF\fff-ea173.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131