| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Renos.PBRWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.03.2010, 17:16
| #1 |
| |  Trojan.Renos.PBR Ich habe mir wohl was eingefangen. Habe mir eine Datei runtergeladen, gestartet.. schwupps weg war die .exe der datei. und nach suche fand ich das heraus Das ist das Ergebnis von Virustotal.com Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.03.27 - AhnLab-V3 5.0.0.2 2010.03.27 - AntiVir 7.10.5.241 2010.03.26 - Antiy-AVL 2.0.3.7 2010.03.26 - Authentium 5.2.0.5 2010.03.27 W32/FakeAlert.FT.gen!Eldorado Avast 4.8.1351.0 2010.03.27 - Avast5 5.0.332.0 2010.03.27 - AVG 9.0.0.787 2010.03.27 - BitDefender 7.2 2010.03.27 Trojan.Renos.PBR CAT-QuickHeal 10.00 2010.03.27 - ClamAV 0.96.0.0-git 2010.03.27 - Comodo 4404 2010.03.27 - DrWeb 5.0.1.12222 2010.03.27 - eSafe 7.0.17.0 2010.03.25 - eTrust-Vet 35.2.7391 2010.03.26 Win32/FakeAlert.D!generic F-Prot 4.5.1.85 2010.03.26 W32/FakeAlert.FT.gen!Eldorado F-Secure 9.0.15370.0 2010.03.27 Trojan-Downloader:W32/Renos.gen!C Fortinet 4.0.14.0 2010.03.27 - GData 19 2010.03.27 Trojan.Renos.PBR Ikarus T3.1.1.80.0 2010.03.27 - Jiangmin 13.0.900 2010.03.27 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.27 - McAfee 5932 2010.03.26 Downloader-CEW McAfee+Artemis 5932 2010.03.26 Downloader-CEW McAfee-GW-Edition 6.8.5 2010.03.27 - Microsoft 1.5605 2010.03.27 - NOD32 4978 2010.03.26 - Norman 6.04.10 2010.03.27 - nProtect 2009.1.8.0 2010.03.27 - Panda 10.0.2.2 2010.03.27 - PCTools 7.0.3.5 2010.03.27 - Prevx 3.0 2010.03.27 Medium Risk Malware Dropper Rising 22.40.05.04 2010.03.27 Packer.Win32.UnkPacker.a Sophos 4.52.0 2010.03.27 Mal/FakeAV-CX Sunbelt 6101 2010.03.26 - Symantec 20091.2.0.41 2010.03.27 Suspicious.Insight TheHacker 6.5.2.0.245 2010.03.26 - TrendMicro 9.120.0.1004 2010.03.27 TROJ_RENOS.SMD VBA32 None 2010.03.27 - ViRobot 2010.3.27.2248 2010.03.27 - VirusBuster 5.0.27.0 2010.03.27 - weitere Informationen File size: 99840 bytes MD5...: 1f2eaf9c23efbbf6f79e1dce023843fd SHA1..: aafd9800f3911f2c55e4ce6f05a2d4680d7bbc42 SHA256: 2c2e3bf0a4351e8e7b3460f1efc800fb442975ed6da04b887c7b81471b8c9f13 ssdeep: 1536:WoilrRcIL+oash7v7jIE8l+fRum9wSFhG1mmf538lStXBT:WoiliUDf8yv9 wSF01/h38lMT PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3cb7 timedatestamp.....: 0x4a58c14c (Sat Jul 11 16:43:56 2009) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x8860 0x8a00 5.65 27dbe94c457c808a69671089a86d29e9 .tls 0xa000 0xd38e 0xd400 7.37 f481cac3d0a1881563ad230184741d0e .init 0x18000 0x13e8 0x1400 4.45 b078cc46101ddead943767fd739e8e63 INIT 0x1a000 0x71b 0x800 0.00 c99a74c555371a433d121f551d6c6398 .bss 0x1b000 0x1c5 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rsrc 0x1c000 0x23b 0x400 3.45 22b9f3b5e7bd84a521b9192b111a649d ( 12 imports ) > OLE32.dll: CoRevokeClassObject, CoTaskMemFree, CoReleaseMarshalData, CoGetMalloc > msvcrt.dll: calloc, sqrt, rand, mbstowcs, sprintf, clock, wcsncmp, memcpy, atol, strlen, wcschr, time, srand, _acmdln > ADVAPI32.dll: RegOpenKeyExA, RegDeleteKeyA > USER32.dll: CharLowerBuffA, CreateWindowExA, GetWindow, TrackPopupMenu, GetKeyState, SetWindowTextA, GetSysColorBrush, IsWindowEnabled, GetScrollRange, SetCursor, IsChild, ClientToScreen, GetActiveWindow, GetMenuState, DrawFrameControl, EnumWindows, GetFocus, GetWindowTextA, EnumChildWindows, SetWindowLongA, EnableMenuItem, EnableWindow, GetClassInfoA, GetCursorPos, GetSubMenu, GetCursor, GetLastActivePopup, HideCaret, GetMenuStringA, EnumThreadWindows, BeginDeferWindowPos > comdlg32.dll: FindTextA, GetOpenFileNameA > NTDLL.dll: RtlDeleteCriticalSection, wcscat, atol, NtWaitForSingleObject > OLEAUT32.dll: SysReAllocStringLen, OleLoadPicture, SysStringLen, SysAllocStringLen, SafeArrayCreate > gdi32.dll: RestoreDC, SetPixel, GetDIBColorTable, GetRgnBox, CopyEnhMetaFileA, CreateDIBitmap, CreatePenIndirect, GetCurrentPositionEx, CreateFontIndirectA, SetBkColor > SHELL32.dll: SHFileOperationA, SHGetSpecialFolderLocation, SHGetDesktopFolder, Shell_NotifyIconA, SHGetFolderPathA > kernel32.dll: WideCharToMultiByte, LoadLibraryExA, LoadLibraryA, GetLocalTime, SetEvent, FormatMessageA, HeapFree, EnterCriticalSection, InitializeCriticalSection, SetThreadLocale, GetCommandLineA, ExitThread, LockResource, EnumCalendarInfoA, GetCPInfo, GetLocaleInfoA, GetStringTypeA, lstrcpynA, ExitProcess, GetLastError, GetEnvironmentStrings, lstrlenA, CreateFileA, LocalAlloc, GetFileSize, GetDiskFreeSpaceA, GetFullPathNameA, GetModuleFileNameA, GetFileType, WaitForSingleObject, GetCurrentProcessId, Sleep, SizeofResource, GetVersion, GetFileAttributesA, GetCurrentThread, LocalReAlloc, FindClose, GetCurrentThreadId, FreeLibrary, SetEndOfFile, GetProcAddress, VirtualAllocEx, GetModuleHandleA > comctl32.dll: ImageList_Write, ImageList_Read, ImageList_Remove, ImageList_Draw, ImageList_GetBkColor, ImageList_DrawEx, ImageList_Create, ImageList_Add, ImageList_Destroy, ImageList_DragShowNolock > SHLWAPI.dll: SHGetValueA, SHDeleteValueA, SHEnumValueA, SHQueryInfoKeyA, PathGetCharTypeA ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (63.0%) Win32 Executable Generic (14.2%) Win32 Dynamic Link Library (generic) (12.6%) Clipper DOS Executable (3.3%) Generic Win/DOS Executable (3.3%) <a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=2B4884B800EB336D86D801F78E5454002236D0CA' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=2B4884B800EB336D86D801F78E5454002236D0CA</a> sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Wie werd ich das Teil wieder los ?? Hier schon mal mein Hijack Log. Hijackthis hab ich vorher umbenannt. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:33:52, on 27.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Windows\System32\CTHELPER.EXE C:\Windows\System32\CTXFIHLP.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\PestPatrol\PPMemCheck.exe C:\Program Files\PestPatrol\CookiePatrol.exe C:\Program Files\PestPatrol\PPControl.exe C:\Program Files\PestPatrol\pestpatrol.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\is.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user') O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - hxxp://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15109/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - F:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 9097 bytes Geändert von ohne-mich (27.03.2010 um 17:34 Uhr) |
|
27.03.2010, 19:12
| #2 |
| | Trojan.Renos.PBR So,
__________________habe Pestpatrol neuste Version drüber gejagd: Nix gefunden Habe Adaware drüber laufen lassen, nach update versteht sich: Nix gefunden Dann noch Ghostscrip auch kein Treffer.. Bin ich jetzt sicher? Für dieses mal oder gibt es noch andere empfehlungen ? |
|
| Themen zu Trojan.Renos.PBR |
| .dll, aktualisierung, bla, blank, client, cursor, datei, destroy, dos, dynamic, ergebnis, error, focus, gupdate, hkus\s-1-5-18, kernel, link, loader, malware, ntdll.dll, pixel, process, remove, shell, shell32.dll, suche, troja, trojan.renos.pbr, version., virus, visual, visual c++, write |
Linear-Darstellung
