Trojaner-Board - Hilfe! Kann bestimmte Seiten nicht mehr öffnen!

hier von MalwareBytes:

Code:

Malwarebytes' Anti-Malware 1.18

Datenbank Version: 893
 

17:42:47 26.06.2008

mbam-log-6-26-2008 (17-42-21).txt
 

Scan Art: Komplett Scan (C:\|)

Objekte gescannt: 155159

Scan Dauer: 2 hour(s), 41 minute(s), 51 second(s)
 

Infizierte Speicher Prozesse: 1

Infizierte Speicher Module: 3

Infizierte Registrierungsschlüssel: 9

Infizierte Registrierungswerte: 5

Infizierte Datei Objekte der Registrierung: 2

Infizierte Verzeichnisse: 1

Infizierte Dateien: 27
 

Infizierte Speicher Prozesse:

C:\Windows\mrofinu1535.exe (Trojan.DownLoader) -> No action taken.
 

Infizierte Speicher Module:

C:\Windows\System32\pmnnMgGw.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\yikixxmp.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\mljHawwU.dll (Trojan.Vundo) -> No action taken.
 

Infizierte Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83f350ce-c771-4e3f-a9ab-f18eb00a1a02} (Trojan.Vundo) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{83f350ce-c771-4e3f-a9ab-f18eb00a1a02} (Trojan.Vundo) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{0f8f84cf-dcba-4426-ac18-30a8ab00c526} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
 

Infizierte Registrierungswerte:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\349dee23 (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0f8f84cf-dcba-4426-ac18-30a8ab00c526} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.DownLoader) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM37aeddbf (Trojan.Agent) -> No action taken.
 

Infizierte Datei Objekte der Registrierung:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnmggw -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnmggw  -> No action taken.
 

Infizierte Verzeichnisse:

C:\Program Files\Temporary (Trojan.Agent) -> No action taken.
 

Infizierte Dateien:

C:\Windows\System32\pmnnMgGw.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\wGgMnnmp.ini (Trojan.Vundo) -> No action taken.

C:\Windows\System32\wGgMnnmp.ini2 (Trojan.Vundo) -> No action taken.

C:\Windows\System32\wvUljJYs.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\sYJjlUvw.ini (Trojan.Vundo) -> No action taken.

C:\Windows\System32\sYJjlUvw.ini2 (Trojan.Vundo) -> No action taken.

C:\Windows\System32\yikixxmp.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\pmxxikiy.ini (Trojan.Vundo) -> No action taken.

C:\Windows\System32\mljHawwU.dll (Trojan.Vundo) -> No action taken.

C:\Windows\mrofinu1535.exe (Trojan.DownLoader) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp0001622f (Trojan.Vundo) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp000205a3 (Trojan.Vundo) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp000224a5 (Trojan.Vundo) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp0002c598 (Trojan.Vundo) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp0002fd61 (Trojan.Vundo) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp000333c3 (Trojan.Vundo) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp0003c218 (Trojan.Vundo) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp0003c620 (Trojan.Vundo) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp00070daa (Trojan.Vundo) -> No action taken.

C:\Users\***\AppData\Local\Temp\tmp000d3f6b (Trojan.Vundo) -> No action taken.

C:\Users\***\Desktop\crack.exe (Trojan.Agent) -> No action taken.

C:\Windows\System32\hGVoljIx.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\ssqNEtRl.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\xxyaywvs.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\yaywTLFx.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\flkbmdle.dll (Trojan.Agent) -> No action taken.

C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> No action taken.

hier von HiJackThis:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:52:13, on 26.06.2008

Platform: Windows Vista  (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\ICQ6\ICQ.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: {c95a32c9-7955-7649-bb74-36801142d4eb} - {be4d2411-0863-47bb-9467-55979c23a59c} - C:\Windows\system32\kwybjaug.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O13 - Gopher Prefix: 

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

O17 - HKLM\System\CCS\Services\Tcpip\..\{C10264AA-99AA-4A33-A5B1-A91FABE06F20}: NameServer = 192.168.2.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 

--

End of file - 5286 bytes