Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hilfe ich habe ein Problem mit Virtumonde und wie bekomm ich es weg (https://www.trojaner-board.de/56079-hilfe-habe-problem-virtumonde-bekomm-weg.html)

Znake 16.07.2008 12:04

Hilfe ich habe ein Problem mit Virtumonde und wie bekomm ich es weg
 
Hallo,
ich hoffe mir kann hier bitte jemand ausführlich erklären wie ich virtumonde von meinen PC entfernen kann. Hab schon bei google etwas nachgelesen aber das hat mich nicht wirklich weiter geholfen.
Also ich habe spybot und er findet virtumonde (virtumonde.dll, auch aber wenn ich mein PC neu starte kommt virtumonde sofort wieder.
Auch wenn ich 2x hintereinander denn Suchlauf von spybot aktiviere ist es schon wieder da.
Aber wenn ich denn suchlauf nicht starte und das Problem virtumonde nicht behebe und so ins Internet gehe kann ich einige Internetseiten nicht mehr öffnen auf denen ich öfter bin.
Außerdem hab ich wahrscheinlich auch durch virtumonde das Problem dass mein Explorer wenn ich mein PC starte total viel Arbeitspeicher beansprucht und der pc voll langsam wirt.

Mein Betriebssytem ist Windows XP, aber von Pfadangaben hab ich leider keine Ahnung wie bekomm ich die heraus?!?

Bitte helft mir ausführlich bei diesem Problem da ich mich auch nicht 100% mit dem PC auskenne!!!

MfG Znake

trojan-death 16.07.2008 12:07

Hi Znake und :hallo:

Bitte erstelle als erstes ein Hijackthis Logfile:daumenhoc
Bitte lass Malwarebytes laufen, lass alles löschen was er findet und poste das Log:daumenhoc

Znake 18.07.2008 18:18

Hallo trojan-death,

hier sind einmal die HiJackThis Logfile und Malwarebytes Anti-Malware Daten



HiJackThis Logfile

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:26, on 18.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
D:\Programme\Winamp\winampa.exe
C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
D:\Programme\Veoh Networks\Veoh\VeohClient.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ICQ6\ICQ.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Dokumente und Einstellungen\Björn\Desktop\Virtumonde - Bekämpfung\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prosieben.de/index.php?icqpath=icq
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [H2O] C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMd70b72b6] Rundll32.exe "C:\WINDOWS\system32\paoqdrey.dll",s
O4 - HKLM\..\Run: [d438412a] rundll32.exe "C:\WINDOWS\system32\fycxcvrh.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "D:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8753] command /c del "C:\WINDOWS\system32\awtutuSl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6811] cmd /c del "C:\WINDOWS\system32\awtutuSl.dll"
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Veoh] "D:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Music\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programme\WinClamAVShield\sp_clamsrv.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8925 bytes




Malwarebytes Anti-Malware

Code:

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 964
Windows 5.1.2600 Service Pack 2

19:05:00 18.07.2008
mbam-log-7-18-2008 (19-05-00).txt

Scan Art: Komplett Scan (C:\|D:\|E:\|K:\|)
Objekte gescannt: 163003
Scan Dauer: 1 hour(s), 2 minute(s), 5 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 21
Infizierte Datei Objekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 71

