Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4344 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 24.07.2010 19:04:50 mbam-log-2010-07-24 (19-04-50).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 119435 Laufzeit: 15 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 2 Infizierte Dateien: 55 Infizierte Speicherprozesse: C:\Dokumente und Einstellungen\King of Bongo\Anwendungsdaten\SystemProc\lsass.exe (Trojan.Tracur) -> Unloaded process successfully. Infizierte Speichermodule: C:\WINDOWS\system32\dbgeng32.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\D.tmp (Trojan.Tracur) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d872481b-152a-535f-2cf3-5ecba81a57d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d872481b-152a-535f-2cf3-5ecba81a57d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18a2e49c-6d5e-4c02-b598-95a7ccd5d760} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{18a2e49c-6d5e-4c02-b598-95a7ccd5d760} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\20465858969 (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18a2e49c-6d5e-4c02-b598-95a7ccd5d760} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dbgeng32.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dbgeng32.dll -> Delete on reboot. Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\King of Bongo\Anwendungsdaten\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\dbgeng32.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dgrpsetu32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\D.tmp (Trojan.Tracur) -> Delete on reboot. C:\Dokumente und Einstellungen\King of Bongo\Anwendungsdaten\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dbgeng32.VIR (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\divx_xx1632.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dmconfig32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dskquota32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dskquoui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gdiplus32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\deployJava132.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\esent32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hccoin32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hlink32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iaspolcy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\compatUI32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\FM20DEU32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\d3dim32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dinput32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpnhpast32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpserial32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\9D.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\10.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\11.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\12.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\13.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\14.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\16.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\17.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\82.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\83.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\85.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\8B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\King of Bongo\Lokale Einstellungen\Temp\95.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu2048655874v4 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu2048655874v4.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu2048655874v5 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu2048655874v5.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu2048655874v6 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu2048655874v6.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu2048655874v7 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu2048655874v7.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu2048655874v0 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu2048655874v0.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu2048655874v1 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu2048655874v1.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu2048655874v2 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu2048655874v2.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu2048655874v3 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu2048655874v3.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u2048655874v0 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u2048655874v1 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u2048655874v2 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u2048655874v3 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.