GVU Trojaner Bundesamt für Sicherheit

s.nahrhold

Liebe Leute,

ich habe mir oben genannten Trojaner eingefangen. Mit einem zweiten Laptop habe ich mir "Malwarebytes Anti-Maleware" runtergeladen und einen Scan durchgeführt.
Das Programm hat Datein gefunden und gelöscht. Hier die Datei die es ausgespuckt hat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.20.09

Windows XP Service Pack 3 x86 NTFS

20.08.2012 22:30:50
mbam-log-2012-08-20 (22-30-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 368418
Time elapsed: 18 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Quarantined and deleted successfully.
HKCR\linkrdr.AIEbho.1 (Trojan.Banker) -> Quarantined and deleted successfully.
HKCR\linkrdr.AIEbho (Trojan.Banker) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\WINDOWS.0\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 57
C:\Dokumente und Einstellungen\spups\Lokale Einstellungen\Temp\wpbt0.dll (Trojan.FakeMS) -> Delete on reboot.
C:\WINDOWS.0\system32\AcroIEHelpe.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\spups\Lokale Einstellungen\Temp\IEPASS.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\spups\Lokale Einstellungen\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\spups\Lokale Einstellungen\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\spups\Startmenü\Programme\Autostart\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\2936_FF_0000000256.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000257.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000258.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000259.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000260.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000261.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000262.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000263.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000264.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000265.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000266.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000267.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000268.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000269.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000270.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000271.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000272.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000273.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000274.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000275.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000276.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000277.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000278.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000279.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000280.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000281.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000282.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000283.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000284.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000285.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000286.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000287.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000288.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000289.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000290.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000291.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000292.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000293.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000294.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000295.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000296.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000297.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000298.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000299.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000300.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000301.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000302.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000303.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000304.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000305.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\xmldm\3940_FF_0000000306.htm (Stolen.Data) -> Quarantined and deleted successfully.

(end)


Habe ich alles nötige getan?

Grüße,

Sandra