|
Plagegeister aller Art und deren Bekämpfung: trojan downloader : win32/renos.MQ mich hat es auch erwischtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.08.2010, 12:39 | #1 |
| trojan downloader : win32/renos.MQ mich hat es auch erwischt kurz und knapp gesagt habe ich ein File runterladen wollen, jetzt schlägt mein Defender ständig Alarm, System Wiederherstellung ist irgendwie nicht einschaltbar,wahrscheinlich wegen dem Downloader , habe nun mehrere Treads gelesen und mit dem Malwarebytes angefangen er ist noch dabei zu scannen hat aber schon 1 infizierte Datei gefunden werde das wenn beendet hier mal posten und hoffe das ihr mich hier auch wie all die anderen wieder auf ein sauberes System bringt bis gleich toto21 so das ist es Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4422 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 12.08.2010 13:42:13 mbam-log-2010-08-12 (13-41-53).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 126859 Laufzeit: 16 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Users\xxxx\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Temp\TMP000000B4FDA5849D672E5B3F (Trojan.Downloader) -> No action taken. C:\Users\harold\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken. bin mal die Anleitung für Malwarebytes durchgegangen, hier mal der abschliessende Bericht: Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 126859 Laufzeit: 16 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Users\harold\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Temp\TMP000000B4FDA5849D672E5B3F (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\harold\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. bin ich frei von dem Plagegeist? |
14.08.2010, 18:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | trojan downloader : win32/renos.MQ mich hat es auch erwischt Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
14.08.2010, 21:46 | #3 |
| trojan downloader : win32/renos.MQ mich hat es auch erwischt eine Sache vorweg,Updates von Windows können nicht mehr geladen werden
__________________und mein Touchpad funktioniert auch nicht mehr,habe schon auf der Herstellerhomepage Treiber geladen,hab es aber nicht zum laufen bekommen gruss toto21 |
14.08.2010, 21:49 | #4 |
| trojan downloader : win32/renos.MQ mich hat es auch erwischt bitte sehr : OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.08.2010 22:42:30 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\harold\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 244,00 Mb Available Physical Memory | 24,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73,96 Gb Total Space | 29,61 Gb Free Space | 40,03% Space Free | Partition Type: NTFS Drive D: | 35,99 Gb Total Space | 32,36 Gb Free Space | 89,91% Space Free | Partition Type: NTFS Drive E: | 36,10 Gb Total Space | 36,01 Gb Free Space | 99,75% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOTOLAPTOP Current User Name: Toto Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.14 22:41:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\harold\Downloads\OTL.exe PRC - [2010.06.26 08:23:11 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010.06.26 08:23:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.05.31 15:32:08 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2010.05.20 15:48:34 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.05.19 21:13:58 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2010.05.19 18:28:09 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (SafeList) ========== MOD - [2010.08.14 22:41:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\harold\Downloads\OTL.exe MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.05.19 21:13:58 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.23 12:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.05.11 11:28:31 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.04.26 02:54:30 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.12.28 01:02:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 01:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8&rlz=1T4ADRA_deDE380 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.26 08:23:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.26 08:23:11 | 000,000,000 | ---D | M] [2010.05.31 22:43:51 | 000,000,000 | ---D | M] -- C:\Users\harold\AppData\Roaming\mozilla\Extensions [2010.05.20 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\harold\AppData\Roaming\mozilla\Firefox\Profiles\jvptnpdp.default\extensions [2010.05.31 22:43:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1275317144878 (MUCatalogWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.14 14:26:08 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll [2010.08.13 16:22:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.08.12 13:20:19 | 000,000,000 | ---D | C] -- C:\Users\harold\AppData\Roaming\Malwarebytes [2010.08.12 13:20:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.12 13:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.12 13:19:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.12 12:52:35 | 000,000,000 | ---D | C] -- C:\Users\harold\AppData\Roaming\Avira [2010.08.03 23:24:49 | 000,000,000 | ---D | C] -- C:\Users\harold\AppData\Roaming\Philipp Winterberg [2010.08.03 20:46:51 | 000,000,000 | ---D | C] -- C:\Users\harold\AppData\Roaming\GoPal Assistant [2010.08.03 20:42:45 | 000,000,000 | ---D | C] -- C:\Medion ========== Files - Modified Within 30 Days ========== [2010.08.14 22:45:33 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C18E6898-14C6-4725-A787-933C03B75168}.job [2010.08.14 22:42:46 | 001,572,864 | -HS- | M] () -- C:\Users\harold\NTUSER.DAT [2010.08.14 22:29:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.14 22:29:34 | 000,004,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.14 22:29:34 | 000,004,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.14 14:40:28 | 000,016,102 | ---- | M] () -- C:\Windows\System32\results.xml [2010.08.14 14:38:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.14 14:38:41 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys [2010.08.14 14:37:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.13 20:57:24 | 004,037,967 | -H-- | M] () -- C:\Users\harold\AppData\Local\IconCache.db [2010.08.13 19:30:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.08.13 19:30:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.08.13 16:32:30 | 000,024,576 | ---- | M] () -- C:\Users\harold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.13 16:13:47 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.13 16:13:47 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.13 16:13:47 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.13 16:13:47 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.13 16:13:46 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.05 16:36:10 | 151,111,469 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.05 11:30:21 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.08.04 00:27:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdRapi2_01_00_00.Wdf [2010.08.03 16:47:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdRapi_01_00_00.Wdf ========== Files Created - No Company Name ========== [2010.08.13 19:30:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.08.13 19:30:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.08.05 11:30:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.08.03 17:51:37 | 000,077,167 | ---- | C] () -- C:\Users\harold\_setup.xml [2010.05.31 15:59:34 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.10 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll < End of report > die 2te OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.08.2010 22:42:30 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\harold\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 244,00 Mb Available Physical Memory | 24,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73,96 Gb Total Space | 29,61 Gb Free Space | 40,03% Space Free | Partition Type: NTFS Drive D: | 35,99 Gb Total Space | 32,36 Gb Free Space | 89,91% Space Free | Partition Type: NTFS Drive E: | 36,10 Gb Total Space | 36,01 Gb Free Space | 99,75% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOTOLAPTOP Current User Name: Toto Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F594F50-6E08-47CA-BD0E-DB347EC63F5F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1F77694B-A825-4BE7-A893-F1AD9FC6A1CA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3EE9A36F-1044-4B6E-A8E7-2D49D8BFAD8B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{45B4797D-DB76-4FAE-9E57-AD9BEB36EBB8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{47C5900D-A7DF-4E8C-BF5B-025BFD8AFFF3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6860BFC0-11F7-4EAE-9050-10B95E33A2A6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{78EE4C4B-6A10-4B5E-A677-00D6DDC26F6F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A5CE0A66-99E1-444D-AB80-DCDD1E25FA28}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A81D945C-5CB0-492A-B1BB-1E6CE18AF88C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ABBE8847-2CEC-4A69-9F2E-71F4118B24FD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AD3FAAA5-5981-432F-9508-39485762C10C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C423016E-D5C3-483B-AFD4-D6ECEC2C6D27}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DF7BA16E-F49B-4674-8BFA-A88914DA20C5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E7B0036A-0E0C-4035-A1ED-4AB32A56FF5B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EDDD8E61-D7E6-4257-826C-66709AE9009D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "10F1E938A65BF557A3E257B39BA84856390E8932" = Windows Driver Package - Ralink Technology, Inc. (rt61x86) Net (12/11/2006 2.00.03.0000) "7-Zip" = 7-Zip 9.15 beta "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AvaCam_is1" = AvaCam v3.1.