 Logfile Trojaner, adf.exe, ade.exe und weitere
 Hallo zusammen,
habe mir wohl adf.exe, ade.exe eingefangen. Daher poste ich hier mein logfile, das malwarebytes' ergeben hat. Vielen Dank für Kommentare und Hilfe.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6585
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15.05.2011 22:33:05
mbam-log-2011-05-15 (22-33-05).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 251419
Laufzeit: 1 Stunde(n), 17 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 7
Infizierte Dateien: 21
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\� (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GabPath (Adware.GabPath) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Downloader.AS) -> Value: R8388QA8U8 -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\dokumente und einstellungen\Tanja\anwendungsdaten\GabPath (Adware.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{1a615ea8-4c56-49ee-be83-f9a264b79997} (Adware.ResultDns) -> Delete on reboot.
c:\programme\mozilla firefox\extensions\{1a615ea8-4c56-49ee-be83-f9a264b79997}\chrome (Adware.ResultDns) -> Delete on reboot.
c:\programme\mozilla firefox\extensions\{1a615ea8-4c56-49ee-be83-f9a264b79997}\defaults (Adware.ResultDns) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{1a615ea8-4c56-49ee-be83-f9a264b79997}\defaults\preferences (Adware.ResultDns) -> Quarantined and deleted successfully.
c:\recycle.bin (Trojan.Spyeyes) -> Delete on reboot.
Infizierte Dateien:
c:\programme\mozilla firefox\components\gpff.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tanja\lokale einstellungen\Temp\13.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tanja\lokale einstellungen\Temp\C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
c:\dokumente und einstellungen\Tanja\lokale einstellungen\Temp\0.4618023902438211.exe (Trojan.Dropper) -> Delete on reboot.
c:\dokumente und einstellungen\Tanja\lokale einstellungen\Temp\0.836855175343511.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\recycle.bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tanja\anwendungsdaten\Adobe\plugs\mmc26.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tanja\anwendungsdaten\Adobe\plugs\mmc93.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tanja\lokale einstellungen\Temp\Ade.exe (Trojan.Downloader.AS) -> Delete on reboot.
c:\dokumente und einstellungen\Tanja\anwendungsdaten\GabPath\config.cfg (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{1a615ea8-4c56-49ee-be83-f9a264b79997}\chrome.manifest (Adware.ResultDns) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{1a615ea8-4c56-49ee-be83-f9a264b79997}\install.rdf (Adware.ResultDns) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{1a615ea8-4c56-49ee-be83-f9a264b79997}\chrome\resultdns.jar (Adware.ResultDns) -> Delete on reboot.
c:\programme\mozilla firefox\extensions\{1a615ea8-4c56-49ee-be83-f9a264b79997}\defaults\preferences\prefs.js (Adware.ResultDns) -> Quarantined and deleted successfully.
c:\recycle.bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
| 
Linear-Darstellung
