| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner vundo.gen.4.5/4.3Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.12.2008, 21:06
| #6 |
 |  Trojaner vundo.gen.4.5/4.3 Ja mach ich noch aber leider hat das mit Malware schon über 2h gedauert deshalb erst jetzt wieder meine Meldung... und für Combofix hab ich leider erst morgen Abend Zeit deshalb sry für die langsame Antworten. Also das kam bei Malware raus (log) Infizierte Dateien: 12 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\system32\geBsqPGa.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\wvUllLCu.dll (Trojan.Vundo.H) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{126b04a8-5966-44ec-9a20-2998ae785f04} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{126b04a8-5966-44ec-9a20-2998ae785f04} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvulllcu (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3cf2824-15b6-4337-8944-53451c680dcf} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d3cf2824-15b6-4337-8944-53451c680dcf} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsqpga -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsqpga -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\jrdstp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUllLCu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\geBsqPGa.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\aGPqsBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aGPqsBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\paxxrrdx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xdrrxxap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\p***** a*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IDG3Y5M5\kb600179[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{206176F4-29BD-41D6-BDB5-06615E74A01E}\RP113\A0033919.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{206176F4-29BD-41D6-BDB5-06615E74A01E}\RP113\A0033920.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{206176F4-29BD-41D6-BDB5-06615E74A01E}\RP113\A0033921.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. |
| Themen zu Trojaner vundo.gen.4.5/4.3 |
| 1.exe, adobe, antivir, ask toolbar, avira, browser, dsl, einstellungen, explorer, generic, generic host, hijackthis, hängt, internet, internet explorer, jusched.exe, launch, mehrere, mozilla, nvidia, plug-in, programme, rundll, security, software, spyware, starten, system, trojaner, windows, windows xp, windows xp sp3, xp sp3 |
Baum-Darstellung