![]() |
|
Plagegeister aller Art und deren Bekämpfung: Spybot findet win32.downloader.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() ![]() | ![]() Spybot findet win32.downloader.gen Hey, auf meinem Laptop wurde der win32.downloader.gen gefunden. Eigentlich läuft der Laptop rund. Genauer gesucht habe ich, da ich ziemlich spezifische Spam-Mails bekommen habe, die grob auf meinen Kontostand eingegangen ist. Kann aber Zufall gewesen sein. Ist das wirklich ein Trojaner? Ich könnte mir auch eine Falschmeldung vorstellen. Das Datum erscheint mir komisch: Properties.filedatetext=2013-08-05 15:02:09. In dem Dreh habe ich den Laptop ja gerad mal gekauft. Für Hilfe bin ich sehr dankbar! Nil11 Code:
ATTFilter Search results from Spybot - Search & Destroy 10.09.2015 01:33:20 Scan took 00:27:15. 43 items found. Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, nothing done) C:\END Properties.size=9 Properties.md5=A103FDF7348130EF3F3FEF56B1700A27 Properties.filedate=1375707730 Properties.filedatetext=2013-08-05 15:02:09 DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\OCS\lastPID DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\OCS\PID OpenCandy: [SBI $5EE9E67B] Program directory (Directory, nothing done) C:\Users\xxx\AppData\Roaming\OpenCandy\ Directory.subfile=C:\Users\xxxx\AppData\Roaming\OpenCandy\4255F4032B414810BB4FBE4A815CD242\mconduitinstaller.exe Directory.subfile.size=81536 Directory.subfile.md5=446623160A87BCB075C3B9A3C8827CA9 Directory.subfile.filedate=1369267282 Directory.subfile.filedatetext=2013-05-23 02:01:22 Directory.subfile=C:\Users\xxx\AppData\Roaming\OpenCandy\6D7C3D4FBB8144489A38FDD293BD275A\TuneUpUtilities2013-2200218_de-DE.exe Directory.subfile.size=28181408 Directory.subfile.md5=5972084A469DAB37AC8222B2C3F5573D Directory.subfile.filedate=1360893866 Directory.subfile.filedatetext=2013-02-15 04:04:26 DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (Benutzer): xxx) (Browser: Cookie, nothing done) DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default-1431336691317)) (Browser: Cookie, nothing done) WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default-1431336691317)) (Browser: Cookie, nothing done) Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default-1431336691317)) (Browser: Cookie, nothing done) Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default-1431336691317)) (Browser: Cookie, nothing done) Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default-1431336691317)) (Browser: Cookie, nothing done) DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default-1431336691317)) (Browser: Cookie, nothing done) Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\PE_C_DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Microsoft Management Console\Recent File List MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Office\12.0\Excel\File MRU MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Office\12.0\Word\File MRU MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List Windows.OpenWith: [SBI $84B22FBE] Open with list - .ASC extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASC\OpenWithList Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\WinRAR\ArcHistory WinRAR: [SBI $A59A1C0A] Recent exe file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\WinRAR\DialogEditHistory\ArcName WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\WinRAR\General\LastFolder WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-389438653-1818939037-1716706856-1001\Software\WinRAR\DialogEditHistory\ExtrPath Cookie: [SBI $49804B54] Browser: Cookie (26) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (196) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (93) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (2996) (Browser: Cookie, nothing done) Verlauf: [SBI $49804B54] Browser: History (5373) (Browser: History, nothing done) --- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) --- 2014-06-24 blindman.exe (2.4.40.151) 2014-06-24 explorer.exe (2.4.40.181) 2014-06-24 SDBootCD.exe (2.4.40.109) 2014-06-24 SDCleaner.exe (2.4.40.110) 2014-06-24 SDDelFile.exe (2.4.40.94) 2013-06-18 SDDisableProxy.exe 2014-06-24 SDFiles.exe (2.4.40.135) 2014-06-24 SDFileScanHelper.exe (2.4.40.1) 2014-06-24 SDFSSvc.exe (2.4.40.217) 2014-06-24 SDHelp.exe (2.4.40.1) 2014-04-25 SDHookHelper.exe (2.3.39.2) 2014-04-25 SDHookInst32.exe (2.3.39.2) 2014-04-25 SDHookInst64.exe (2.3.39.2) 2014-06-24 SDImmunize.exe (2.4.40.130) 2014-06-24 SDLogReport.exe (2.4.40.107) 2014-06-24 SDOnAccess.exe (2.4.40.11) 2014-06-24 SDPESetup.exe (2.4.40.3) 2014-06-24 SDPEStart.exe (2.4.40.86) 2014-06-24 SDPhoneScan.exe (2.4.40.28) 2014-06-24 SDPRE.exe (2.4.40.22) 2014-06-24 SDPrepPos.exe (2.4.40.15) 2014-06-24 SDQuarantine.exe (2.4.40.103) 2014-06-24 SDRootAlyzer.exe (2.4.40.116) 2014-06-24 SDSBIEdit.exe (2.4.40.39) 2014-06-24 SDScan.exe (2.4.40.181) 2014-06-24 SDScript.exe (2.4.40.54) 2014-06-24 SDSettings.exe (2.4.40.139) 2014-06-24 SDShell.exe (2.4.40.2) 2014-06-24 SDShred.exe (2.4.40.108) 2014-06-24 SDSysRepair.exe (2.4.40.102) 2014-06-24 SDTools.exe (2.4.40.157) 2014-06-24 SDTray.exe (2.4.40.129) 2014-06-27 SDUpdate.exe (2.4.40.94) 2014-06-27 SDUpdSvc.exe (2.4.40.77) 2014-06-24 SDWelcome.exe (2.4.40.130) 2014-04-25 SDWSCSvc.exe (2.3.39.2) 2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0) 2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0) 2014-07-31 spybotsd2-translation-esx.exe 2013-06-19 spybotsd2-translation-frx.exe 2015-03-25 spybotsd2-translation-hrx.exe 2014-08-25 spybotsd2-translation-hux2.exe 2014-10-01 spybotsd2-translation-nlx2.exe 2014-11-05 spybotsd2-translation-ukx.exe 2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0) 2015-09-10 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2014-04-25 NotificationSpreader.dll 2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98) 2015-03-25 SDAV.dll 2014-06-24 SDECon32.dll (2.4.40.114) 2014-06-24 SDECon64.dll (2.3.39.113) 2014-06-24 SDEvents.dll (2.4.40.2) 2014-06-24 SDFileScanLibrary.dll (2.4.40.14) 2014-04-25 SDHook32.dll (2.3.39.2) 2014-04-25 SDHook64.dll (2.3.39.2) 2014-06-24 SDImmunizeLibrary.dll (2.4.40.2) 2014-06-24 SDLicense.dll (2.4.40.0) 2014-06-24 SDLists.dll (2.4.40.4) 2014-06-24 SDResources.dll (2.4.40.7) 2014-06-24 SDScanLibrary.dll (2.4.40.131) 2014-06-24 SDTasks.dll (2.4.40.15) 2014-06-24 SDWinLogon.dll (2.4.40.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2014-06-24 Tools.dll (2.4.40.36) 2015-04-22 Includes\Adware-000.sbi (*) 2015-08-05 Includes\Adware-001.sbi (*) 2015-09-09 Includes\Adware-C.sbi (*) 2014-01-13 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-11-14 Includes\Dialer-000.sbi (*) 2014-11-14 Includes\Dialer-001.sbi (*) 2015-07-29 Includes\Dialer-C.sbi (*) 2014-01-13 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2014-01-09 Includes\Fraud-000.sbi (*) 2014-01-09 Includes\Fraud-001.sbi (*) 2014-03-31 Includes\Fraud-002.sbi (*) 2014-01-09 Includes\Fraud-003.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2014-11-14 Includes\Hijackers-000.sbi (*) 2014-11-14 Includes\Hijackers-001.sbi (*) 2014-01-08 Includes\Hijackers-C.sbi (*) 2014-01-13 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-11-14 Includes\Keyloggers-000.sbi (*) 2014-09-24 Includes\Keyloggers-C.sbi (*) 2014-01-13 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2015-06-25 Includes\Malware-000.sbi (*) 2014-11-14 Includes\Malware-001.sbi (*) 2014-11-14 Includes\Malware-002.sbi (*) 2014-11-14 Includes\Malware-003.sbi (*) 2014-11-14 Includes\Malware-004.sbi (*) 2014-11-14 Includes\Malware-005.sbi (*) 2014-02-26 Includes\Malware-006.sbi (*) 2014-01-09 Includes\Malware-007.sbi (*) 2015-09-09 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2013-12-23 Includes\MalwareC.sbi (*) 2014-11-14 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2015-09-09 Includes\PUPS-C.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2014-01-07 Includes\PUPSC.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2014-01-08 Includes\Security-C.sbi (*) 2014-01-21 Includes\Security.sbi (*) 2014-01-21 Includes\SecurityC.sbi (*) 2014-11-14 Includes\Spyware-000.sbi (*) 2015-05-06 Includes\Spyware-001.sbi (*) 2015-08-12 Includes\Spyware-C.sbi (*) 2014-01-21 Includes\Spyware.sbi (*) 2014-01-21 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2014-01-15 Includes\Trojans-000.sbi (*) 2014-01-15 Includes\Trojans-001.sbi (*) 2014-11-14 Includes\Trojans-002.sbi (*) 2014-01-15 Includes\Trojans-003.sbi (*) 2014-01-15 Includes\Trojans-004.sbi (*) 2014-03-19 Includes\Trojans-005.sbi (*) 2015-03-31 Includes\Trojans-006.sbi (*) 2014-01-15 Includes\Trojans-007.sbi (*) 2014-07-09 Includes\Trojans-008.sbi (*) 2014-07-09 Includes\Trojans-009.sbi (*) 2015-09-09 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2014-01-15 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-16 Includes\TrojansC-01.sbi (*) 2014-01-16 Includes\TrojansC-02.sbi (*) 2014-01-16 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-16 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) |
Themen zu Spybot findet win32.downloader.gen |
agent, appdata, bli, browser, cookie, dll, excel, explorer, explorer.exe, firefox, helper.exe, internet, internet explorer, laptop, live, microsoft, office, registry, registry key, roaming, software, spybot, tracking, tracking cookie, trojaner, trojaner?, windows |