| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe Problem mit Trojandownloader win32 renos.jmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.11.2009, 00:44
| #1 |
| |  Habe Problem mit Trojandownloader win32 renos.jm Hi leute wie gehts? Also ich habe heute von meinem Windows Defender die Nachricht erhalten, dass er diesen Trojandownloader win32 renos.jm gefunden hat. Habe dann auch versucht diesen mit Windows Defender zu löschen, aber nach ein paar Minuten kam dieselbige Meldung noch einmal. Dank der Hilfe von Google bin ich dann hier gelandet und habe mir auch schon ein Thema dazu durchgelesen, war danach aber eher verwirrt als beraten und nun versuch ich es eben mit der Eröffnung eines neuen Themas (ich hoffe ihr nehmt mir das nicht übel). Also ich habe wie vorgeschlagen CCleaner durchführen lassen, danach Malwarebytes, dieser hat 4 infizierte Objekte gefunden welche ich dann gelöscht habe. Und dann hab ich noch RSIT laufen lassen. In der nächsten Nachricht findet ihr die Log Dateien Ich hoffe ihr könnt mir helfen mein Pc wieder sauber zu bekommen.... MfG crazaG |
|
23.11.2009, 00:45
| #2 |
| | Habe Problem mit Trojandownloader win32 renos.jmCode:
ATTFilter Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 6.0.6002 Service Pack 2
23.11.2009 00:22:24
mbam-log-2009-11-23 (00-22-24).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 214118
Laufzeit: 1 hour(s), 45 minute(s), 41 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
|
|
23.11.2009, 00:49
| #3 |
| | Habe Problem mit Trojandownloader win32 renos.jmCode:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Daniel at 2009-11-23 00:27:05 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 26 GB (17%) free of 147 GB Total RAM: 3069 MB (65% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:28:14, on 23.11.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Users\Daniel\AppData\Local\Temp\k.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\Daniel\Program Files\DNA\btdna.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\ctfmon.exe C:\Users\Daniel\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Daniel.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {ad55c869-668e-457c-b270-0cfb2f61116f} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Daniel\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MailBlocker] C:\Users\Daniel\AppData\Local\Temp\k.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe -- End of file - 8118 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{D230133D-01D1-4B1B-82F8-C4ADAFF4CD79}.job C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad55c869-668e-457c-b270-0cfb2f61116f}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-16 264720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376] "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2007-02-09 397312] "NvSvc"=C:\Windows\system32\nvsvc.dll [2008-03-11 92704] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-03-11 8534560] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-03-11 88608] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400] "fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520] "NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-10-30 102400] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "BitTorrent DNA"=C:\Users\Daniel\Program Files\DNA\btdna.exe [2009-10-26 323392] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "MailBlocker"=C:\Users\Daniel\AppData\Local\Temp\k.exe [2009-11-22 182272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe [2009-11-16 654128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2009-07-03 219664] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\PPMate\ppmate.exe"="C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate" "C:\Program Files\PPMate\ppmnet.exe"="C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e83140e-ca23-11dd-b186-001e688cdfa1}] shell\AutoRun\command - H:\system32/rundll.exe shell\explore\command - H:\system32/rundll.exe shell\open\command - H:\system32/rundll.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a13bf19-ca28-11dd-a594-001e688cdfa1}] shell\AutoRun\command - G:\launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be815804-88a8-11de-b2ef-001e688cdfa1}] shell\AutoRun\command - I:\Menu.exe ======List of files/folders created in the last 1 months====== 2009-11-23 00:16:23 ----D---- C:\rsit 2009-11-22 16:52:55 ----D---- C:\Program Files\DVDFab 6 2009-11-17 17:51:48 ----A---- C:\Windows\system32\E_DCINST.DLL 2009-11-17 17:51:47 ----A---- C:\Windows\system32\E_FLBBZE.DLL 2009-11-17 17:51:47 ----A---- C:\Windows\system32\E_FD4BBZE.DLL 2009-11-17 17:51:34 ----D---- C:\ProgramData\EPSON 2009-11-16 16:33:17 ----D---- C:\Program Files\Room Arranger 2009-11-16 12:12:40 ----D---- C:\Program Files\BitTorrent 2009-11-16 11:55:33 ----D---- C:\Users\Daniel\AppData\Roaming\BitTorrent 2009-11-14 15:45:20 ----D---- C:\Program Files\Adobe 2009-11-12 08:49:52 ----A---- C:\Windows\system32\WSDApi.dll 2009-11-09 16:31:41 ----D---- C:\Program Files\Bethesda Softworks 2009-11-09 15:51:53 ----A---- C:\Windows\system32\javaws.exe 2009-11-09 15:51:53 ----A---- C:\Windows\system32\javaw.exe 2009-11-09 15:51:53 ----A---- C:\Windows\system32\java.exe 2009-11-08 18:57:38 ----D---- C:\Program Files\Common Files\DivX Shared 2009-11-05 23:31:02 ----D---- C:\Users\Daniel\AppData\Roaming\vlc 2009-11-05 23:30:24 ----D---- C:\Program Files\VideoLAN 2009-11-04 20:52:47 ----A---- C:\Windows\system32\mshtml.dll 2009-10-31 13:46:57 ----D---- C:\Program Files\Avi2Dvd 2009-10-30 18:59:31 ----A---- C:\Windows\system32\d3dx10_40.dll 2009-10-30 18:59:31 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2009-10-30 18:59:30 ----A---- C:\Windows\system32\D3DX9_40.dll 2009-10-30 18:59:29 ----A---- C:\Windows\system32\XAudio2_3.dll 2009-10-30 18:59:29 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2009-10-30 18:59:29 ----A---- C:\Windows\system32\xactengine3_3.dll 2009-10-30 18:59:29 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2009-10-30 18:59:27 ----A---- C:\Windows\system32\XAudio2_1.dll 2009-10-30 18:59:27 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2009-10-30 18:59:27 ----A---- C:\Windows\system32\xactengine3_1.dll 2009-10-30 18:59:27 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2009-10-30 18:59:27 ----A---- C:\Windows\system32\d3dx10_38.dll 2009-10-30 18:59:27 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2009-10-30 18:59:25 ----A---- C:\Windows\system32\D3DX9_38.dll 2009-10-30 18:28:35 ----D---- C:\Root 2009-10-30 18:28:30 ----D---- C:\Program Files\Activision 2009-10-26 17:52:42 ----D---- C:\Users\Daniel\AppData\Roaming\DNA |
|
23.11.2009, 00:50
| #4 |
| | Habe Problem mit Trojandownloader win32 renos.jm und dann noch der fehlende rest der RSIT log Datei.... Code:
ATTFilter ======List of files/folders modified in the last 1 months======
2009-11-23 00:28:11 ----D---- C:\Windows\Temp
2009-11-23 00:26:57 ----A---- C:\Windows\win.ini
2009-11-23 00:25:21 ----D---- C:\ProgramData\Kaspersky Lab
2009-11-23 00:25:12 ----D---- C:\Windows\system32\Tasks
2009-11-23 00:25:10 ----D---- C:\Windows\Tasks
2009-11-23 00:24:55 ----D---- C:\Windows
2009-11-23 00:22:24 ----D---- C:\Windows\System32
2009-11-23 00:00:41 ----D---- C:\Windows\Debug
2009-11-22 20:38:22 ----SHD---- C:\System Volume Information
2009-11-22 20:24:06 ----D---- C:\Windows\inf
2009-11-22 20:24:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-22 20:14:12 ----D---- C:\Windows\system32\catroot2
2009-11-22 17:36:40 ----D---- C:\Users\Daniel\AppData\Roaming\Azureus
2009-11-22 16:54:30 ----D---- C:\Program Files
2009-11-22 16:54:29 ----D---- C:\Users\Daniel\AppData\Roaming\Vso
2009-11-22 16:54:28 ----A---- C:\Users\Daniel\AppData\Roaming\inst.exe
2009-11-22 16:53:45 ----D---- C:\Windows\system32\drivers
2009-11-22 16:53:44 ----D---- C:\Windows\system32\catroot
2009-11-22 16:47:44 ----D---- C:\Program Files\Ahead
2009-11-22 16:44:35 ----SHD---- C:\Windows\Installer
2009-11-22 16:44:34 ----D---- C:\Program Files\Project64 1.6
2009-11-22 16:26:25 ----D---- C:\Program Files\Vuze
2009-11-22 16:04:18 ----D---- C:\Windows\Prefetch
2009-11-19 14:50:14 ----RSD---- C:\Windows\assembly
2009-11-19 14:49:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-17 17:51:34 ----D---- C:\ProgramData
2009-11-14 15:46:46 ----D---- C:\ProgramData\Adobe
2009-11-14 15:45:26 ----D---- C:\Program Files\Common Files\Adobe
2009-11-12 12:57:53 ----D---- C:\ProgramData\Microsoft Help
2009-11-12 12:55:07 ----D---- C:\Windows\winsxs
2009-11-09 16:40:13 ----D---- C:\Users\Daniel\AppData\Roaming\Tobit
2009-11-09 15:51:50 ----D---- C:\Program Files\Java
2009-11-08 18:58:31 ----D---- C:\Program Files\DivX
2009-11-08 18:57:38 ----D---- C:\Program Files\Common Files
2009-11-07 17:40:44 ----D---- C:\Program Files\Mozilla Firefox
2009-11-05 18:36:21 ----A---- C:\Windows\system32\mrt.exe
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-31 13:47:26 ----D---- C:\Program Files\AviSynth 2.5
2009-10-24 17:54:19 ----RSD---- C:\Windows\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-07-03 280592]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2006-01-10 31846]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 b57nd60x;%SvcDispName%; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-03-11 8240800]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-11-22 47360]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-30 192816]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 aaozhkky;aaozhkky; C:\Windows\system32\drivers\aaozhkky.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2006-03-01 69632]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-07-03 53248]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
S3 fsssvc;Windows Live Family Safety-Dienst; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
|
|
| Themen zu Habe Problem mit Trojandownloader win32 renos.jm |
| ccleaner, defender, downloader, erhalte, gelöscht, google, heute, infizierte, leute, log, löschen, malwarebytes, meldung, minute, nachricht, neue, neuen, problem, renos.jm, rsit, thema, trojan.fakealert, win, win32, windows |
Linear-Darstellung
