Ist mein System vertrauenswürdig?

Tweldenza · 12.01.2009, 00:37

Als abrundung noch mein Malewarebytes-Logfile...
Dies ist der erste scan mit den vielen infizierten Dateien...
Der 2te und 3te Durchgang verlief bereits Fundlos.

Malwarebytes' Anti-Malware 1.32
Datenbank Version: 1638
Windows 5.1.2600 Service Pack 2

11.01.2009 12:47:19
mbam-log-2009-01-11 (12-47-19).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 301624
Laufzeit: 2 hour(s), 33 minute(s), 32 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 13

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\habodotu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\peyuweli.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\daripebu.dll (Trojan.Vundo.H) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f15fd05-29c0-4730-8ddf-f8f8b57f48ee} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9f15fd05-29c0-4730-8ddf-f8f8b57f48ee} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9f15fd05-29c0-4730-8ddf-f8f8b57f48ee} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yilozavawi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e0f983f3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme3cab06f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\habodotu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\habodotu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\habodotu.dll -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\peyuweli.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\daripebu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\habodotu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{A784E029-4D24-43C9-8E14-7CC4F338936C}\RP595\A0207172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A784E029-4D24-43C9-8E14-7CC4F338936C}\RP595\A0207173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A784E029-4D24-43C9-8E14-7CC4F338936C}\RP595\A0207174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A784E029-4D24-43C9-8E14-7CC4F338936C}\RP597\A0208191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A784E029-4D24-43C9-8E14-7CC4F338936C}\RP597\A0208192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A784E029-4D24-43C9-8E14-7CC4F338936C}\RP597\A0208193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hijagolu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\losamine.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wawupobe.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programme\ICQToolbar\tbu38\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.

Ich danke euch allen im voraus!
Greetz Twel

Ist mein System vertrauenswürdig?

Log-Analyse und Auswertung: Ist mein System vertrauenswürdig?

Ist mein System vertrauenswürdig?

Ähnliche Themen: Ist mein System vertrauenswürdig?