Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: vom Trojaner TR/Dropper.gen erwischt worden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.11.2009, 23:46   #61
collygreen19
 
vom Trojaner TR/Dropper.gen erwischt worden - Standard

vom Trojaner TR/Dropper.gen erwischt worden



Code:
ATTFilter
OTL Extras logfile created on: 23.11.2009 23:36:52 - Run 6
OTL by OldTimer - Version 3.1.6.1     Folder = C:\Users\***\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,56 Gb Total Space | 361,29 Gb Free Space | 79,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP
Current User Name: ***
NOT logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
h**p [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
h**ps [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{183372B8-A3C2-063B-5C9E-B5C3E09F7158}" = CCC Help Norwegian
"{1864FD5B-56B2-4EC4-9301-FB26909EC0A8}" = Mindjet MindManager 8
"{1D2DF848-BA1C-6D29-8DC6-A8EBC85B2128}" = CCC Help Thai
"{1F07C5EC-A79E-9A66-7BE8-352E18A21CC9}" = ATI Catalyst Install Manager
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{2176C142-DEE5-8AF0-9257-CA2E65368A52}" = CCC Help Finnish
"{27EA389E-B0D3-E606-A801-C397BC417B00}" = Catalyst Control Center Graphics Previews Common
"{32DD0B80-68A4-2BAD-6D43-D2A6A7732AA2}" = CCC Help Hungarian
"{33F55462-96AF-0D67-AAF3-5ACBDE186FF7}" = CCC Help Dutch
"{359391F9-1A4D-A988-D62D-0F33C59AFDF6}" = CCC Help English
"{36FBD8D7-CEFC-2BFD-9E50-CDEA040D5F47}" = CCC Help Swedish
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C7C4990-D713-E889-63E7-214D35B55B18}" = Catalyst Control Center Graphics Previews Vista
"{4C5FC19D-AE05-3F78-4336-90116C43400E}" = CCC Help French
"{4E64FCCA-AE91-609C-6646-3BA7B2542C17}" = CCC Help Russian
"{4F29AF49-2F30-4E33-416B-E373ACE30B03}" = Catalyst Control Center Core Implementation
"{51CBB909-7A5D-1B81-2F79-219231F0C7A6}" = Catalyst Control Center InstallProxy
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5CCB5E3A-8FA6-E1B8-082E-507493C836CD}" = Catalyst Control Center Localization All
"{5D9F5605-4B95-A700-B10E-FC5DBE052D18}" = CCC Help Italian
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{653C3AFC-E8BB-E745-DEE8-A9EA8ED5D432}" = CCC Help Greek
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6CCAF3C8-8B77-3601-6E9C-E85E9444B0E6}" = CCC Help Chinese Traditional
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C8744A5-DED2-028E-C0B7-42AAA764E806}" = CCC Help Korean
"{7CF4115F-8947-2E35-718E-9AE7907FDD34}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B1CF7D7-9D45-6FB7-8B8A-72E804B74ACD}" = CCC Help Danish
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{96AE9B73-23A5-3781-07EE-D873CDF1935A}" = CCC Help Polish
"{97F52122-E41C-C805-3981-E8686E073978}" = CCC Help Chinese Standard
"{99804FF5-11AC-4FC9-B66B-72E9A6B386BC}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A82C622C-22E2-409E-7113-EB749DEBC9F7}" = CCC Help Portuguese
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AA66EAEF-E6F9-BB8A-1463-72BE38F70856}" = CCC Help Japanese
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF0D6B2-1087-3D96-624F-B83A5EBD175D}" = Catalyst Control Center Graphics Full Existing
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2004393-13BB-E18E-B1BF-19D758AFCD8D}" = CCC Help Spanish
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD21CAA4-C666-656A-0717-064BFCB850A9}" = ccc-utility
"{DDAF9A24-31F2-998B-79F3-F02580284D50}" = CCC Help Turkish
"{E9DC3DE6-B510-FF40-F696-CFA52F9916FE}" = CCC Help German
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29F2FAC-3F7E-4302-689C-C6579A19B3FC}" = CCC Help Czech
"{F50D41C8-AC24-3FCD-D3AB-10C2D7CBDFB8}" = Catalyst Control Center Graphics Light
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"office wörterbuch pro 2" = office wörterbuch pro 2
"PDF-XChange 3_is1" = PDF-XChange 3
"Revo Uninstaller" = Revo Uninstaller 1.83
"splashtop" = VAIO Quick Web Access
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
         

Alt 23.11.2009, 23:47   #62
Larusso
/// Selecta Jahrusso
 
vom Trojaner TR/Dropper.gen erwischt worden - Standard

vom Trojaner TR/Dropper.gen erwischt worden



Okay, reicht soweit.

