Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Malewarebyts und Siredef.C (https://www.trojaner-board.de/158041-malewarebyts-siredef-c.html)

Klaus Pit 27.08.2014 10:30
Malewarebyts und Siredef.C
 
Guten Tag,
vor einigen Tagen lud ich von eurer Seite das Tool "Malewarebyts". Die Partner sind ADW-Cleaner und Emsisoft. Alle Dreie waren mit meinem BS hochzufrieden.
An diesem Abend mistete ich einige Microsoft-Apps auf dem Kacheldesktop aus. Unterandrem deinstallierte ich Reader/Reader Liste, um sie dann aus dem verstecktem Verzeichnis C:\Programme\WindowsApps zu löschen.
Aus irgendeinem Grund ließ ich "Malewarebyts" noch einmal laufen und diesmal stand er Kopf. Bei dem Verzeichnis "ReaderList" im Papierkorb, war Feuer auf dem Dach.
Jede Zeile beinhaltete den Eintrag "Trojaner Siredef.C". Nach der Bereinigung durch das Tool mit Neustart, war wieder Friede an der Front.
Ergo: Solang "ReaderList" im Verzeichnis "WindowsAbbs" liegt, wird sie von dem Scanner ignoriert, löscht man sie über den Papierkorb, schlagt das Tool Alarm.
Dieses obige Verzeichnis wird allein von Microsoft verwaltet. Ich besitze auch kein Microsoft-Konto.
Vielleicht könntet ihr das Prozedere auf euren PC's nachspielen. Das Ergebnis wäre interessant.

Gruß Klaus Pit

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.25.02

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17239
[administrator]

25.08.2014 11:02:10
mbar-log-2014-08-25 (11-02-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 336582
Time elapsed: 3 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_X64__8WEKYB3D8BBWE (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_X64__8WEKYB3D8BBWE\AppxMetadata (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_X64__8WEKYB3D8BBWE\images (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_X64__8WEKYB3D8BBWE\javascript (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_X64__8WEKYB3D8BBWE\JAVASCRIPT\scripts (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_X64__8WEKYB3D8BBWE\JAVASCRIPT\scripts\dom (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_X64__8WEKYB3D8BBWE\microsoft.system.package.metadata (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]

Files Detected: 113
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\mrupane.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\app.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\AppxBlockMap.xml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\AppxManifest.xml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\AppxSignature.p7x (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\commandbar.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\dialogbox.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\digsigmessagebox.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\documentproperties.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\docview.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\findbar.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\findpane.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\flyout.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\glcnd.exe (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\mainpage.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.perftrack.dll (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.sqm.dll (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\moremenu.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\onepagediscreteview.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\pageeditbox.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\pagetemplates.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\password.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\preferencespane.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\progressdialog.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\resources.pri (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\semanticzoomview.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\semanticzoomviewtwopage.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\singlepagecontinuousview.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\stickynote.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\styles.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\summarypane.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\switchercontrol.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\twopagediscreteview.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\xpsviewrasterizerstore.dll (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\zoombox.xaml (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.targetsize-32.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.targetsize-48.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertilelogo.contrast-black.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.contrast-black_targetsize-16.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.contrast-black_targetsize-256.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.contrast-black_targetsize-32.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.contrast-black_targetsize-48.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.contrast-white_targetsize-16.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.contrast-white_targetsize-256.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.contrast-white_targetsize-32.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.contrast-white_targetsize-48.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.targetsize-16.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.targetsize-256.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerfilelogo.targetsize-48.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.contrast-black.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.contrast-black_scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.contrast-black_scale-80.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.contrast-white.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.contrast-white_scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.contrast-white_scale-80.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.scale-80.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.targetsize-16.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersmalllogo.targetsize-32.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersplashlogo.contrast-black.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersplashlogo.contrast-black_scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersplashlogo.contrast-white.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersplashlogo.contrast-white_scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersplashlogo.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readersplashlogo.scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerstorelogo.contrast-black.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerstorelogo.contrast-black_scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerstorelogo.contrast-white.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerstorelogo.contrast-white_scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerstorelogo.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readerstorelogo.scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertilelogo.contrast-black_scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertilelogo.contrast-black_scale-80.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertilelogo.contrast-white.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertilelogo.contrast-white_scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertilelogo.contrast-white_scale-80.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertilelogo.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertilelogo.scale-100.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertilelogo.scale-80.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertinytilelogo.contrast-black.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertinytilelogo.contrast-black_scale-80.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertinytilelogo.contrast-white_scale-80.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertinytilelogo.contrat-white.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertinytilelogo.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\images\readertinytilelogo.scale-80.png (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\jshost.html (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\aforms.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\constants.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\infra.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\unsupportedobjectlogging.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\app.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\color.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\doc.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\domconstants.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\enums.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\field.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\objectrootdefs.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\readonlyreadwriteprops.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\util.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\javascript\scripts\dom\utilmethods.js (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2724769885-3786387473-3416924715-500-MergedResources-1.pri (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-3430015393-2997969316-1744751926-500-MergedResources-1.pri (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-4021553374-4213931948-3425864014-1003.pckgdep (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-4021553374-4213931948-3425864014-1003.recovery (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-4021553374-4213931948-3425864014-1004-MergedResources-0.pri (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-4021553374-4213931948-3425864014-1004.pckgdep (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-4021553374-4213931948-3425864014-1007.pckgdep (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-4021553374-4213931948-3425864014-1007.recovery (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-440832007-1329741312-3905038787-500-MergedResources-0.pri (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]
C:\$Recycle.Bin\S-1-5-21-4021553374-4213931948-3425864014-1003\$RSG1PV8.16422_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-922788293-1351051847-3162468994-500-MergedResources-0.pri (Trojan.Siredef.C) -> Delete on reboot. [92076f5a78038fa7bf3060a05ba536ca]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber 27.08.2014 10:53
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Klaus Pit 27.08.2014 13:52
Hallo Schrauber,
Deine Wunschliste habe ich dir über die Raute als "direkt Nachricht" geschrieben.
Ist das so in Ordnung ?

Gruß Klaus

schrauber 28.08.2014 07:37
bitte die Logfiles hier ins Thema posten.


Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Klaus Pit 01.09.2014 14:35
Hallo,
natürlich ist mein System nicht von Malewares geschädigt.
Die deaktivierten und gelöschten Apps aus dem versteckten Verzeichnis "C:\Progamme\WindowsApps " beinhalten Java-Scripts, die ein ähnliches Verhaltensmuster, wie dieser Trojaner, aufweisen.
Alle Portale, von Microsoft bis Amazon, arbeiten mit diesen Javas, um unser Interesse- und Kaufverhalten zu registrieren.
Das Tool "Malewarebyts" deklariert diese als Siredef.C
Neben Reader, ReaderList, löschte ich noch Taptiles, Adera Lite und HelpAndTips.
In der Quarantäne von Malewarebyts lagen dann, in etwa, über 1000 abgeschottete Dateien.:)

Weil ich das Tool von dieser Seite zog, wollte ich hier über diese Beobachtung schreiben.

Darum mein obiger Vorschlag, dass Eure Spezialisten das Prozedere testen, um eventuell
den geschockten User zu beruhigen.

Herzichen Gruß Klaus Pit

schrauber 02.09.2014 09:45
Jetzt hab auch ich es verstanden. Wenn Du also nach dem Löschen den Papierkorb leeren würdest würde man davon gar nix mitbekommen.

Willkommen in der Welt der heuristischen Erkennung :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27