Computerhilfen.de Logo
Forum
Tipps
News
Frage stellen
search
search

Windows XP: Wei entferne ich Spyware, Mailware, Trojaner und Virus vom PC?

Seit paar Tage bekomme ich die Meldung Antivirus 2009 zu intallieren. Und das ist nicht das einzige Problem, ich habe gerade mit Malware mein PC dursucht, bekomme ich bis jetzt die Meldung das 30 Objekte infiziert sind, das Programm läuft noch, wer weiß wie viele Infizierungen noch drauf sind.
H I L F E!!!!
Wei bemkomme ich den sch.... wieder weg????

Total verzweifelt!!!!




Mein Computer-System:
   
Mein PC ist etwa älter als 6 Jahre alt.


Letze Aenderungen bevor der Fehler auftrat:

Ich habe neue Software installiert: 

Moderator informieren  


Antworten zu Windows XP: Wei entferne ich Spyware, Mailware, Trojaner und Virus vom PC?:

..die sicherste Lösung ist immer wichtige Daten sichern und anschließend Formatieren/Neu-Installieren.
Wenn malewarbytes durch ist Funde löschen, läuft es im abgesicherten Modus?
danach erstell mal mit www.hijackthis.de eine logfile und poste sie..vieleicht? ist ja noch was zu machen..

Moderator informieren  

Seit 1 Std. läuft Malwarebytes mit 32 Funde und auch Antivirus mit 123 Warnungen, allerding nicht im Abgesicherten Modus.
Ich warte bis die 2 Programme durch sind.
Vielen Dank für Deine Antwort.
 

Moderator informieren  

..du mußt es im abgesicherten Modus laufen lassen, denn etliche Datein sind im normal Modus gesperrt..
Denke deswegen läuft es auch so lang..lösch trotzdem alle Funde und geh dann in den abgesicherten Modus. 

« Letzte Änderung: 05.10.08, 12:40:30 von copy »
Moderator informieren  

Wie starte ich den PC in abgesicherten Modus... sorry, aber bin leie was das Chaos angeht :-(

Moderator informieren  

..du machst einen Neustart (wenn er schon an ist) und drückst wenn er wieder hochfährt F8 (mußt richtig drücken, falls er piepst hör auf)..
Dann abgesicherten Modus auswählen (Pfeiltasten) 

« Letzte Änderung: 05.10.08, 12:47:08 von copy »
Moderator informieren  

Ich habe den PC in abgesicherten Modus hoch gefahren und die Anti-Malware gestartet.
Zeigte mir 57 Infizierte Objekte, habe auch gespeichert, aber wo ich den PC normal hochgefahren habe, finde ich nicht die Datei die ich gespeichert habe :-(

Moderator informieren  

 
Suchst Du die Log-datei mit den Scanergebnissen oder eine verseuchte Datei, die der Scanner evtl. gelöscht hat?
 

Moderator informieren  

..die Datein von Malwarebytes Gefundene..Löschen.

Moderator informieren  

oder such mal nach MBAM  ???

Moderator informieren  

Hallo,

ich hoffe ich habe einwenig Erfolg gehabt.
Hier sind die Berichte die ich in abgesicherten Modus ausgeführt habe.

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

05.10.2008 15:14:37
mbam-log-2008-10-05 (15-14-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 86559
Time elapsed: 1 hour(s), 13 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ljJCtrsp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ulysfi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sjmowo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iqftgz.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79265862-1eed-451a-835b-6a55d0b79c60} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{79265862-1eed-451a-835b-6a55d0b79c60} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bb41de5a-0a61-4540-aa85-499c8d5c586d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0aa68643-dd8f-4268-b229-f4e690fedc17} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66ee9e1e-c6aa-4aac-83cd-2a50ba4d0b90} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\saix.installercaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\847bdae8 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8748e974 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjctrsp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjctrsp  -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ljJCtrsp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\psrtCJjl.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\psrtCJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfnefvro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\orvfenfk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kxlvvhfr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rfhvvlxk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrqiaccd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dccaiqrx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yybmhudn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nduhmbyy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulysfi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sjmowo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iqftgz.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP810\A0872855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0878287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0878288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0879505.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0879506.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0881509.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0883888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebcaaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gvmcrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gyakyy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqkojami.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8748e974.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8748e974.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


Anschließend habe ich wieder mal Antimalware gestartet.

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

05.10.2008 16:31:03
mbam-log-2008-10-05 (16-31-03).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Und dann wider gestartetweil ich sicher sein wollte... zeigte mir wieder mal Fund:

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

05.10.2008 17:16:20
mbam-log-2008-10-05 (17-16-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 88159
Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8748e974 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\847bdae8 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886893.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886895.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886897.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886899.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886902.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886903.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886912.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886913.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886915.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

05.10.2008 17:16:20
mbam-log-2008-10-05 (17-16-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 88159
Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8748e974 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\847bdae8 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886893.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886895.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886897.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886899.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886902.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886903.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886912.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886913.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886915.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Ist mein PC jetzt befreit von Virus und bösartige Angreifern?

Vielen Dank für die HILFE :-)

LG, Angel
 

Moderator informieren  

Hat dir diese Antwort geholfen?

Danke ButtonHilfreiche Antwort Button

Mach nen neustart und nochmal den Scan wenn dann nix gefunden wird ist er sauber!!

Die meißten Funde saßen in der Systemwiederherstellung also halb so schlimm.

Moderator informieren  

Den Scan in abgesicherten Modus oder normal Modus durchführen?
Zur Zeit im hintergrund läuft Avira und ist bei ca. 50 % und zeigt das 125 Warnungen habe ....
Was soll ich jetzt machen?

GANG GROßEN DANK

Moderator informieren  

Hat dir diese Antwort geholfen?

Danke ButtonHilfreiche Antwort Button

Lass Malwarebytes nach dem Avira Scan im abgesicherten modus Scannen.

Moderator informieren  

OK. Ich mache das.
Bist Du noch online, falls ich noch Fragen habe das Du mir weiter hilfst?

Moderator informieren  

Seiten: [1] 2  Alle
« Prozess tybwporc.exeTrojan-Downloader.Win32.Agent.bq ??? »
 

Schnelle Hilfe: Hier nach ähnlichen Fragen und passenden Tipps suchen!

angel-of-dream Gast

Datum: 05.10.08, 12:00:46

7051x gelesen, 24 Antworten.

Seiten: [1] 2  Alle

0 und 1 Gast betrachten dieses Thema.
Fremdwörter? Erklärungen im Lexikon!
Malware
Mit Malware bezeichnet man allgemein Schadprogramme, die dazu entwickelt worden schädliche Funktionen auf Computern auszuführen. Das Wort setzt sich zusammen au...

Internet-Zugriffsprogramm
Ein Internet-Zugriffsprogramm, auch Browser genannt, stellt Internetseiten für den Benutzer dar. Am bekanntesten ist der Microsoft Internet Explorer, gefolgt vom kos...

Programm
Siehe Software...


Mehr zu Windows XP: Wei entferne ich Spyware, Mailware, Trojaner und Virus vom PC?

Windows 7 2Windows XP Spyware

Microsoft hat ein paar neue Features in Windows XP eingebaut; und zum ersten Mal auch sogenannte Spy...

SpywareSpyware finden und entfernen

Einführung: Unter Spyware versteht man Programme, Dateien und Funktionen, die Daten über das Surf...

FestplatteFestplatte formatieren

So formatiert man die Windows-Festplatte...

Ähnliche Fragen: