Hilfe! Hab nen Trojan.Vundo

steevie1982 · 30.11.2005, 23:53

Hallo!

Ich hab mir den Trojaner Vundo eingefangen.
Norton zeigt mir C:\Windows\system32\mljgg.dll
Hier mein Log File
Danke schonmal im Vorraus!

:aplaus:

Logfile of HijackThis v1.98.2
Scan saved at 23:42:45, on 30.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
E:\Logitech\iTouch.exe
C:\WINDOWS\System32\rundll32.exe
E:\Logitech\SYSTEM\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\cFos\cFosDNT.exe
E:\Deamon Tool\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
E:\Mailbell\mailbell.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Bluetooth\bin\btwdins.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\javaw.exe
C:\WINDOWS\system32\cmd.exe
F:\Software\Sicherheit\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.clicktomakeasearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.clicktomakeasearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.clicktomakeasearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.clicktomakeasearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FlashGet\jccatch.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\mljgg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] E:\Logitech\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [cFosDNT] C:\Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Deamon Tool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Mailbell] "E:\Mailbell\mailbell.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programme\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Alles mit FlashGet laden - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - E:\Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5F2EBEA-A163-4277-AE62-4A4E2F3670CD}: NameServer = 217.237.150.97 217.237.150.225
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Expert · 01.12.2005, 00:06

@steevie1982

Logfile of HijackThis v1.98.2 ist veraltet,lade dir die neue Version HijackThis

#In der Systemsteuerung/software folgende deinstallieren
TheSearchAccelerator

#Scane mit Symantec Security Check ---->klicke auf Viren-erkennung (Virus Detection) dann Start. Downloading ActiveX erlauben,das Ergebnis hier posten.

#Lade dir Ewido Security Suite unbeding Update,noch nicht scannen.

#lade Adaware, Spybot unbeding Update,noch nicht scannen.

#Lade dir VirtumundoBegone & auf dem Desktop speichern.Bitte schliesse alle anderen Programme.
Doppelklicke auf VirtumundoBeGone.exe & Anweisungen folgen .
Achtung der Computer wird automatisch neustarten und mit einen Bluescreen Stop Error. Das ist normal.

#PC neustarten--> abgesicherter Modus
Starte das HijackThis "Scan" klicken (Folgende Einträge) Häckchen setzen & Button "Fix checked" klicken, PC neustarten
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.clicktomakeasearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.clicktomakeasearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.clicktomakeasearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.clicktomakeasearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - (no file)
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\mljgg.dll

#PC neustarten--> abgesicherter Modus
Arbeitsplatz -> rechter Mausklick -->Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"
Loesche:
C:\WINDOWS\System32\mljgg.dll

#PC neustarten--> abgesicherter Modus
1. Öffne notepad (editor) Unter Start/Ausführen den Befehl notepad eingeben,bestätigen,dann erscheit ein notepad editor.
Oder unter Start/Programme/Zubehör/Editor
2. copiere diser Code rein:

Zitat:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B5527 4-0F9A-41E5-9067-A3539BD9E860}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB 5-BD7D-4D49-A1AA-8AB0F3D3CB44}]

[-HKEY_CLASSES_ROOT\CLSID\{581F22DA-7202-4F21-AEF3-114787156016}]

[-HKEY_CLASSES_ROOT\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]

[-HKEY_CLASSES_ROOT\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}]

[-HKEY_CLASSES_ROOT\MSEvents.MSEvents]

[-HKEY_CLASSES_ROOT\MSEvents.MSEvents.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEve nts]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEve nts.1]

3. Speichere die Datei als fixvundo.reg auf Desktop
4. Doppel klick auf diese Datei fixvundo.reg

#PC neustarten--> abgesicherter Modus
#Starte Ewido Security Suite mach ein voller Scan (Complete System Scan)

#Danach der PC mit Adaware, Spybot scannen und alle Funde entfernen.

#Inhalt folgende ordner loeschen:
C:\Dokumente und Einstellungen\<Username>\Lokale Einstellungen\Temp---> Inhalt löschen
C:\Dokumente und Einstellungen\<Usename>\Lokale Einstellungen\Temporary Internet Files---> Inhalt löschen
C:\WINDOWS\temp---> Inhalt löschen
C:\WINDOWS\Prefetch---> Inhalt löschen

#Neue HijackThis Log,den Inhalt der Datei VBG.txt, die Du auf dem Desktop findest, Symantec Security Check Ergebnis & den Report des Ewido Scans hier posten.

Gruss
Expert

steevie1982 · 03.12.2005, 15:40

Hallo! Hat alle super geklappt!

