| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Tr/Rootkit.Gen auf meinem PcWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
16.06.2010, 09:35
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Tr/Rootkit.Gen auf meinem Pc Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1098
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - No CLSID value found.
O4 - HKLM..\Run: [rdirector] C:\WINDOWS\System32\rdirector.exe File not found
O4 - HKLM..\Run: [skb] File not found
O4 - HKCU..\Run: [{EDF708E3-752E-428F-8726-0BB490E1CB37}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hepi\ohka.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [rdirector] C:\WINDOWS\System32\rdirector.exe File not found
O33 - MountPoints2\{3bc8f258-c174-11dd-b442-000e2ec0fff9}\Shell\AutoRun\command - "" = I:\.\instTOP.EXE -- File not found
O33 - MountPoints2\{91c34cca-26f0-11df-b6f1-003005e385e3}\Shell - "" = AutoRun
O33 - MountPoints2\{91c34cca-26f0-11df-b6f1-003005e385e3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91c34cca-26f0-11df-b6f1-003005e385e3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e5da1768-4447-11dd-b3a0-000e2ec0fff9}\Shell\AutoRun\command - "" = I:\LAUDA\\znalac.exe -- File not found
O33 - MountPoints2\{e5da1768-4447-11dd-b3a0-000e2ec0fff9}\Shell\open\command - "" = I:\LAUDA\\znalac.exe -- File not found
[2010.06.13 18:32:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\bwqlqdf
[2010.06.13 18:31:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Windows Server
[2010.06.13 18:30:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\15DB4AA1AB2483A8E1B9C97FD1F1DB82
[2010.06.13 18:32:26 | 000,051,021 | ---- | M] () -- C:\WINDOWS\System32\iupjvpcxhcfomr.exe
[2010.06.13 18:32:22 | 000,723,058 | ---- | M] () -- C:\simplex.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.06.2010, 11:17
| #2 |
 | Tr/Rootkit.Gen auf meinem Pc All processes killed
__________________========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{463DF6D5-BEC1-4D67-B217-59DB692DFC53} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{463DF6D5-BEC1-4D67-B217-59DB692DFC53}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rdirector deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\skb deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{EDF708E3-752E-428F-8726-0BB490E1CB37} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDF708E3-752E-428F-8726-0BB490E1CB37}\ not found. C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hepi\ohka.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rdirector deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bc8f258-c174-11dd-b442-000e2ec0fff9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bc8f258-c174-11dd-b442-000e2ec0fff9}\ not found. File I:\.\instTOP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91c34cca-26f0-11df-b6f1-003005e385e3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91c34cca-26f0-11df-b6f1-003005e385e3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91c34cca-26f0-11df-b6f1-003005e385e3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91c34cca-26f0-11df-b6f1-003005e385e3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91c34cca-26f0-11df-b6f1-003005e385e3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91c34cca-26f0-11df-b6f1-003005e385e3}\ not found. File I:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5da1768-4447-11dd-b3a0-000e2ec0fff9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5da1768-4447-11dd-b3a0-000e2ec0fff9}\ not found. File I:\LAUDA\\znalac.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5da1768-4447-11dd-b3a0-000e2ec0fff9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5da1768-4447-11dd-b3a0-000e2ec0fff9}\ not found. File I:\LAUDA\\znalac.exe not found. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\bwqlqdf folder moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Windows Server folder moved successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\15DB4AA1AB2483A8E1B9C97FD1F1DB82 folder moved successfully. C:\WINDOWS\system32\iupjvpcxhcfomr.exe moved successfully. C:\simplex.exe moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1599225 bytes ->Flash cache emptied: 660 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 9549605 bytes ->Flash cache emptied: 1253 bytes User: *** ->Temp folder emptied: 383012084 bytes ->Temporary Internet Files folder emptied: 7694585 bytes ->Java cache emptied: 76851981 bytes ->FireFox cache emptied: 42356128 bytes ->Flash cache emptied: 3584 bytes User: *** ->Temp folder emptied: 491 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 5726204 bytes ->Flash cache emptied: 348 bytes User: *** ->Temp folder emptied: 992508 bytes ->Temporary Internet Files folder emptied: 7868815 bytes ->Java cache emptied: 624230 bytes ->FireFox cache emptied: 4471877 bytes ->Flash cache emptied: 2176 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2148906 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 26648385 bytes RecycleBin emptied: 4234750056 bytes Total Files Cleaned = 4.582,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06172010_120812 Files\Folders moved on Reboot... C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\in9.tmp moved successfully. Registry entries deleted on Reboot... |
|
| Themen zu Tr/Rootkit.Gen auf meinem Pc |
| antivir, einfach, falsche, firefox, funktioniert, heute, internet, kopieren, leute, meldungen, neustart, nichts, opera, probleme, prozesse, quarantäne, scan, seite, suchfunktion, taskmanager, tr/rootkit.gen, verdächtige, verschoben, werbung |
Hybrid-Darstellung
