Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0

ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0


Plagegeister aller Art und deren Bekämpfung: ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 16.07.2010, 18:04   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0 - Standard

ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0


1.) Der Link ist nicht richtig, bitte korrigieren

2.) Bitte Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

3.) Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.

Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.07.2010, 18:07   #17
Thomas1000
 
ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0 - Standard

ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0


besser?

hxxp://www.file-upload.net/download-2676740/backup.zip.html
__________________
Alt 16.07.2010, 18:22   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0 - Standard

ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0


Ja, besser! Mach bitte die anderen Schritte jetzt weiter.
__________________
__________________
Alt 16.07.2010, 18:45   #19
Thomas1000
 
ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0 - Standard

ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0


Hallo,

anbei die gewünschten logs von GMER und osam
? kelns.sys Das System kann die angegebene Datei nicht finden. !
.rsrc C:\WINDOWS\system32\DRIVERS\redbook.sys entry point in ".rsrc" section [0xF63B8E94]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xB1F0A480, 0x306DD, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 7C91DEB6 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!KiUserExceptionDispatcher 7C91EAEC 5 Bytes JMP 0079000C
.text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!GetCursorPos 77D1C566 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\svchost.exe[1136] ole32.dll!CoCreateInstance 774F6009 5 Bytes JMP 00A3000A
.text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtProtectVirtualMemory 7C91DEB6 5 Bytes JMP 00A0000A
.text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 00A6000A
.text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!KiUserExceptionDispatcher 7C91EAEC 5 Bytes JMP 009F000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 857B5EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\redbook.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:41:49 on 16.07.2010