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Free RAR Extract Frog" = Free RAR Extract Frog "HDMI" = Intel(R) Graphics Media Accelerator Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Medion GoPal Assistant" = Medion GoPal Assistant 4.03.006 "Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4) "RocketDock_is1" = RocketDock 1.3.5 "TVWiz" = Intel(R) TV Wizard "VLC media player" = VLC media player 1.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.08.2010 08:27:33 | Computer Name = TotoLaptop | Source = VSS | ID = 40 Description = Error - 14.08.2010 08:27:33 | Computer Name = TotoLaptop | Source = VSS | ID = 12292 Description = Error - 14.08.2010 08:27:33 | Computer Name = TotoLaptop | Source = System Restore | ID = 8193 Description = Error - 14.08.2010 08:36:46 | Computer Name = TotoLaptop | Source = VSS | ID = 40 Description = Error - 14.08.2010 08:36:46 | Computer Name = TotoLaptop | Source = VSS | ID = 12292 Description = Error - 14.08.2010 08:36:46 | Computer Name = TotoLaptop | Source = VSS | ID = 40 Description = Error - 14.08.2010 08:36:46 | Computer Name = TotoLaptop | Source = VSS | ID = 12292 Description = Error - 14.08.2010 08:36:46 | Computer Name = TotoLaptop | Source = VSS | ID = 40 Description = Error - 14.08.2010 08:36:46 | Computer Name = TotoLaptop | Source = VSS | ID = 12292 Description = Error - 14.08.2010 08:36:46 | Computer Name = TotoLaptop | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 30.07.2010 09:09:39 | Computer Name = TotoLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 30.07.2010 09:09:39 | Computer Name = TotoLaptop | Source = Service Control Manager | ID = 7001 Description = Error - 30.07.2010 09:18:18 | Computer Name = TotoLaptop | Source = Service Control Manager | ID = 7001 Description = Error - 30.07.2010 09:23:14 | Computer Name = TotoLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Error - 30.07.2010 09:23:14 | Computer Name = TotoLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 30.07.2010 11:34:40 | Computer Name = TotoLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 30.07.2010 11:34:40 | Computer Name = TotoLaptop | Source = Service Control Manager | ID = 7001 Description = Error - 30.07.2010 11:35:31 | Computer Name = TotoLaptop | Source = Service Control Manager | ID = 7001 Description = Error - 30.07.2010 11:35:31 | Computer Name = TotoLaptop | Source = Service Control Manager | ID = 7001 Description = Error - 30.07.2010 11:35:32 | Computer Name = TotoLaptop | Source = Service Control Manager | ID = 7001 Description = < End of report > |
15.08.2010, 00:01 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | trojan downloader : win32/renos.MQ mich hat es auch erwischt Ich wollte zuerst den Vollscan mit Malwarebytes sehen
__________________ Logfiles bitte immer in CODE-Tags posten |
15.08.2010, 13:08 | #6 |
| trojan downloader : win32/renos.MQ mich hat es auch erwischt mach ich sofort! danke erstmal das du dich um mich bemühst |
15.08.2010, 16:52 | #7 |
| trojan downloader : win32/renos.MQ mich hat es auch erwischt so,bitte schön Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4422 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 15.08.2010 17:50:16 mbam-log-2010-08-15 (17-50-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 266654 Laufzeit: 3 Stunde(n), 43 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
15.08.2010, 19:20 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | trojan downloader : win32/renos.MQ mich hat es auch erwischt Ok. Ist rel. unauffällig, aber einen Durchgang mit CF würde ich vorschlagen: Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
15.08.2010, 21:01 | #9 |
| trojan downloader : win32/renos.MQ mich hat es auch erwischt Combofix Logfile: Code:
