Malwarebytes' Anti-Malware 1.31 Datenbank Version: 1497 Windows 5.1.2600 Service Pack 2 14.12.2008 03:41:34 mbam-log-2008-12-14 (03-41-34).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 66896 Laufzeit: 1 hour(s), 22 minute(s), 17 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 6 Infizierte Registrierungsschlüssel: 10 Infizierte Registrierungswerte: 7 Infizierte Dateiobjekte der Registrierung: 5 Infizierte Verzeichnisse: 1 Infizierte Dateien: 19 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\system32\ledirufo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\reyeyato.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\bofowaru.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\humimeku.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\tapidudi.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\reramiwu.dll (Trojan.Vundo) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{711b571a-7547-4918-aa58-c48ac791c4f1} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgghgfd (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{711b571a-7547-4918-aa58-c48ac791c4f1} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d48a092-b544-42f3-aced-752a1f2a1a04} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d48a092-b544-42f3-aced-752a1f2a1a04} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d48a092-b544-42f3-aced-752a1f2a1a04} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{711b571a-7547-4918-aa58-c48ac791c4f1} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\80146d07 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lededuweyi (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm83275e9b (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{711b571a-7547-4918-aa58-c48ac791c4f1} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54480516034027385174104015939977 (Rogue.A360Antivirus) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\reyeyato.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\reyeyato.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\reyeyato.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tapidudi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tapidudi.dll -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\Peter Buchegger\Startmenü\Antivirus 360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\hgghgfd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ledirufo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ofuridel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\radasufu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ufusadar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bofowaru.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\tapidudi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\humimeku.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\reyeyato.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\reramiwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fobejije.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vuzefiyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Peter Buchegger\Startmenü\Antivirus 360\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Peter Buchegger\Startmenü\Antivirus 360\Help.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Peter Buchegger\Startmenü\Antivirus 360\Registration.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Peter Buchegger\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully. C:\WinAVR-20070525-install.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Peter Buchegger\Desktop\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.