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.6

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
"Google Software Updater.job" "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
Control Panel Objects
%SystemRoot%\system32
"infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
"javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
"Adobe Gamma" C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl File not found
"SYMLIVE" C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL File not found
"ToSysCnf" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
"acedrv11" (acedrv11) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acedrv11.sys File exists
"Card Reader Filter" (CardReaderFilter) "ICSI Technology Ltd." C:\WINDOWS\system32\Drivers\USBCRFT.SYS File exists
"catchme" (catchme) C:\DOKUME~1\Kegler\LOKALE~1\Temp\catchme.sys File not found
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
"Daemon" (Daemon) "VeNoM386" C:\WINDOWS\System32\drivers\daemon.sys File exists
"EraserUtilRebootDrv" (EraserUtilRebootDrv) "Symantec Corporation" C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File exists
"Filtertreiber für digitale CD-Audiowiedergabe" (redbook) C:\WINDOWS\System32\DRIVERS\redbook.sys File exists
"GMSIPCI" (GMSIPCI) D:\INSTALL\GMSIPCI.SYS File not found
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"kwndifob" (kwndifob) C:\DOKUME~1\Kegler\LOKALE~1\Temp\kwndifob.sys Hidden registry entry, rootkit activity | File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"MIINPazX NDIS Protocol Driver" (MIINPazX) "T-Online International AG, Marmiko IT-Solutions GmbH" C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS File exists
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS File exists
"NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter" (rtl8139) C:\WINDOWS\System32\DRIVERS\RTL8139.SYS File not found
"NTACCESS" (NTACCESS) D:\NTACCESS.sys File not found
"PCANDIS5" (PCANDIS5) "Printing Communications Assoc., Inc. (PCAUSA)" C:\PROGRA~1\T-Online\DSL-MA~1\PCANDIS5.SYS File exists
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
"PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
"Secdrv" (Secdrv) C:\WINDOWS\System32\DRIVERS\secdrv.sys File signed by Microsoft | File found, but it contains no detailed information
"SetupNTGLM7X" (SetupNTGLM7X) D:\NTGLM7X.sys File not found
"Symantec Eraser Control driver" (eeCtrl) "Symantec Corporation" C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys File exists
"USB Device Lower Filter" (FiltUSBEMPIA) "eMPIA Technology, Inc." C:\WINDOWS\System32\DRIVERS\emFilter.sys File exists
"USB Still Image Capture Device" (ScanUSBEMPIA) "eMPIA Technology, Inc." C:\WINDOWS\System32\DRIVERS\emScan.sys File exists
"VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber" (FETNDIS) C:\WINDOWS\System32\DRIVERS\fetnd5.sys File not found
"vkquwexg" (vkquwexg) C:\WINDOWS\System32\drivers\Combo-Fix.sys File not found
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
"WinTV USB2 Audio Device" (emAudio) "Empia Technology, Inc." C:\WINDOWS\System32\drivers\emAudio.sys File exists
"WinTV USB2 Video" (DCamUSBEMPIA) "eMPIA Technology, Inc." C:\WINDOWS\System32\DRIVERS\emDevice.sys File exists
Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "IE7 Uninstall Stub" "Microsoft Corporation" C:\WINDOWS\system32\ieudinit.exe File exists
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
HKLM\Software\Classes\Protocols\Filter
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll File exists
{828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
{828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Programme\7-Zip\7-zip.dll File exists
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Adobe.Acrobat.ContextMenu" File not found | COM-object registry key not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" File not found | COM-object registry key not found
{3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internetverknüpfung" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" "Microsoft Corporation" C:\WINDOWS\system32\ieframe.dll File exists
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\msohevi.dll File exists
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL File exists
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" "Microsoft Corporation" C:\WINDOWS\system32\wpdshext.dll File exists
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" "Microsoft Corporation" C:\WINDOWS\system32\wpdshext.dll File exists
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" File not found | COM-object registry key not found
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.6 Context Menu Shell Extension" File not found | COM-object registry key not found
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.6 Context Menu Shell Extension" File not found | COM-object registry key not found
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.6 DragDrop Shell Extension" File not found | COM-object registry key not found
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.6 Property Sheet Shell Extension" File not found | COM-object registry key not found
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Programme\WinRAR\rarext.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" "Microsoft Corporation" C:\WINDOWS\system32\WPDShServiceObj.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
"Softonic Deutsch FF Toolbar" "Conduit Ltd." C:\Programme\Softonic_Deutsch_FF\tbSof1.dll File exists
"Yahoo! Toolbar" File not found | COM-object registry key not found
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" "Conduit Ltd." C:\Programme\Softonic_Deutsch_FF\tbSof1.dll File exists
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}"
hxxp://www.apple.com/qtactivex/qtplugin.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File exists
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} "ClsidExtension" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
"Exec" "Microsoft Corporation" C:\WINDOWS\Network Diagnostic\xpnetdiag.exe File exists
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" File not found | COM-object registry key not found
"TabPlayer" C:\Programme\TabPlayer\tp.exe File not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" File not found | COM-object registry key not found
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" "Conduit Ltd." C:\Programme\Softonic_Deutsch_FF\tbSof1.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" "Conduit Ltd." C:\Programme\Softonic_Deutsch_FF\tbSof1.dll File exists
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\ssv.dll File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
"desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
%UserProfile%\Startmenü\Programme\Autostart
"Adobe Gamma.lnk" C:\Dokumente und Einstellungen\Kegler\Startmenü\Programme\Autostart\Adobe Gamma.lnk Shortcut exists | File not found
"desktop.ini" C:\Dokumente und Einstellungen\Kegler\Startmenü\Programme\Autostart\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"PPWebCap" "Scansoft Inc." C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"AudioDeck" "VIA Technologies, Inc." C:\Programme\VIAudioi\SBADeck\ADeck.exe 1 File exists
"Dit" "ICSI Technology Ltd." Dit.exe File exists
"PDFPrint" "Geek Software GmbH" E:\pdf24\pdf24.exe File exists
"SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Java\jre6\bin\jusched.exe" File exists
"ToADiMon.exe" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
"Canon BJ Language Monitor iP2200" "CANON INC." C:\WINDOWS\system32\CNMLM74.DLL File exists
"Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\WINDOWS\system32\msonpmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
"Adobe LM Service" (Adobe LM Service) "Adobe Systems" C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe File exists
"Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found
"ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
"Automatische Konfiguration (verkabelt)" (Dot3svc) "Microsoft Corporation" C:\WINDOWS\System32\dot3svc.dll File exists
"Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) "Symantec Corporation" C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe File exists
"ClipInc 001" (ClipInc001) N:\Tobit ClipInc\Server\ClipInc-Server.exe 001 File not found
"Extensible Authentication-Protokolldienst" (EapHost) "Microsoft Corporation" C:\WINDOWS\System32\eapsvc.dll File exists
"Firebird Guardian - DefaultInstance" (FirebirdGuardianDefaultInstance) C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe -s File not found
"Firebird Server - DefaultInstance" (FirebirdServerDefaultInstance) C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe -s File not found
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe File not found
"Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
"InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe File exists
"Integritätsschlüssel- und Zertifikatverwaltungsdienst" (hkmsvc) "Microsoft Corporation" C:\WINDOWS\System32\kmsvc.dll File exists
"Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
"LiveUpdate" (LiveUpdate) "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" File not found
"Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
"NAP-Agent (Network Access Protection)" (napagent) "Microsoft Corporation" C:\WINDOWS\System32\qagentrt.dll File exists
"Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
"T-Online DSL-Manager" (TODslService) "T-Systems International GmbH" C:\Programme\T-Online\DSL-Manager\TODslSvc.exe File exists
"TomTomHOMEService" (TomTomHOMEService) L:\TomTom\TomTom HOME 2\TomTomHOMEService.exe File not found
"Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
"Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) "Microsoft Corporation" C:\Programme\Windows Media Player\WMPNetwk.exe File exists
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
Winlogon
HKCU\Control Panel\Desktop
"SCRNSAVE.EXE" C:\WINDOWS\system32\KOI-3D~1.SCR File not found
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" "Microsoft Corporation" C:\WINDOWS\system32\dot3gpclnt.dll File exists
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"dimsntfy" "Microsoft Corporation" C:\WINDOWS\System32\dimsntfy.dll File exists
"WgaLogon" "Microsoft Corporation" C:\WINDOWS\system32\WgaLogon.dll File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
"SpeedPackLSP" C:\WINDOWS\system32\spacklsp.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