ATTFilter ComboFix 10-08-14.06 - Toto 15.08.2010 21:33:17.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.1014.232 [GMT 2:00] ausgeführt von:: c:\users\harold\Desktop\cofix.exe.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2010-07-15 bis 2010-08-15 )))))))))))))))))))))))))))))) . 2010-08-15 19:43 . 2010-08-15 19:43 -------- d-----w- c:\users\harold\AppData\Local\temp 2010-08-15 19:31 . 2010-08-15 19:31 -------- d-----w- C:\32788R22FWJFW 2010-08-15 18:49 . 2007-12-06 16:12 196400 ----a-w- c:\windows\system32\drivers\SynTP.sys 2010-08-15 18:49 . 2007-12-06 16:12 110592 ----a-w- c:\windows\system32\SynTPCo4.dll 2010-08-15 18:49 . 2007-12-06 15:20 147456 ----a-w- c:\windows\system32\SynTPAPI.dll 2010-08-15 18:49 . 2007-12-06 15:09 196608 ----a-w- c:\windows\system32\SynCtrl.dll 2010-08-15 18:49 . 2007-12-06 15:08 163840 ----a-w- c:\windows\system32\SynCOM.dll 2010-08-14 21:11 . 2010-08-14 21:11 -------- d-----w- c:\users\harold\AppData\Local\WindowsUpdate 2010-08-12 11:20 . 2010-08-12 11:20 -------- d-----w- c:\users\harold\AppData\Roaming\Malwarebytes 2010-08-12 11:20 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-12 11:19 . 2010-08-12 11:19 -------- d-----w- c:\programdata\Malwarebytes 2010-08-12 11:19 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-12 10:52 . 2010-08-12 10:52 -------- d-----w- c:\users\harold\AppData\Roaming\Avira 2010-08-03 21:24 . 2010-08-03 21:24 -------- d-----w- c:\users\harold\AppData\Roaming\Philipp Winterberg 2010-08-03 18:46 . 2010-08-03 18:49 -------- d-----w- c:\users\harold\AppData\Roaming\GoPal Assistant 2010-08-03 18:42 . 2010-08-03 18:42 -------- d-----w- C:\Medion . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-15 19:03 . 2010-05-14 21:36 641344 ----a-w- c:\windows\system32\perfh007.dat 2010-08-15 19:03 . 2010-05-14 21:36 116706 ----a-w- c:\windows\system32\perfc007.dat 2010-08-15 18:57 . 2010-05-14 11:48 12 ----a-w- c:\windows\bthservsdp.dat 2010-08-13 17:30 . 2010-08-13 17:30 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf 2010-08-13 17:30 . 2010-08-13 17:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-08-11 13:11 . 2010-08-03 19:18 5632 ----a-w- c:\users\harold\AppData\Roaming\GoPal Assistant\Library\6404957E-4BC6-4951-87DD-ACDCA83C5FF2\AutoRunCE.exe 2010-08-11 13:11 . 2010-08-03 19:18 83456 ----a-w- c:\users\harold\AppData\Roaming\GoPal Assistant\Library\6404957E-4BC6-4951-87DD-ACDCA83C5FF2\1\module.exe 2010-08-10 21:44 . 2010-08-03 19:18 5632 ----a-w- c:\users\harold\AppData\Roaming\GoPal Assistant\Library\43CABA8F-98D6-4D09-87C1-AC441FF65CCA\AutoRunCE.exe 2010-08-10 21:44 . 2010-08-03 19:18 83456 ----a-w- c:\users\harold\AppData\Roaming\GoPal Assistant\Library\43CABA8F-98D6-4D09-87C1-AC441FF65CCA\1\module.exe 2010-08-10 21:41 . 2010-08-03 19:18 83456 ----a-w- c:\users\harold\AppData\Roaming\GoPal Assistant\Library\FACE7DB6-A4E6-44B8-8F1C-D79FE9A4B527\1\module.exe 2010-08-10 21:40 . 2010-08-03 19:17 5632 ----a-w- c:\users\harold\AppData\Roaming\GoPal Assistant\Library\862A04A9-9099-40B6-A0CE-E1B8D947532C\AutoRunCE.exe 2010-08-06 20:43 . 2010-05-19 19:11 -------- d-----w- c:\users\harold\AppData\Roaming\vlc 2010-06-17 16:41 . 2010-06-17 16:41 50354 ----a-w- c:\users\harold\AppData\Roaming\Facebook\uninstall.exe 2010-06-17 16:41 . 2010-06-17 16:41 -------- d-----w- c:\users\harold\AppData\Roaming\Facebook 2010-06-17 03:20 . 2010-06-17 03:20 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\harold\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll 2010-05-31 13:51 . 2010-05-14 12:05 680 ----a-w- c:\users\harold\AppData\Local\d3d9caps.dat 2010-05-31 13:37 . 2010-05-31 13:37 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2AAC.tmp.exe 2010-05-31 13:37 . 2010-05-31 13:37 1230960 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll 2010-05-31 13:19 . 2010-05-31 13:19 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-05-31 13:19 . 2010-05-31 13:19 44768 ----a-w- c:\windows\system32\wups2.dll 2010-05-31 13:19 . 2010-05-31 13:19 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-05-31 13:19 . 2010-05-31 13:19 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-05-31 13:18 . 2010-05-31 13:18 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-05-31 13:18 . 2010-05-31 13:18 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-05-31 13:18 . 2010-05-31 13:18 35552 ----a-w- c:\windows\system32\wups.dll 2010-05-31 13:17 . 2010-05-31 13:17 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-05-31 13:17 . 2010-05-31 13:17 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-05-21 12:14 . 2010-05-31 13:46 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-20 14:04 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-05-20 14:03 . 2010-05-20 14:03 549888 ----a-w- c:\windows\system32\rpcss.dll 2010-05-20 14:03 . 