Malwarebytes' Anti-Malware 1.23 Datenbank Version: 987 Windows 5.1.2600 Service Pack 2 22:33:08 24.07.2008 mbam-log-7-24-2008 (22-33-08).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 39541 Laufzeit: 3 minute(s), 41 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 12 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 16 Infizierte Verzeichnisse: 2 Infizierte Dateien: 16 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\nfavxwdbktx.dll (Trojan.FakeAlert) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\TypeLib\{3fb5ab4b-4eca-49fa-b111-1cd1f5bf22bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f4ec69c2-044d-4f97-ba24-342be6cb1ea1} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{538e1d28-25ac-4dc3-a7c2-5ab450ec9c03} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{16c3be19-c4a4-4532-b534-37811ca9e283} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{16194b45-3709-466e-ab71-20c2052f9f01} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5fdeb672-359a-436c-9f64-ffd3823b8d69} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{33281995-9c94-414b-8511-9d2dcf6d5866} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33281995-9c94-414b-8511-9d2dcf6d5866} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fdkowvbp.bgfp (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{538e1d28-25ac-4dc3-a7c2-5ab450ec9c03} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-8365391-23846) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\WINDOWS\egxv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\nfavxwdbktx.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Programme\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.