Starte HJT --> Open Misc tool selection --> open Hosts File manager --> Klicke "open Notepad"

Poste mir den Inhalt
__________________

__________________

Alt 23.11.2009, 23:50   #63
collygreen19
 
vom Trojaner TR/Dropper.gen erwischt worden - Standard

vom Trojaner TR/Dropper.gen erwischt worden



bitte sehr:

Code:
ATTFilter
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost
         
__________________

Alt 24.11.2009, 00:12   #64
Larusso
/// Selecta Jahrusso
 
vom Trojaner TR/Dropper.gen erwischt worden - Standard

vom Trojaner TR/Dropper.gen erwischt worden



Gibts noch Probleme ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 24.11.2009, 00:22   #65
collygreen19
 
vom Trojaner TR/Dropper.gen erwischt worden - Standard

vom Trojaner TR/Dropper.gen erwischt worden



im moment hab ich net das gefühl...

hab das antiVir auch noch ein paar mal durchlaufen lassen und es hat keine funde gemeldet...

wenn du mir jetzt noch die absolution erteilst, dass du denkst, es ist alles in ordnung, dann bin ich glücklich...


Alt 24.11.2009, 00:30   #66
Larusso
/// Selecta Jahrusso
 
vom Trojaner TR/Dropper.gen erwischt worden - Standard

vom Trojaner TR/Dropper.gen erwischt worden



Hast Du keine Probleme mehr, hab ich auch keine

Starte bitte die OTL.exe
Klick rechts oben auf den Clean Up Button. Dies wird die meisten Tools die wir benötigt haben entfernen.
Sollte denoch was bestehen bleiben, bitte manuell löschen.


HJT Logfile bitte
__________________
--> vom Trojaner TR/Dropper.gen erwischt worden

Alt 24.11.2009, 00:40   #67
collygreen19
 
vom Trojaner TR/Dropper.gen erwischt worden - Standard

vom Trojaner TR/Dropper.gen erwischt worden



bitte sehr:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:38:31, on 24.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Users\***\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

--
End of file - 7234 bytes
         

Alt 24.11.2009, 00:42   #68
Larusso
/// Selecta Jahrusso
 
vom Trojaner TR/Dropper.gen erwischt worden - Standard

vom Trojaner TR/Dropper.gen erwischt worden



Log ist sauber :

Wenn es keine Fragen oder Probleme mehr gibt habe ich Hier noch was zu lesen für Dich zum Thema Sicherheit von JigSaw.

Du bist entlassen.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 24.11.2009, 00:49   #69
collygreen19
 
vom Trojaner TR/Dropper.gen erwischt worden - Standard

vom Trojaner TR/Dropper.gen erwischt worden



suuuuuuuuuuuuper

dann sag ich mal



auf hoffentlich nicht allzubald

Antwort

Themen zu vom Trojaner TR/Dropper.gen erwischt worden
adobe, antivir, antivir guard, avg, avira, bho, desktop, explorer, firefox, firewall, hijack, hijackthis, icq, internet, internet explorer, logfile, löschen, microsoft, mozilla, mozilla thunderbird, realtek, sicherheit, software, tr/dropper.gen, trojaner, trojaner tr/dropper.gen, windows




Ähnliche Themen: vom Trojaner TR/Dropper.gen erwischt worden


  1. TR/Dropper.MSIL.175154 hat mich erwischt
    Log-Analyse und Auswertung - 17.08.2015 (9)
  2. (mehrere) Trojanermeldung(en) AVG (Win8.1) : "Trojaner: Dropper.Generic2.ANGG.dropper"
    Log-Analyse und Auswertung - 11.07.2014 (3)
  3. Emsisoft war unbemerkt deinstalliert worden, nach Neuinstallation Trojaner gefunden
    Log-Analyse und Auswertung - 15.02.2014 (3)
  4. gvu trojaner hat mich erwischt
    Log-Analyse und Auswertung - 09.09.2013 (10)
  5. Ist der GVU Trojaner vollständig entfernt worden? (Windows7)
    Log-Analyse und Auswertung - 10.07.2013 (21)
  6. vom GVU-Trojaner erwischt
    Log-Analyse und Auswertung - 17.03.2013 (12)
  7. GVU Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (24)
  8. vom GVU-Trojaner erwischt
    Log-Analyse und Auswertung - 13.01.2013 (11)
  9. BKA TROJANER: Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (3)
  10. PC von GVU trojaner befallen worden, bereinigt, was nun?
    Log-Analyse und Auswertung - 09.10.2012 (10)
  11. BKA TROJANER _ Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden
    Log-Analyse und Auswertung - 26.09.2012 (2)
  12. Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden"
    Log-Analyse und Auswertung - 10.08.2012 (1)
  13. Trojaner "Ihr Computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt worden"
    Log-Analyse und Auswertung - 04.08.2012 (11)
  14. TR/Dropper.Gen hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 27.02.2011 (5)
  15. Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (9)
  16. vermutlicher Trojaner automatisch über ICQ verschickt worden
    Log-Analyse und Auswertung - 21.04.2010 (10)
  17. Trojaner erwischt?
    Log-Analyse und Auswertung - 15.06.2008 (1)

Zum Thema vom Trojaner TR/Dropper.gen erwischt worden - Code: Alles auswählen Aufklappen ATTFilter OTL Extras logfile created on: 23.11.2009 23:36:52 - Run 6 OTL by OldTimer - Version 3.1.6.1 Folder = C:\Users\***\Desktop An unknown product (Version = 6.1.7600) - vom Trojaner TR/Dropper.gen erwischt worden...
Archiv
Du betrachtest: vom Trojaner TR/Dropper.gen erwischt worden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.