- -
TR\Dropper.Gen
(
https://www.trojaner-board.de/72043-tr-dropper-gen.html)
| Hefftome | 15.04.2009 17:42 |
TR\Dropper.Gen
Hallo,
vor wenigen Tagen hat mein AntiVir den TR\Dropper.Gen gefunden. Ich habe einige Foreneinträge durchgelesen und hab nun mal die 3 geforderten Suchprogramme durchlaufen lassen.
Hier sind meine Logfiles: Malwarebytes Code:
Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1983
Windows 6.0.6001 Service Pack 1
14.04.2009 20:19:04
mbam-log-2009-04-14 (20-19-04).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 250935
Laufzeit: 1 hour(s), 46 minute(s), 44 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\t55ft2751f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\ld07.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
SUPERAntiSpyware Code:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/14/2009 at 10:15 PM
Application Version : 4.26.1000
Core Rules Database Version : 3844
Trace Rules Database Version: 1799
Scan type : Complete Scan
Total Scan Time : 01:39:09
Memory items scanned : 662
Memory threats detected : 0
Registry items scanned : 7803
Registry threats detected : 0
File items scanned : 167686
File threats detected : 50
Adware.Tracking Cookie
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@atdmt[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@msnportal.112.2o7[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@smartadserver[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@serving-sys[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ad.71i[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adserver.71i[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adsrv.admediate[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@zanox-affiliate[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@tracking.quisma[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@partygaming.122.2o7[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ssl-cdn.euroclick[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adtech[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ad.zanox[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adbrite[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@euros4click[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@at.atwola[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@komtrack[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.etracker[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.zanox-affiliate[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ads.heias[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@rotator.adjuggler[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@pornhub[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@bs.serving-sys[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.pornhub[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@clickz.lonelycheatingwives[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.pornhub[3].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@zanox[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ad.salebroker[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ad2.doublepimp[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@kupona.122.2o7[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@toplist[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.usenext[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@tto2.traffictrack[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@tacoda[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@count.xhit[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ads-dev.youporn[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@webmasterplan[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@traffictrack[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@zbox.zanox[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adfarm1.adition[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@xiti[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@youporn[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@advertising[2].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@msnaccountservices.112.2o7[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.youporncams[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ads.quartermedia[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adopt.euroclick[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@atwola[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@2o7[1].txt
C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@de.sitestat[1].txt
HijackThis Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:14, on 15.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\LOGI_MWX.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
D:\Programme\JAVA\bin\jusched.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Programme\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\
samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\JAVA\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\JAVA\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\JAVA\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programme\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programme\PPLive\PPLive.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/pluginsetup.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c995f295ad9ffb) (gupdate1c995f295ad9ffb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
--
End of file - 8176 bytes
Vielen Danke für eure Hilfe! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:31 Uhr. | |
Copyright ©2000-2025, Trojaner-Board
Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.