2010-05-20 14:03 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2010-05-20 14:03 . 2010-05-20 14:03 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2010-05-20 14:03 . 2010-05-20 14:03 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll 2010-05-20 14:03 . 2010-05-20 14:03 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2010-05-20 14:03 . 2010-05-20 14:03 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2010-05-20 14:03 . 2010-05-20 14:03 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe 2010-05-20 14:03 . 2010-05-20 14:03 53248 ----a-w- c:\windows\system32\iasads.dll 2010-05-20 14:03 . 2010-05-20 14:03 37888 ----a-w- c:\windows\system32\iasdatastore.dll 2010-05-20 14:03 . 2010-05-20 14:03 97280 ----a-w- c:\windows\system32\iasrecst.dll 2010-05-20 14:03 . 2010-05-20 14:03 158720 ----a-w- c:\windows\system32\sdohlp.dll 2010-05-20 14:00 . 2010-05-20 14:00 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-05-20 14:00 . 2010-05-20 14:00 179712 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-05-20 14:00 . 2010-05-20 14:00 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS 2010-05-20 14:00 . 2010-05-20 14:00 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-05-20 14:00 . 2010-05-20 14:00 22016 ----a-w- c:\windows\system32\netiougc.exe 2010-05-20 14:00 . 2010-05-20 14:00 167424 ----a-w- c:\windows\system32\tcpipcfg.dll 2010-05-20 13:58 . 2010-05-20 13:58 40960 ----a-w- c:\windows\AppPatch\apihex86.dll 2010-05-20 13:58 . 2010-05-20 13:58 25600 ----a-w- c:\windows\system32\amxread.dll 2010-05-20 13:58 . 2010-05-20 13:58 14848 ----a-w- c:\windows\system32\apilogen.dll 2010-05-20 13:57 . 2010-05-20 13:57 33280 ----a-w- c:\windows\system32\slwmi.dll 2010-05-20 13:57 . 2010-05-20 13:57 268288 ----a-w- c:\windows\system32\mcbuilder.exe 2010-05-20 13:57 . 2010-05-20 13:57 223232 ----a-w- c:\windows\system32\SLC.dll 2010-05-20 13:57 . 2010-05-20 13:57 57856 ----a-w- c:\windows\system32\SLUINotify.dll 2010-05-20 13:57 . 2010-05-20 13:57 566784 ----a-w- c:\windows\system32\SLCommDlg.dll 2010-05-20 13:57 . 2010-05-20 13:57 351232 ----a-w- c:\windows\system32\SLUI.exe 2010-05-20 13:57 . 2010-05-20 13:57 186368 ----a-w- c:\windows\system32\SLLUA.exe 2010-05-20 13:57 . 2010-05-20 13:57 39936 ----a-w- c:\windows\system32\slcinst.dll 2010-05-20 13:57 . 2010-05-20 13:57 2605568 ----a-w- c:\windows\system32\SLsvc.exe 2010-05-20 13:56 . 2010-05-20 13:56 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2010-05-20 13:56 . 2010-05-20 13:56 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll 2010-05-20 13:56 . 2010-05-20 13:56 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2010-05-20 13:55 . 2010-05-20 13:55 97792 ----a-w- c:\windows\system32\cabview.dll 2010-05-20 13:54 . 2010-05-20 13:54 61440 ----a-w- c:\windows\system32\ntprint.exe 2010-05-20 13:54 . 2010-05-20 13:54 220160 ----a-w- c:\windows\system32\ntprint.dll 2010-05-20 13:54 . 2010-05-20 13:54 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll 2010-05-20 13:54 . 2010-05-20 13:54 1984512 ----a-w- c:\windows\system32\authui.dll 2010-05-20 13:54 . 2010-05-20 13:54 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2010-05-20 13:54 . 2010-05-20 13:54 69632 ----a-w- c:\windows\system32\sendmail.dll 2010-05-20 13:54 . 2010-05-20 13:54 8138240 ----a-w- c:\windows\system32\ssBranded.scr 2010-05-20 13:54 . 2010-05-20 13:54 441856 ----a-w- c:\windows\system32\win32spl.dll 2010-05-20 13:54 . 2010-05-20 13:54 37376 ----a-w- c:\windows\system32\printcom.dll 2010-05-20 13:53 . 2010-05-20 13:53 2031104 ----a-w- c:\windows\system32\win32k.sys 2010-05-20 13:51 . 2010-05-20 13:51 14848 ----a-w- c:\windows\system32\wshrm.dll 2010-05-20 13:51 . 2010-05-20 13:51 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2010-05-20 13:50 . 2010-05-20 13:50 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2010-05-20 13:49 . 2010-05-20 13:49 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-05-20 13:49 . 2010-05-20 13:49 312320 ----a-w- c:\windows\system32\msdrm.dll 2010-05-20 13:49 . 2010-05-20 13:49 154112 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-05-20 13:49 . 2010-05-20 13:49 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-05-20 13:49 . 2010-05-20 13:49 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-05-20 13:49 . 2010-05-20 13:49 515584 ----a-w- c:\windows\system32\RMActivate.exe 2010-05-20 13:49 . 2010-05-20 13:49 472576 ----a-w- c:\windows\system32\secproc.dll 2010-05-20 13:49 . 2010-05-20 13:49 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-05-20 13:49 . 