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\WINDOWS\system32\fycxcvrh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\awtutuSl.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{9a50b2af-3b2b-47dd-aecd-5d80a886f504} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a50b2af-3b2b-47dd-aecd-5d80a886f504} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtutusl (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\syncrosoft emu (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e3f6657a-57aa-46ef-b08c-74e60be0d363} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fc95eaf-4eab-473a-9c16-24162a7c56b5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d438412a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb147 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd4649 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga5759 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc1129 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9a50b2af-3b2b-47dd-aecd-5d80a886f504} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb7831 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd2834 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga8753 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc6811 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3078 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc8770 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb5140 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd785 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga2763 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc6631 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmd70b72b6 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayywmmc  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\dacslxem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mexlscad.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\datelbkv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkbletad.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\elqgpsvq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qvspgqle.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fycxcvrh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hrvcxcyf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lgclfhfa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afhflcgl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mkxojegf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fgejoxkm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\naqvclqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qqlcvqan.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmspdjeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bejdpsmn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qkkcfdna.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\andfckkq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjlgbldy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ydlbgljx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyWmMC.dll_old (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\CMmWyyay.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\CMmWyyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yhybnvcx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xcvnbyhy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yppcdaem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meadcppy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yscivibd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbivicsy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtutuSl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\paoqdrey.dll_old (Trojan.Vundo) -> Delete on reboot.
C:\Dokumente und Einstellungen\Björn\Eigene Dateien\Daten\Neuer Ordner\MMHIPHOP2\addon\Firebird\setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Björn\Eigene Dateien\Daten\Neuer Ordner\MMHIPHOP2\addon\ods\setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GJ5PUVPX\CAHMQXGE (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GPUNWTYV\kb671231[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZWRDN1X6\CAUDMBM3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZWRDN1X6\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programme\Syncrosoft\POS\H2O\Uninst.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP311\A0068563.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP311\A0068566.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP311\A0068582.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP311\A0068603.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP311\A0068619.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP311\A0068621.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP311\A0068685.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP311\A0068687.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP312\A0068774.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP312\A0068776.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP314\A0069914.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7788FD14-876F-47C9-A850-9BDEAB400FCE}\RP314\A0069928.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eqqixsmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jyopct.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\okbgmh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vfewcfsw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Mai 2007\4 Internet\IE7\Update\Update_IE7_x86.exe (Rogue.Installer) -> Quarantined and deleted successfully.
D:\Mai 2007\5 Programme\Ahead.Nero.Premium.Edition.v7.8.5.0\nero_keygen.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\Music\MAGIX\Common\Database\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Music\MAGIX\Foto_Manager_2007\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Music\MAGIX\MusicMakerHipHopEdition2\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Music\MAGIX\Music_Manager_2007\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Music\Steinberg\Cubase SX 3\open_cubasesx3_application_data_folder.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Programme\Music\MAGIX\Goya_burnR\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Programme\Music\MAGIX\Goya_burnR_mxcdr\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Programme\Music\MAGIX\Online_Druck_Service\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Programme\Musik\MAGIX\MusicStudio12deluxe\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Programme\Musik\MAGIX\Music_Manager_2006\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Programme\Musik\MAGIX\SamplitudeMusicStudio2008\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\Programme\Musik\MAGIX\Samplitude_SE_No9\addoninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
K:\Programme\Musik\MAGiX.Music.Studio.Deluxe.v12.DVD.ISO-TBE\MS12DLXE\addon\Firebird\setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BMd70b72b6.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMd70b72b6.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Ich hoffe das ist richtig so und es hilft euch und mir weiter.

MfG Znake

trojan-death 19.07.2008 10:55

Ok

Hast du Hijackthis vor Malwarebytes laufen lassen oder???
Bitte poste ein frisches:daumenhoc

Nun holst du dir The Avenger (Link ist in meiner Signatur)
-Doppelklick auf The Avenger
-im weissen Feld gibst du folgenden Text ein:
Zitat:

files to delete:
C:\WINDOWS\system32\paoqdrey.dll
C:\WINDOWS\system32\fycxcvrh.dll
C:\WINDOWS\system32\awtutuSl.dll
C:\WINDOWS\system32\awtutuSl.dll
-nun drückst du auf "Execute"
-du wirst gefragt ob du das Script ausführen möchtest--->Ja
-dann fragt er blablabla "do you want to reboot now?" --->Ja
-Zum Schluss postest du den Inhalt der C:\Avenger text datei:daumenhoc

Nun fixt du bitte folgenden Einträge mit Hijackthis:
Zitat:

O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (file missing)
Hol dir Blacklight und lass es laufen:daumenhoc
Dasselbe mit RunScanner:daumenhoc
Bitte alle Logs immer mitposten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131