Allerdings hatte ich in bei Systemsteuerung Software kein TheSearchAccelerator

Hier meine ganzen Logs

Logfile of HijackThis v1.99.1
Scan saved at 00:10:55, on 02.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ewido\security suite\SecuritySuite.exe
F:\Software\Sicherheit\Hijack This\HijackThis.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] E:\Logitech\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [cFosDNT] C:\Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Deamon Tool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvtq - C:\WINDOWS\
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

VBG

[12/01/2005, 22:52:48] - Starting Process...
[12/01/2005, 22:52:48] - Looking for Browser Helper Object [MSEvents Object]
[12/01/2005, 22:52:48] - 1: {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} -
[12/01/2005, 22:52:48] - WARNING: 1: {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - BHO Name is blank.
[12/01/2005, 22:52:48] - Checking for WinLogon Notify reference. (File: )
[12/01/2005, 22:52:48] - Couldn't find in Winlogon Notify. Ignoring {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A}.
[12/01/2005, 22:52:48] - 2: {A5366673-E8CA-11D3-9CD9-0090271D075B} - IeCatch2 Class
[12/01/2005, 22:52:48] - 3: {B313D637-F405-4052-AC37-E2119AB3C8F8} - MSEvents Object
[12/01/2005, 22:52:48] - Found MSEvents Object!
[12/01/2005, 22:52:48] - File location: C:\WINDOWS\System32\mljgg.dll
[12/01/2005, 22:52:48] - Attempting to kill C:\WINDOWS\System32\mljgg.dll
[12/01/2005, 22:52:48] - Terminating Process: RUNDLL32.EXE
[12/01/2005, 22:52:48] - Terminating Process: IEXPLORE.EXE
[12/01/2005, 22:52:48] - Disabling Automatic Shell Restart
[12/01/2005, 22:52:48] - Terminating Process: EXPLORER.EXE
[12/01/2005, 22:52:49] - Suspending the NT Session Manager System Service
[12/01/2005, 22:52:49] - Terminating Windows NT Logon/Logoff Manager
[12/01/2005, 22:52:49] - Re-enabling Automatic Shell Restart
[12/01/2005, 22:52:49] - Renaming C:\WINDOWS\System32\mljgg.dll -> C:\WINDOWS\System32\mljgg.dll.vir
[12/01/2005, 22:52:49] - File successfully renamed!
[12/01/2005, 22:52:49] - Removing Registry references to {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/01/2005, 22:52:49] - Adding Internet Explorer Protection (Kill ActiveX) for {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/01/2005, 22:52:49] - Removing Winlogon Notify Entry: mljgg
[12/01/2005, 22:52:49] - BHO list has been changed! Starting over...
[12/01/2005, 22:52:49] - 1: {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} -
[12/01/2005, 22:52:49] - WARNING: 1: {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - BHO Name is blank.
[12/01/2005, 22:52:49] - Checking for WinLogon Notify reference. (File: )
[12/01/2005, 22:52:49] - Couldn't find in Winlogon Notify. Ignoring {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A}.
[12/01/2005, 22:52:49] - 2: {A5366673-E8CA-11D3-9CD9-0090271D075B} - IeCatch2 Class
[12/01/2005, 22:52:49] - Finished searching for [MSEvents Object]
[12/01/2005, 22:52:49] - Finishing up...
[12/01/2005, 22:52:49] - Enabling Automatic Reboot on STOP Error.
[12/01/2005, 22:52:49] - Attempting to Restart via STOP error (Blue Screen!)

[12/01/2005, 22:55:58] - Starting Process...
[12/01/2005, 22:55:58] - Looking for Browser Helper Object [MSEvents Object]
[12/01/2005, 22:55:58] - 1: {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} -
[12/01/2005, 22:55:58] - WARNING: 1: {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - BHO Name is blank.
[12/01/2005, 22:55:58] - Checking for WinLogon Notify reference. (File: )
[12/01/2005, 22:55:58] - Couldn't find in Winlogon Notify. Ignoring {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A}.
[12/01/2005, 22:55:58] - 2: {A5366673-E8CA-11D3-9CD9-0090271D075B} - IeCatch2 Class
[12/01/2005, 22:55:58] - Finished searching for [MSEvents Object]
[12/01/2005, 22:55:58] - Nothing found! Exiting.

Symantec Security Check

Virus Status: Safe!
Your computer is free of known threats.
Virus Status: Infected!
Your computer is infected with at least one known threat.

56954 files scanned, 1 file(s) infected on your disk drives.

No viruses were detected in memory.

Your computer is infected with at least one known virus or Trojan horse.

Note: The scan was cancelled before finishing. There may be more infected files on this computer.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

A scan has not been run. To start Virus Detection, click here.

C:\WINDOWS\system32\wudupdate.exe is infected with Adware.Istbar

ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 00:02:21, 02.12.2005
+ Report-Checksumme: D747ED88

+ Scanergebnis:

HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Fehler beim Säubern
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Fehler beim Säubern
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Fehler beim Säubern
C:\Dokumente und Einstellungen\++++++\Cookies\++++++@ad.adition[2].txt -> Spyware.Cookie.Adition : Gesäubert mit Backup
C:\Dokumente und Einstellungen\++++++\Cookies\++++++@adtech[2].txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
C:\Dokumente und Einstellungen\++++++\Cookies\++++++@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\++++++\Cookies\++++++@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\++++++\Cookies\++++++@fastclick[1].txt -> Spyware.Cookie.Fastclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\++++++\Cookies\++++++@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\++++++\Cookies\++++++@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
C:\Dokumente und Einstellungen\++++++\Cookies\++++++@sel.as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\++++++\Cookies\++++++@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Gesäubert mit Backup
C:\Programme\Spybot - Search & Destroy\Includes\Hosts.sbs -> Trojan.Qhost.ew : Gesäubert mit Backup

::Report Ende

Bis Jetzt hat sich vundo nicht mehr gemeldet

! Dank Euch

hoffe ich auch das
das so bleibt. Weiter so!

Gruß steevie1982

Hilfe! Hab nen Trojan.Vundo

Log-Analyse und Auswertung: Hilfe! Hab nen Trojan.Vundo