Trojan.Win32.generic

evdevil

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6674

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25.05.2011 18:23:07
mbam-log-2011-05-25 (18-23-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158647
Laufzeit: 10 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 7
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\dokumente und einstellungen\Norbert\anwendungsdaten\windefender.exe (Malware.Packer.GenX) -> 2620 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{6F6E86F1-FD0D-BBAB-B14B-B3B972BFFBDA} (Malware.Packer.GenX) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6F6E86F1-FD0D-BBAB-B14B-B3B972BFFBDA} (Malware.Packer.GenX) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{6F6E86F1-FD0D-BBAB-B14B-B3B972BFFBDA} (Malware.Packer.GenX) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1CYI8Q51-31AK-XUS8-3J02-75AQVK4214G7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1CYI8Q51-31AK-XUS8-3J02-75AQVK4214G7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1CYI8Q51-31AK-XUS8-3J02-75AQVK4214G7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31P7J017-R14K-51TO-1455-83255AAI2P3G} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31P7J017-R14K-51TO-1455-83255AAI2P3G} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{31P7J017-R14K-51TO-1455-83255AAI2P3G} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Malware.Packer.GenX) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Defender (Malware.Packer.GenX) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Malware.Packer.GenX) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Trojan.Agent) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Trojan.Agent) -> Value: HKLM -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\Norbert\anwendungsdaten\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Norbert\anwendungsdaten\Baidu\Toolbar (Trojan.Cinmus) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Norbert\anwendungsdaten\Baidu\Toolbar\custom buttons (Trojan.Cinmus) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Norbert\anwendungsdaten\windefender (Rogue.WinDefender) -> Quarantined and deleted successfully.
c:\programme\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programme\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programme\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\dokumente und einstellungen\Norbert\anwendungsdaten\windefender.exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Norbert\anwendungsdaten\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\extracted\password.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\install\server.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sed.dll (Trojan.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\sys32\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Norbert\anwendungsdaten\Baidu\Toolbar\custom buttons\custom.xml (Trojan.Cinmus) -> Quarantined and deleted successfully.