2010-05-20 13:49 473088 ----a-w- c:\windows\system32\secproc_isv.dll 2010-05-20 13:48 . 2010-05-20 13:48 11776 ----a-w- c:\windows\system32\sbunattend.exe 2010-05-20 13:47 . 2010-05-20 13:47 83968 ----a-w- c:\windows\system32\dnsrslvr.dll 2010-05-20 13:47 . 2010-05-20 13:47 24576 ----a-w- c:\windows\system32\dnscacheugc.exe 2010-05-20 13:47 . 2010-05-20 13:47 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2010-05-20 13:41 . 2010-05-14 12:06 49168 ----a-w- c:\users\harold\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-19 19:46 . 2010-05-19 19:46 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-19 19:46 . 2010-05-19 19:46 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-19 19:46 . 2010-05-19 19:46 24064 ----a-w- c:\windows\system32\lpk.dll 2010-05-19 19:46 . 2010-05-19 19:46 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-05-19 19:46 . 2010-05-19 19:46 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-05-19 19:46 . 2010-05-19 19:46 10240 ----a-w- c:\windows\system32\dciman32.dll 2010-05-19 19:45 . 2010-05-19 19:45 61440 ----a-w- c:\windows\system32\winipsec.dll 2010-05-19 19:45 . 2010-05-19 19:45 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2010-05-19 19:45 . 2010-05-19 19:45 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll 2010-05-19 19:45 . 2010-05-19 19:45 272896 ----a-w- c:\windows\system32\polstore.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-05-20 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-31 39408] "RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-05-19 1006264] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] " Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-27 4352] R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-12-27 265088] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhalt des "geplante Tasks" Ordners 2010-08-15 c:\windows\Tasks\User_Feed_Synchronization-{C18E6898-14C6-4725-A787-933C03B75168}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8&rlz=1T4ADRA_deDE380 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\users\harold\AppData\Roaming\Mozilla\Firefox\Profiles\jvptnpdp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/ FF - plugin: c:\users\harold\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-15 21:43 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Zeit der Fertigstellung: 2010-08-15 21:50:10 ComboFix-quarantined-files.txt 2010-08-15 19:50 Vor Suchlauf: 11 Verzeichnis(se), 33.000.472.576 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 33.035.411.456 Bytes frei - - End Of File - - A692915FB5618628964930586F0E9089 |
15.08.2010, 21:32 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | trojan downloader : win32/renos.MQ mich hat es auch erwischt Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
16.08.2010, 08:59 | #13 |
| trojan downloader : win32/renos.MQ mich hat es auch erwischt OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 09:54:48 on 16.08.2010 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\Users\harold\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} "MUCatalogWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\MicrosoftUpdateCatalogWebControl.dll / hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1275317144878 {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RocketDock" - ? - "D:\Program Files\RocketDock\RocketDock.exe" (File found, but it contains no detailed information) "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
16.08.2010, 09:07 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | trojan downloader : win32/renos.MQ mich hat es auch erwischt Ist ok. Was ist mit dem Bootkit Remover?
__________________ Logfiles bitte immer in CODE-Tags posten |
16.08.2010, 09:11 | #15 |
| trojan downloader : win32/renos.MQ mich hat es auch erwischt [IMG=hxxp://img514.imageshack.us/img514/9610/bootkit1.jpg][/IMG] Uploaded with ImageShack.us [IMG=hxxp://img514.imageshack.us/img514/9610/bootkit1.th.jpg][/IMG] Uploaded with ImageShack.us <a target='_blank' title='ImageShack - Image And Video Hosting' href='hxxp://img514.imageshack.us/i/bootkit1.jpg/'><img src='hxxp://img514.imageshack.us/img514/9610/bootkit1.jpg' border='0'/></a> Uploaded with <a target='_blank' href='hxxp://imageshack.us'>ImageShack.us</a> Geändert von toto21 (16.08.2010 um 09:17 Uhr) |
Themen zu trojan downloader : win32/renos.MQ mich hat es auch erwischt |
alarm, andere, anderen, beendet, datei, defender, downloader, erwischt, file, hoffe, infizierte, infizierte datei, knapp, local\temp, malwarebytes, posten, runterladen, sauberes, scan, scanne, scannen, schlägt, trojan, wahrscheinlich, wiederherstellung, win |