Probleme mit Tr. Dropper Gen und werbepopups

john.doe · 17.03.2009, 21:56

Navilog. Bei MbAM muss du noch mit Klick auf "Ausgewählte Entfernen" löschen.

ciao, andreas

fördecat · 17.03.2009, 22:02

Zitat:

Zitat von john.doe

Navilog. Bei MbAM muss du noch mit Klick auf "Ausgewählte Entfernen" löschen.

ciao, andreas

ok thx! dann mach ich jetzt mit navilog weiter, hatte falsches log vom mwb gepostet, sry! ist nun korrigiert und die gefundenen objekte entfernt.

fördecat · 17.03.2009, 22:10

Logfile vom navilog:

Code:

ATTFilter

Search Navipromo version 3.7.6 began on 17.03.2009 at 22:05:56,12

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programme\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2300+ )
BIOS : Default System BIOS
USER : Danny ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition Classic  6.38.1.97
 (Activated)


C:\ (Local Disk) - NTFS - Total:37 Go (Free:23 Go)
D:\ (Local Disk) - FAT32 - Total:18 Go (Free:4 Go)
E:\ (Local Disk) - NTFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
I:\ (CD or DVD)
K:\ (CD or DVD)


Search done in normal mode


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programme" ***


*** Search folders in "C:\Dokumente und Einstellungen\All Users.WINDOWS\startm~1\progra~1" ***

...\InternetGameBox found !

*** Search folders in "C:\Dokumente und Einstellungen\All Users.WINDOWS\startm~1" ***


*** Search folders in "c:\dokume~1\alluse~1.win\anwend~1" ***


*** Search folders in "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\anwend~1" *** 


*** Search folders in "C:\DOKUME~1\ADMINI~1\anwend~1" *** 


*** Search folders in "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\lokale~1\anwend~1" *** 


*** Search folders in "C:\DOKUME~1\ADMINI~1\lokale~1\anwend~1" *** 


*** Search folders in "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\startm~1\progra~1" *** 


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\lokale~1\anwend~1" * 

* Scan in "C:\DOKUME~1\ADMINI~1\lokale~1\anwend~1" * 



*** Search files *** 



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qccqmgc"="\"c:\\dokumente und einstellungen\\danny.danny-46475eb1c\\lokale einstellungen\\anwendungsdaten\\qccqmgc.exe\" qccqmgc"


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\lokale~1\anwend~1" : 

qccqmgc.exe found !
qccqmgc.dat found !
qccqmgc_nav.dat found !
qccqmgc_navps.dat found !

* In "C:\DOKUME~1\ADMINI~1\lokale~1\anwend~1" : 


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 17.03.2009 at 22:09:07,09 ***

john.doe · 17.03.2009, 22:11

Gleich nochmal laufenlassen, diesmal mit Option 2 und Log posten.

ciao, andreas

fördecat · 17.03.2009, 22:26

so, mit option 2 durchgeführt, es erfolgte autom. neustart und suche, log:

Code:

ATTFilter

Navipromo Removal version 3.7.6 started on 17.03.2009 at 22:14:16,29

Fix running from C:\Programme\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2300+ )
BIOS : Default System BIOS
USER : Danny ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition Classic  6.38.1.97
 (Activated)


C:\ (Local Disk) - NTFS - Total:37 Go (Free:23 Go)
D:\ (Local Disk) - FAT32 - Total:18 Go (Free:4 Go)
E:\ (Local Disk) - NTFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
I:\ (CD or DVD)
K:\ (CD or DVD)


Automatic removal 
with Catchme and GNS results


Cleanning stage done on Reboot

 
*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)
 

*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\WINDOWS\System32" *


* Deletion in "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\lokale~1\anwend~1" * 


* Deletion in "C:\DOKUME~1\ADMINI~1\lokale~1\anwend~1" * 


*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Programme" ***


*** Deleting folders in "C:\Dokumente und Einstellungen\All Users.WINDOWS\startm~1\progra~1" ***

...\InternetGamebox ...deleting... 
...\InternetGamebox deleted ! 


*** Deleting folders in "C:\Dokumente und Einstellungen\All Users.WINDOWS\startm~1" ***


*** Deleting folders in "c:\dokume~1\alluse~1.win\anwend~1" ***


*** Deleting folders in "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\anwend~1" *** 


*** Deleting folders in "C:\DOKUME~1\ADMINI~1\anwend~1" *** 


*** Deleting folders in "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\lokale~1\anwend~1" *** 


*** Deleting folders in "C:\DOKUME~1\ADMINI~1\lokale~1\anwend~1" *** 


*** Deleting folders in "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\startm~1\progra~1" *** 



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\lokale~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


C:\WINDOWS\prefetch\qccqmgc*.pf found ! 
Copy C:\WINDOWS\prefetch\qccqmgc*.pf done !
C:\WINDOWS\prefetch\qccqmgc*.pf deleted !


* In "C:\Dokumente und Einstellungen\Danny.DANNY-46475EB1C\lokale~1\anwend~1" * 


qccqmgc.exe found ! 
Copy qccqmgc.exe done !
qccqmgc.exe deleted !

qccqmgc.dat found ! 
Copy qccqmgc.dat done !
qccqmgc.dat deleted !

qccqmgc_nav.dat found ! 
Copy qccqmgc_nav.dat done !
qccqmgc_nav.dat deleted !

qccqmgc_navps.dat found ! 
Copy qccqmgc_navps.dat done !
qccqmgc_navps.dat deleted !


* In "C:\DOKUME~1\ADMINI~1\lokale~1\anwend~1" * 



*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate not found !
Montorgueil Certificate not found !
OOO-Favorit Certificate not found !
Sunny-Day-Design-Ltd Certificate not found !

*** Search others known folders and files ***



*** Cleaning stage complete on 17.03.2009 at 22:22:51,60 ***

john.doe · 17.03.2009, 22:28

Kommt noch Werbung?

ciao, andreas

fördecat · 17.03.2009, 22:33

werbung kommt bis jetzt keine ...

frage, was mach mit dem tr.dropper gen? oder hing der auch damit zusammen?

Probleme mit Tr. Dropper Gen und werbepopups

Plagegeister aller Art und deren Bekämpfung: Probleme mit Tr. Dropper Gen und werbepopups