|
Plagegeister aller Art und deren Bekämpfung: TR\Dropper.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.04.2009, 17:42 | #1 |
| TR\Dropper.Gen Hallo, vor wenigen Tagen hat mein AntiVir den TR\Dropper.Gen gefunden. Ich habe einige Foreneinträge durchgelesen und hab nun mal die 3 geforderten Suchprogramme durchlaufen lassen. Hier sind meine Logfiles: Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.36 Datenbank Version: 1983 Windows 6.0.6001 Service Pack 1 14.04.2009 20:19:04 mbam-log-2009-04-14 (20-19-04).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 250935 Laufzeit: 1 hour(s), 46 minute(s), 44 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\t55ft2751f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully. C:\Windows\ld07.exe (Backdoor.Bot) -> Quarantined and deleted successfully. Code:
ATTFilter SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/14/2009 at 10:15 PM Application Version : 4.26.1000 Core Rules Database Version : 3844 Trace Rules Database Version: 1799 Scan type : Complete Scan Total Scan Time : 01:39:09 Memory items scanned : 662 Memory threats detected : 0 Registry items scanned : 7803 Registry threats detected : 0 File items scanned : 167686 File threats detected : 50 Adware.Tracking Cookie C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@atdmt[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@msnportal.112.2o7[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@smartadserver[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@serving-sys[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ad.71i[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adserver.71i[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adsrv.admediate[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@zanox-affiliate[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@tracking.quisma[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@partygaming.122.2o7[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ssl-cdn.euroclick[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adtech[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ad.zanox[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adbrite[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@euros4click[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@at.atwola[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@komtrack[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.etracker[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.zanox-affiliate[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ads.heias[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@rotator.adjuggler[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@pornhub[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@bs.serving-sys[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.pornhub[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@clickz.lonelycheatingwives[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.pornhub[3].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@zanox[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ad.salebroker[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ad2.doublepimp[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@kupona.122.2o7[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@toplist[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.usenext[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@tto2.traffictrack[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@tacoda[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@count.xhit[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ads-dev.youporn[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@webmasterplan[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@traffictrack[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@zbox.zanox[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adfarm1.adition[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@xiti[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@youporn[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@advertising[2].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@msnaccountservices.112.2o7[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@www.youporncams[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@ads.quartermedia[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@adopt.euroclick[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@atwola[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@2o7[1].txt C:\Users\frijolero!\AppData\Roaming\Microsoft\Windows\Cookies\frijolero!@de.sitestat[1].txt HijackThis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:14, on 15.04.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Windows\Explorer.EXE C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\LOGI_MWX.EXE C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe D:\Programme\JAVA\bin\jusched.exe D:\Programme\Avira\AntiVir Desktop\avgnt.exe D:\Programme\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe D:\Programme\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchFilterHost.exe D:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\ samsungcomputer.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\www.samsungcomputer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\JAVA\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\JAVA\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\JAVA\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programme\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Programme\PPLive\PPLive.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/pluginsetup.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c995f295ad9ffb) (gupdate1c995f295ad9ffb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe -- End of file - 8176 bytes Vielen Danke für eure Hilfe! |
Themen zu TR\Dropper.Gen |
adfarm, adobe, antivir, antivir guard, avg, avira, bho, danke für eure hilfe!, defender, desktop, dropper.gen, explorer, firefox, google, google update, gupdate, hijack, hijackthis, internet, internet explorer, malwarebytes' anti-malware, monitor, mozilla, plug-in, registrierungsschlüssel, rundll, software, superantispyware, system, tr\dropper.gen, usb, vista, windows defender, windows sidebar |