Trojaner-Board - JS/Redirector.455

Okay....Hab den Log gefunden....

Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3474
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

02.01.2010 04:54:38
mbam-log-2010-01-02 (04-54-38).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 127807
Laufzeit: 12 minute(s), 29 second(s)

Infizierte Speicherprozesse: 5
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 11
Infizierte Dateiobjekte der Registrierung: 12
Infizierte Verzeichnisse: 1
Infizierte Dateien: 39

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\teste1_p.exe (Trojan.Clicker) -> Failed to unload process.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\q1.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\WINDOWS\Temp\teste4_p.exe (Trojan.Clicker) -> Failed to unload process.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\5_odbn.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amoumain (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\odbny (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsass (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netx (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netw (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servicelayer (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon86.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon86.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\winlogon86.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Infizierte Dateien:
C:\WINDOWS\amoumain.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\teste1_p.exe (Trojan.Clicker) -> Delete on reboot.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\q1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teste4_p.exe (Trojan.Clicker) -> Delete on reboot.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\5_odbn.exe (Trojan.Clicker) -> Delete on reboot.
C:\WINDOWS\odbn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\lsass.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\svx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\svw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\svc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\25F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\26E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\avto.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\avto1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\avto2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\teste2_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AVR10.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgaw400.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\260.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\5_odbn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teste2_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teste3_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Startmenü\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\0_11adwara.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\4_pinnew.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\6_ldry3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\servicelayer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\teste3_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\teste4_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.