| |
| |||||||
Log-Analyse und Auswertung: TR/Dropper.Gen in windows.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.10.2009, 09:34
| #1 |
| |  TR/Dropper.Gen in windows.exe Hallo, ich hab den Trojaner TR/Dropper.Gen in meiner windows.exe. Da ist es mit löschen oder in Quarantäne verschieben woll eher keine gute Idee. Angeschlagen hat Avira (und tut das jetzt alle 10 Minute) Hab Windows Vista Home Premium Logfile Hijack: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:26:39, on 04.10.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\eXPert PDF\vspdfprsrv.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Anti-Malware\mbam.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\services.exe, O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Super-Search - search like an expert - {B88F0A3B-663C-4342-A7CE-2D6F81032897} - C:\PROGRA~1\EASYSE~1\BHO\1SUPER~1.DLL O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\eXPert PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Windows] windows.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [teXXas] "C:\Program Files\teXXas\teXXas.exe" /autorun O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8286BEBC-1EAF-429D-ACAC-5894072C3035}: NameServer = 48.46.48.0 O17 - HKLM\System\CCS\Services\Tcpip\..\{9797C67E-B686-408E-839F-AC11822C6C4B}: NameServer = 213.191.74.11 213.191.92.82 O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8732 bytes Logfile Anti-Malware: Code:
ATTFilter Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2902
Windows 6.0.6001 Service Pack 1
04.10.2009 10:03:41
mbam-log-2009-10-04 (10-03-41).txt
Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 224805
Laufzeit: 1 hour(s), 1 minute(s), 47 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\services.exe,) Good: (Userinit.exe) -> Not selected for removal.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Program Files\Posh Boutique\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Windows\windows.exe (Trojan.Agent) -> Not selected for removal.
Code:
ATTFilter ABC Amber Audio Converter 02.08.2008 1,48MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 30.07.2009
Adobe Reader 8.1.5 - Deutsch Adobe Systems Incorporated 25.05.2009 99,7MB
Agatha Christie Death On The Nile 07.08.2009 161,9MB
Alice-Installationsdateien entfernen 30.06.2008 20,2MB
Anno 1701 Sunflowers 06.09.2008 1.935,7MB
Anno 1701 - Der Fluch des Drachen Sunflowers 22.09.2008 2.714,9MB
Around the World 21.08.2009 69,6MB
Atheros Driver Installation Program Atheros 29.06.2008 4,00KB
ATI Catalyst Install Manager ATI Technologies, Inc. 02.07.2008 13,8MB
AudioRecorder 02.08.2008 0,77MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 26.06.2009 72,7MB
Big City Adventure Sydney GameHouse, Inc. 14.04.2009 35,2MB
Bluetooth Stack for Windows by Toshiba 30.05.2007 54,7MB
Bookworm Deluxe Zylom Games 21.08.2009 12,8MB
CCleaner (remove only) Piriform 02.10.2009 2,71MB
CD/DVD Drive Acoustic Silencer TOSHIBA 29.06.2008 0,45MB
Clean My Registry v4.7 Smart PC Solutions 13.07.2008 3,41MB
DIE SIEDLER - Aufstieg eines Königreichs (Alle Produkte) Ubisoft 29.06.2008 2.984,6MB
DivX Codec DivX, Inc. 27.06.2009 84,00KB
DivX Converter DivX, Inc. 27.06.2009 30,4MB
DivX Player DivX, Inc. 27.06.2009 15,4MB
DivX Plus DirectShow Filters DivX, Inc. 27.06.2009 1,22MB
DivX Web Player DivX,Inc. 27.06.2009 2,93MB
DVD MovieFactory for TOSHIBA Ulead Systems, Inc. 29.06.2008 251,5MB
ElsterFormular 2008/2009 Steuerverwaltung des Bundes und der Länder 18.02.2009 159,0MB
Emdedded IR Driver Compal Electronics, Inc. 30.05.2007 0,89MB
