Virusbefall. IE, Firefox und Thunderbird funktionieren nicht mehr ordnungsgemäß.

Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.3.0 2008.10.02 - AntiVir 7.8.1.34 2008.10.02 - Authentium 5.1.0.4 2008.10.02 - Avast 4.8.1248.0 2008.10.02 - AVG 8.0.0.161 2008.10.02 - BitDefender 7.2 2008.10.03 - CAT-QuickHeal 9.50 2008.10.01 - ClamAV 0.93.1 2008.10.02 - DrWeb 4.44.0.09170 2008.10.02 - eSafe 7.0.17.0 2008.10.02 Suspicious File eTrust-Vet 31.6.6125 2008.10.02 Win32/VundoCryptorT!generic Ewido 4.0 2008.10.02 - F-Prot 4.4.4.56 2008.10.02 - F-Secure 8.0.14332.0 2008.10.02 - Fortinet 3.113.0.0 2008.10.02 - GData 19 2008.10.02 - Ikarus T3.1.1.34.0 2008.10.02 - K7AntiVirus 7.10.481 2008.10.02 - Kaspersky 7.0.0.125 2008.10.02 - McAfee 5397 2008.10.02 - Microsoft 1.4005 2008.10.03 Trojan:Win32/Vundo.gen!R NOD32 3490 2008.10.02 - Norman 5.80.02 2008.10.02 - Panda 9.0.0.4 2008.10.03 - PCTools 4.4.2.0 2008.10.02 - Prevx1 V2 2008.10.03 Cloaked Malware Rising 20.63.62.00 2008.09.28 Packer.Win32.Agent.v SecureWeb-Gateway 6.7.6 2008.10.02 Win32.Malware.gen (suspicious) Sophos 4.34.0 2008.10.02 Troj/Virtum-Gen Sunbelt 3.1.1675.1 2008.09.27 - Symantec 10 2008.10.02 - TheHacker 6.3.1.0.099 2008.10.03 - TrendMicro 8.700.0.1004 2008.10.02 Possible_Vundo-5 VBA32 3.12.8.6 2008.10.02 - ViRobot 2008.10.2.1403 2008.10.02 - VirusBuster 4.5.11.0 2008.10.02 Trojan.Monder.Gen!Pac weitere Informationen File size: 110592 bytes MD5...: 3725b3655e94fbcc144ad770de0dd587 SHA1..: ad969facd2e3db97daff1f39c65dbdbcdebe1bbb SHA256: 3c14021086002ae93e8fe9d05440b03612285dbe0121c6eecf19f13cb36e48de SHA512: abde98411d1a9eb9af7c16db28f5572e847748855f5964263d070404646fdcfe 7c4c4224a930f0d8566789c37dfb6bcb0aa7cec70005f61802d9405df0fa5938 PEiD..: - TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.2%) Clipper DOS Executable (9.1%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10001000 timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x16000 0x16000 8.00 d7deca0f5bf31c2d5ce29ddda1f2d0d2 .data 0x17000 0x1000 0x400 4.75 66c59ab03ab7e5421e05893deb5c7628 .rdata 0x18000 0x27000 0x4800 7.77 0028dd296a2af28c54a4b48de6713213 ( 3 imports ) > USER32.dll: OemToCharBuffA, MessageBoxA, MessageBeep, LoadCursorFromFileA, LoadCursorA, EndPaint, EndDialog, EmptyClipboard, DrawTextA, DestroyCursor, CreateIconFromResourceEx, CreateDesktopA, CopyRect, CharToOemBuffA, CharNextA, ActivateKeyboardLayout > KERNEL32.dll: lstrcmpiA, ReadFile, MapViewOfFile, InitializeCriticalSection, GetVersionExA, GetSystemTimeAsFileTime, GetStartupInfoA, GetModuleHandleA, ExitProcess, EnumResourceTypesA, EnumResourceLanguagesA, CloseHandle > ADVAPI32.dll: RegQueryValueA, RegOpenKeyExA, RegCloseKey ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=78AF089600DD6659B02C01F03C6841001AA26152
         

Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.3.2 2008.10.03 - AntiVir 7.8.1.34 2008.10.04 - Authentium 5.1.0.4 2008.10.04 - Avast 4.8.1248.0 2008.10.04 - AVG 8.0.0.161 2008.10.04 - BitDefender 7.2 2008.10.05 - CAT-QuickHeal 9.50 2008.10.04 - ClamAV 0.93.1 2008.10.04 - DrWeb 4.44.0.09170 2008.10.05 - eSafe 7.0.17.0 2008.10.02 - eTrust-Vet 31.6.6129 2008.10.04 - Ewido 4.0 2008.10.05 - F-Prot 4.4.4.56 2008.10.04 - F-Secure 8.0.14332.0 2008.10.05 - Fortinet 3.113.0.0 2008.10.04 - GData 19 2008.10.05 - Ikarus T3.1.1.34.0 2008.10.05 - K7AntiVirus 7.10.484 2008.10.04 - Kaspersky 7.0.0.125 2008.10.05 - McAfee 5398 2008.10.04 - Microsoft 1.4005 2008.10.05 - NOD32 3495 2008.10.04 - Norman 5.80.02 2008.10.03 - Panda 9.0.0.4 2008.10.04 - PCTools 4.4.2.0 2008.10.04 - Prevx1 V2 2008.10.05 - Rising 20.63.62.00 2008.09.28 - SecureWeb-Gateway 6.7.6 2008.10.05 - Sophos 4.34.0 2008.10.05 - Sunbelt 3.1.1675.1 2008.09.27 - Symantec 10 2008.10.05 - TheHacker 6.3.1.0.101 2008.10.04 - TrendMicro 8.700.0.1004 2008.10.03 - VBA32 3.12.8.6 2008.10.04 - ViRobot 2008.10.4.1406 2008.10.04 - VirusBuster 4.5.11.0 2008.10.04 - weitere Informationen File size: 1671 bytes MD5...: 7bc3098752473c4828ce3b1c22815f91 SHA1..: 7fdfc2773e9526c5caa73a553a8eca9831f93fb2 SHA256: 67018d8f4667869ff9fdefc41876cbf262b756627c71ff0a40fe9ca625a43469 SHA512: 4720bdbf6436896a97249179d5097277785c9594d8b2e603ce3745fdadff3cad dff458eb00bb97a05078adac2d296988d752bcae812290256d549e2f33792e69 PEiD..: - TrID..: File type identification Unknown! PEInfo: -
         

Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.3.2 2008.10.03 - AntiVir 7.8.1.34 2008.10.04 - Authentium 5.1.0.4 2008.10.04 - Avast 4.8.1248.0 2008.10.04 - AVG 8.0.0.161 2008.10.04 - BitDefender 7.2 2008.10.05 - CAT-QuickHeal 9.50 2008.10.04 - ClamAV 0.93.1 2008.10.04 - DrWeb 4.44.0.09170 2008.10.05 - eSafe 7.0.17.0 2008.10.02 - eTrust-Vet 31.6.6129 2008.10.04 - Ewido 4.0 2008.10.05 - F-Prot 4.4.4.56 2008.10.04 - F-Secure 8.0.14332.0 2008.10.05 - Fortinet 3.113.0.0 2008.10.04 - GData 19 2008.10.05 - Ikarus T3.1.1.34.0 2008.10.05 - K7AntiVirus 7.10.484 2008.10.04 - Kaspersky 7.0.0.125 2008.10.05 - McAfee 5398 2008.10.04 - Microsoft 1.4005 2008.10.05 - NOD32 3495 2008.10.04 - Norman 5.80.02 2008.10.03 - Panda 9.0.0.4 2008.10.04 - PCTools 4.4.2.0 2008.10.04 - Prevx1 V2 2008.10.05 - Rising 20.63.62.00 2008.09.28 - SecureWeb-Gateway 6.7.6 2008.10.05 - Sophos 4.34.0 2008.10.05 - Sunbelt 3.1.1675.1 2008.09.27 - Symantec 10 2008.10.05 - TheHacker 6.3.1.0.101 2008.10.04 - TrendMicro 8.700.0.1004 2008.10.03 - VBA32 3.12.8.6 2008.10.04 - ViRobot 2008.10.4.1406 2008.10.04 - VirusBuster 4.5.11.0 2008.10.04 - weitere Informationen File size: 1482 bytes MD5...: 77d305813d7bf4f90278330bbc58a173 SHA1..: 24d32b6b22fcfb3e7f4b503ca6e68e42a1f277dd SHA256: 1f4ddff894ff57f7b3c0980a056f1bffbbe92a549a83467172d031a1edcd7c5f SHA512: b7fe475f7f11e67637a006e8978c6e3cb188a7e1564e027bc0c916000d05dda0 bdc804418564e229110cc275bf1bb3e844e5240876b2dfe514dcf61d19e12d96 PEiD..: - TrID..: File type identification Unknown! PEInfo: -
         

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
         

10/05/08 11:39:59 [Info]: BlackLight Engine 2.2.1092 initialized 10/05/08 11:39:59 [Info]: OS: 5.1 build 2600 (Service Pack 3) 10/05/08 11:39:59 [Note]: 7019 4 10/05/08 11:39:59 [Note]: 7005 0 10/05/08 11:40:05 [Note]: 7006 0 10/05/08 11:40:05 [Note]: 7011 1464 10/05/08 11:40:05 [Note]: 7035 0 10/05/08 11:40:05 [Note]: 7026 0 10/05/08 11:40:05 [Note]: 7026 0 10/05/08 11:40:07 [Note]: FSRAW library version 1.7.1024 10/05/08 11:40:15 [Note]: 2000 1012 10/05/08 11:40:15 [Note]: 2000 1012 10/05/08 11:40:38 [Note]: 7007 0
         

Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1229 Windows 5.1.2600 Service Pack 3 05.10.2008 11:22:45 mbam-log-2008-10-05 (11-22-45).txt Scan-Methode: Vollständiger Scan (C:\|F:\|) Durchsuchte Objekte: 114659 Laufzeit: 40 minute(s), 27 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 9 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\ddcAsqpn.dll.q_804E003_q (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\fccyyyAR.dll.q_804DA03_q (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnnNEVP.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM0fbe0649.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM0fbe0649.txt (Trojan.Vundo) -> Quarantined and deleted successfully.