ich mache nun mit dem rest weiter

liebe grüße

thomas

Alt 16.07.2010, 18:56   #20
Thomas1000
 
ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0 - Standard

ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0


Hallo cosinus,

hier nun der log von remover.exe

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 5ddc20efcc4d1dab37c348c7db7289cf
\\.\E: -> \\.\PhysicalDrive0
\\.\G: -> \\.\PhysicalDrive1
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\H: -> \\.\PhysicalDrive1
\\.\I: -> \\.\PhysicalDrive1

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown boot code
74 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit...

grüße

thomas


Antwort
Seite 2 von 2 1 2

Themen zu ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0
browser, computer, dateien, einloggen, einstellungen, explorer, fehler, file, firefox, google, log, log file, malwarebytes, maus, microsoft, online banking, problem, programme, scan, security, seiten, software, tan, temp


« Unbekannten Trojaner eingefangen | Trojaner gefunden [XP]: TR/Agent GX 536 und TR/Swisyn.aiev »


Ähnliche Themen: ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0


  1. Microsoft-Patchday vereitelt Angriffe über USB-Geräte und Edge-Browser
    Nachrichten - 12.08.2015 (0)
  2. iexplore.exe virus und ständige browser Abstürze
    Plagegeister aller Art und deren Bekämpfung - 09.08.2015 (7)
  3. Windows 8.1 ständige Werbung im I-Net unabhängig vom Browser
    Log-Analyse und Auswertung - 05.08.2015 (9)
  4. Browser - ständige Werbetabs werden geöffnet
    Log-Analyse und Auswertung - 19.01.2015 (5)
  5. Bug im Android-Browser soll Angriffe über JavaScript ermöglichen
    Smartphone, Tablet & Handy Security - 19.09.2014 (1)
  6. Ständige Weiterleitung auf ominöse Werbeseiten bei Firefox mit Windows 7
    Plagegeister aller Art und deren Bekämpfung - 23.05.2014 (18)
  7. BKA Trojaner und ständige Popups auf Firefox
    Log-Analyse und Auswertung - 29.04.2014 (5)
  8. Langsamer Browser und ständige Werbung
    Log-Analyse und Auswertung - 04.01.2014 (23)
  9. Sporadische weiterleitungen bei Seitenaufrufe mit Browser, ständige Firefoxabstürze
    Log-Analyse und Auswertung - 18.06.2013 (12)
  10. ständige werbepopups bei Firefox
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (2)
  11. Ständige Werbung im IE und Firefox
    Log-Analyse und Auswertung - 22.05.2011 (5)
  12. Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.
    Log-Analyse und Auswertung - 15.04.2011 (23)
  13. iX: Features und Maßnahmen gegen Browser-Angriffe
    Nachrichten - 26.01.2011 (0)
  14. Explorer stürzt ständig ab und ständige angriffe auf meinen rechner
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (6)
  15. Ständige Werbepopups ohne das der Browser offen ist?!
    Plagegeister aller Art und deren Bekämpfung - 16.01.2009 (44)
  16. Ständige Pop UPS, auch im Mozilla Browser. -> HijackThis Logfile
    Log-Analyse und Auswertung - 28.11.2007 (2)
  17. Ständige Angriffe? InetExplorer kaputt
    Log-Analyse und Auswertung - 30.05.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0 - 1.) Der Link ist nicht richtig, bitte korrigieren 2.) Bitte Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht - ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0...
Archiv
Du betrachtest: ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131