malerebyte

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 948
Windows 6.0.6001 Service Pack 1

15:51:21 14.07.2008
mbam-log-7-14-2008 (15-51-21).txt

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 159599
Scan Dauer: 45 minute(s), 9 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 3
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 29

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\Users\user\AppData\Local\Temp\munoqplx.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\80d79745 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\Users\user\AppData\Local\Temp\munoqplx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\user\AppData\Local\Temp\xxyxXnki.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\user\AppData\Local\Temp\jkkJawtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZ8SQWK\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZ8SQWK\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZ8SQWK\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSAK39UD\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\bgbobwvh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\rsjdylnx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00008507 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp000094fe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00009896 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000a38e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000b431 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000b51b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000bc3c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000be01 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000c10d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000e79f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000eaab (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000f527 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0000f8fe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp00010ea0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0001143b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp0001d2e7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\urujnqpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\xoajlaff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\yekvceyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\yvlwdwov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
         

neu gestartet auch schon, dannach als fehlermeldung

C:\Users\user\AppData\Local\Temp\xxyxXnki.dll konnte nicht geöffnet werden

hijackthis nach den scann:

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:12, on 14.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Users\user\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O13 - Gopher Prefix: 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 5998 bytes
         

is nu wieder alles sauber???