TR/TDss.adcr

PDvaS · 17.05.2009, 19:48

Hallo Leute,

ich hab mir vor zwei Tagen den Trojaner TR/TDss.adcr eingefangen.
AntiVir hat den Trojaner erkannt und gemeldet:

In der Datei 'D:\RECYCLER\S-8-5-80-100011524-100005441-100032622-1396.com'
wurde ein Virus oder unerwünschtes Programm 'TR/TDss.adcr' [trojan] gefunden.

In der Datei 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20090517-190424-F20CF501\AVSCAN-20090517-190436-FC0E921A'
wurde ein Virus oder unerwünschtes Programm 'TR/TDss.adcr' [trojan] gefunden.

In der Datei 'C:\Users\PDvaS\AppData\Local\Temp\tmpB06C.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Alureon.BH.8' [trojan] gefunden.

Ich hab die Trojaner sofort in die Quarantäne gepackt und dachte das Problem sei damit gelöst, aber nun bekomm ich ständig neue Warnmeldungen von AntiVir.

Malwarebytes-Anti-Malware hat nichts gefunden.

HiJackThis Log

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:34, on 17.05.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.jappy.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{139E993A-1EC2-464B-82F1-A70231E80AEF}: NameServer = 85.255.112.100,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC96074A-9C8B-4AA4-A03A-132C75B97FAF}: NameServer = 85.255.112.100,85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.100,85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\..\{139E993A-1EC2-464B-82F1-A70231E80AEF}: NameServer = 85.255.112.100,85.255.112.197
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.100,85.255.112.197
O17 - HKLM\System\CS2\Services\Tcpip\..\{139E993A-1EC2-464B-82F1-A70231E80AEF}: NameServer = 85.255.112.100,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.100,85.255.112.197
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7696 bytes

Installierte Programme

Code:

ATTFilter

2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.0 - Deutsch
Agere Systems HDA Modem
ALUpdate
AMD USB Audio Driver Filter
Atheros WLAN Client
ATI PCI Express (3GIO) Filter Driver
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
Business Contact Manager für Outlook 2007
Business Contact Manager für Outlook 2007
Catalyst Control Center - Branding
CCleaner (remove only)
Choice Guard
CorelDRAW Graphics Suite 12
CyberLink DVD Suite
CyberLink Power2Go
DivX Web Player
Easy Battery Manager
Easy Display Manager
Easy Network Manager 4.0
Easy SpeedUp Manager
FIFA 09
Free FLV Converter V 6.23.0
GeoGebra
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.15
imagine digital freedom - Samsung
Java(TM) 6 Update 13
LabelPrint
LightScribe System Software  1.12.37.1
MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (German) 2007
Microsoft Picture It! Foto Premium 10
Microsoft SOAP Toolkit 2.0 SP2
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MoviesPlay
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
PlayCamera
PowerDirector
PowerDVD
PowerProducer
Realtek High Definition Audio Driver
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Steinberg Cubase LE 4
Synaptics Pointing Device Driver
Syncrosoft Lizenz Kontrolle
Techno4ever Player
Tsunami-Filter-Pack
TuneUp Utilities 2009
Ultra AVI Converter 4.4.0529
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
US-122L / US-144 driver
User Guide
VC80CRTRedist - 8.0.50727.762
Vimicro UVC Camera
Virtual DJ - Atomix Productions
Vista Codec Package
VLC media player 0.9.9
WIDCOMM Bluetooth Software 6.0.1.6300
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live-Uploadtool
Windows Media Player Firefox Plugin
WinRAR
Zattoo 3.3.3 Beta

Ich hoffe ihr könnt mir helfen.
Schonmal Danke im vorraus, PDvaS

TR/TDss.adcr

Plagegeister aller Art und deren Bekämpfung: TR/TDss.adcr

TR/TDss.adcr

Ähnliche Themen: TR/TDss.adcr