- Rookit und Sirefef -Malwarebytes

Mr.Mkay · 23.06.2012, 12:54

So mein Lieber,

Malwarebyteslog ( Habe alle Vögel entfernt, so dass sie in Quarantäne sind ).

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.22.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Marcel Klahn :: MEINPC [Administrator]

Schutz: Aktiviert

22.06.2012 14:16:05
mbam-log-2012-06-22 (23-54-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440498
Laufzeit: 1 Stunde(n), 45 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Marcel Klahn\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Keine Aktion durchgeführt.
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)

Und ESETlog:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8949f9efc4118d43b672d2a957c6d0e0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-22 01:01:39
# local_time=2012-06-22 03:01:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 21041 115828864 22387 0
# compatibility_mode=5892 16776574 66 95 103442810 177846285 0 0
# compatibility_mode=8192 67108863 100 0 273 273 0 0
# scanned=244590
# found=19
# cleaned=0
# scan_time=13342
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88	Java/Exploit.CVE-2011-3544.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe	a variant of Win32/Adware.CiDHelp application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=87fd32826fbcd9498c8d58c38a192daa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-23 11:44:39
# local_time=2012-06-23 01:44:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 71178 115954075 61598 0
# compatibility_mode=5892 16776574 100 95 103568021 177971496 0 0
# compatibility_mode=8192 67108863 100 0 125484 125484 0 0
# scanned=245852
# found=14
# cleaned=0
# scan_time=13112
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88	Java/Exploit.CVE-2011-3544.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe	a variant of Win32/Adware.CiDHelp application (unable to clean)	00000000000000000000000000000000	I

- Rookit und Sirefef -Malwarebytes

Plagegeister aller Art und deren Bekämpfung: - Rookit und Sirefef -Malwarebytes

- Rookit und Sirefef -Malwarebytes

Ähnliche Themen: - Rookit und Sirefef -Malwarebytes