eMule 17.10.2008 10,6MB
eXPert PDF 4 Visage Software 19.11.2008 33,2MB
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 30.05.2007 6,65MB
Free WMA to MP3 Converter 1.08 Jodix Technologies Ltd. 27.11.2008 2,84MB
Google Toolbar for Internet Explorer Google Inc. 09.09.2009 7,42MB
Google Updater Google Inc. 21.03.2009 2,83MB
HijackThis 2.0.2 TrendMicro 02.10.2009 0,38MB
ICQ6.5 ICQ 10.03.2009 45,3MB
Java(TM) SE Runtime Environment 6 Sun Microsystems, Inc. 30.05.2007 114,6MB
MAGIX Digital Foto Maker SE 4.1.0.835 (D) MAGIX AG 30.05.2007 239,7MB
MAGIX Foto Suite 1.12.0.89 (D) MAGIX AG 30.05.2007 122,4MB
MAGIX Online Druck Service 2.3.2.0 (D) MAGIX AG 30.05.2007 9,35MB
Malwarebytes' Anti-Malware Malwarebytes Corporation 02.10.2009 3,99MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 21.08.2009 37,1MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 22.07.2009 28,0MB
Microsoft Office Professional Plus 2007 Microsoft Corporation 22.07.2009 240,0MB
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14.11.2008 0,41MB
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.06.2009 0,58MB
Microsoft Windows Media Video 9 VCM 26.07.2008 13,7MB
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 30.05.2007 1,25MB
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 01.07.2008 1,27MB
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 02.07.2008 1,27MB
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1,28MB
myphotobook 3.1 myphotobook 29.06.2008 16,9MB
Nero 8 Lite UpdatePack.nl 14.11.2008 42,6MB
Ocean Express (remove only) 18.06.2009 20,7MB
Posh Boutique 08.04.2009 34,1MB
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek 30.05.2007 0,57MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 30.05.2007 14,6MB
Save.TV EasyRecord DownloadManager Save.TV 25.07.2009
Synaptics Pointing Device Driver Synaptics 13.08.2008 13,3MB
Texas Instruments PCIxx21/x515/xx12 drivers. Ihr Firmenname 30.05.2007 0,94MB
teXXas metaspinner media GmbH 01.08.2008 10,2MB
TOSHIBA Assist 29.06.2008 1,20MB
TOSHIBA Benutzerhandbücher TOSHIBA 30.05.2007 5,77MB
TOSHIBA ConfigFree TOSHIBA 30.05.2007 39,6MB
TOSHIBA Disc Creator TOSHIBA Corporation 30.05.2007 9,68MB
TOSHIBA DVD PLAYER TOSHIBA Corporation 29.06.2008 20,5MB
TOSHIBA Extended Tiles for Windows Mobility Center Toshiba 30.05.2007 1,28MB
TOSHIBA Flash Cards Support Utility TOSHIBA 30.05.2007
TOSHIBA Hardware Setup TOSHIBA 30.05.2007
Toshiba Online Product Information TOSHIBA 30.05.2007 4,78MB
TOSHIBA SD Memory Utilities TOSHIBA 30.05.2007 1,61MB
TOSHIBA Software Modem Agere Systems 29.06.2008
TOSHIBA Supervisorkennwort TOSHIBA 30.05.2007
TOSHIBA Value Added Package TOSHIBA Corporation 30.05.2007 48,00KB
Visionaire 2.8.2 Freeware Visionaire 06.08.2009 16,8MB
Windows Media Encoder 9-Reihe 30.05.2007 13,7MB
Xvid 1.1.3 final uninstall Xvid team (Koepi) 06.08.2009 0,77MB
Youda Legend - The Curse of the Amsterdam Diamond BigFishGames 10.08.2009 115,4MB
Zak McKracken - Between Time and Space 06.08.2009
Geändert von oder? (04.10.2009 um 09:39 Uhr) |
| Themen zu TR/Dropper.Gen in windows.exe |
| agere systems, antivir, antivir guard, avg, avira, bho, bundes, curse, defender, desktop, druck, ebay, expert pdf, flash player, google, hijack, hijackthis, home, home premium, install.exe, internet, internet explorer, magix, malwarebytes anti-malware, mp3, object, registrierungsschlüssel, registry, rundll, saver, services.exe, software, system, trojaner, uleadburninghelper, userinit.exe, vista, windows vista home, wma |
Baum-Darstellung