Windows XP: Wei entferne ich Spyware, Mailware, Trojaner und Virus vom PC?

..die sicherste Lösung ist immer wichtige Daten sichern und anschließend Formatieren/Neu-Installieren.
Wenn malewarbytes durch ist Funde löschen, läuft es im abgesicherten Modus?
danach erstell mal mit www.hijackthis.de eine logfile und poste sie..vieleicht? ist ja noch was zu machen..

Seit 1 Std. läuft Malwarebytes mit 32 Funde und auch Antivirus mit 123 Warnungen, allerding nicht im Abgesicherten Modus.
Ich warte bis die 2 Programme durch sind.
Vielen Dank für Deine Antwort.
 

..du mußt es im abgesicherten Modus laufen lassen, denn etliche Datein sind im normal Modus gesperrt..
Denke deswegen läuft es auch so lang..lösch trotzdem alle Funde und geh dann in den abgesicherten Modus. 

Wie starte ich den PC in abgesicherten Modus... sorry, aber bin leie was das Chaos angeht :-(

..du machst einen Neustart (wenn er schon an ist) und drückst wenn er wieder hochfährt F8 (mußt richtig drücken, falls er piepst hör auf)..
Dann abgesicherten Modus auswählen (Pfeiltasten) 

Ich habe den PC in abgesicherten Modus hoch gefahren und die Anti-Malware gestartet.
Zeigte mir 57 Infizierte Objekte, habe auch gespeichert, aber wo ich den PC normal hochgefahren habe, finde ich nicht die Datei die ich gespeichert habe :-(

 
Suchst Du die Log-datei mit den Scanergebnissen oder eine verseuchte Datei, die der Scanner evtl. gelöscht hat?
 

..die Datein von Malwarebytes Gefundene..Löschen.

oder such mal nach MBAM  ???

Hallo,

ich hoffe ich habe einwenig Erfolg gehabt.
Hier sind die Berichte die ich in abgesicherten Modus ausgeführt habe.

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

05.10.2008 15:14:37
mbam-log-2008-10-05 (15-14-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 86559
Time elapsed: 1 hour(s), 13 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ljJCtrsp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ulysfi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sjmowo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iqftgz.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79265862-1eed-451a-835b-6a55d0b79c60} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{79265862-1eed-451a-835b-6a55d0b79c60} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bb41de5a-0a61-4540-aa85-499c8d5c586d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0aa68643-dd8f-4268-b229-f4e690fedc17} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66ee9e1e-c6aa-4aac-83cd-2a50ba4d0b90} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\saix.installercaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\847bdae8 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8748e974 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjctrsp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjctrsp  -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ljJCtrsp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\psrtCJjl.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\psrtCJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfnefvro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\orvfenfk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kxlvvhfr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rfhvvlxk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrqiaccd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dccaiqrx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yybmhudn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nduhmbyy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulysfi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sjmowo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iqftgz.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP810\A0872855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0878287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0878288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0879505.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0879506.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP815\A0881509.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0883888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebcaaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gvmcrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gyakyy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqkojami.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8748e974.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8748e974.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


Anschließend habe ich wieder mal Antimalware gestartet.

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

05.10.2008 16:31:03
mbam-log-2008-10-05 (16-31-03).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Und dann wider gestartetweil ich sicher sein wollte... zeigte mir wieder mal Fund:

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

05.10.2008 17:16:20
mbam-log-2008-10-05 (17-16-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 88159
Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8748e974 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\847bdae8 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886893.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886895.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886897.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886899.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886902.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886903.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886912.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886913.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886915.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

05.10.2008 17:16:20
mbam-log-2008-10-05 (17-16-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 88159
Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8748e974 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\847bdae8 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886893.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886895.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886897.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886899.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886902.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886903.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886912.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886913.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886915.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BCD8B44-2A03-48D7-BC24-45DD31FF6FC9}\RP817\A0886916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Ist mein PC jetzt befreit von Virus und bösartige Angreifern?

Vielen Dank für die HILFE :-)

LG, Angel
 

Mach nen neustart und nochmal den Scan wenn dann nix gefunden wird ist er sauber!!

Die meißten Funde saßen in der Systemwiederherstellung also halb so schlimm.

Den Scan in abgesicherten Modus oder normal Modus durchführen?
Zur Zeit im hintergrund läuft Avira und ist bei ca. 50 % und zeigt das 125 Warnungen habe ....
Was soll ich jetzt machen?

GANG GROßEN DANK

Lass Malwarebytes nach dem Avira Scan im abgesicherten modus Scannen.

OK. Ich mache das.
Bist Du noch online, falls ich noch Fragen habe das Du mir weiter hilfst?