Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen

Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen


Plagegeister aller Art und deren Bekämpfung: Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.03.2012, 23:15   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen - Standard

Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.03.2012, 18:29   #2
Vivo
 
Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen - Standard

Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen


So, die neuen Logs sind fertig.

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-08 13:08:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: rtxyj44p.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys


---- System - GMER 1.0.15 ----

SSDT            8BD76526                                                                                             ZwCreateSection
SSDT            8BD7652B                                                                                             ZwSetContextThread
SSDT            8BD764C7                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                        81EB8998 4 Bytes  [26, 65, D7, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                        81EB8CF0 4 Bytes  [2B, 65, D7, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                        81EB8DA4 4 Bytes  [C7, 64, D7, 8B]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8B407340, 0x3DC4A7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[772] kernel32.dll!SetUnhandledExceptionFilter  7702A8C5 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [745F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7464A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [745FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [745EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [745F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [745EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74628395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [745FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [745EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [745EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [745E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7467CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [7461C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [745ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [745E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [745E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [745F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                               AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                             AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                   0 bytes
File            C:\ADSM_PData_0150\DB                                                                                0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                          624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                           512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                      253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                              512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                          0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                     512 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:27:00 on 08.03.2012

OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"RealUpgradeScheduledTaskS-1-5-21-304298557-2416404760-3250698555-1000.job" - "RealNetworks, Inc." - C:\Program Files\Real\RealUpgrade\realupgrade.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys
"pwliyfow" (pwliyfow) - ? - C:\Users\***\AppData\Local\Temp\pwliyfow.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "ASUS" - C:\Windows\system32\TPESetting.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "JetFlExt Class" - "JetAudio" - C:\Program Files\JetAudio\JetFlExt.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\Windows\bdoscandel.exe  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Biet-O-Matic.lnk" - "www.bid-o-matic.org" - C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ASUSTPE" - "ASUS" - C:\Windows\system32\ASUSTPE.exe
"ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - ? - "C:\Program Files\ATKOSD2\ATKOSD2.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HControlUser" - ? - "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LanguageShortcut" - ? - "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe"
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"hpfll70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpfll70v.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"ADSM Service" (ADSMService) - ? - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---


Code:
ATTFilter
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-08 17:28:20
-----------------------------
17:28:20.735    OS Version: Windows 6.0.6002 Service Pack 2
17:28:20.735    Number of processors: 1 586 0x1601
17:28:20.772    ComputerName: ***-PC  UserName: ***
17:28:22.890    Initialize success
17:29:49.713    AVAST engine defs: 12030800
17:30:00.544    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:30:00.553    Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
17:30:01.556    Disk 0 MBR read successfully
17:30:01.562    Disk 0 MBR scan
17:30:01.575    Disk 0 Windows VISTA default MBR code
17:30:01.723    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    10001 MB offset 63
17:30:01.842    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 20482875
17:30:01.855    Disk 0 Partition - 00     0F Extended LBA             66315 MB offset 176763195
17:30:02.068    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        66315 MB offset 176763258
17:30:02.959    Disk 0 scanning sectors +312576705
17:30:03.671    Disk 0 scanning C:\Windows\system32\drivers
17:32:48.646    Service scanning
17:33:24.768    Modules scanning
17:37:07.035    Disk 0 trace - called modules:
17:37:07.106    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
17:37:07.125    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851401b0]
17:37:07.141    3 CLASSPNP.SYS[87faf8b3] -> nt!IofCallDriver -> [0x84085918]
17:37:07.158    5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84062230]
17:37:08.062    AVAST engine scan C:\Windows
17:38:36.826    AVAST engine scan C:\Windows\system32
17:55:00.833    AVAST engine scan C:\Windows\system32\drivers
17:55:22.650    AVAST engine scan C:\Users\***
18:14:46.256    AVAST engine scan C:\ProgramData
18:17:54.683    Scan finished successfully
18:18:16.839    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:18:16.855    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
__________________
Antwort

Themen zu Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen
.dll, ablauf, administrator, antivir, asus, avira, dateien, desktop, explorer, gfnexsrv.exe, harddisk, heuristiks/extra, heuristiks/shuriken, lsass.exe, neu, nt.dll, programm, registry, rundll, scan, security, services.exe, startmeldung, suche, svchost.exe, system, temp, tr/dropper.gen, tr/dropper.gen8, verweise, vista, warnung, winlogon.exe


« Lexmark sperrt Zugriff auf Webseiten über Firefox | RegClean Pro - Rogue Verdacht nach Öffnen eines Fake-Facebookvideos »


Ähnliche Themen: Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen


  1. Avira meldet HTML/Crypted.Gen - wie werd ich das los?
    Plagegeister aller Art und deren Bekämpfung - 24.05.2014 (13)
  2. Avira meldet Fund auf PC => HTML/Framer.EB.16
    Log-Analyse und Auswertung - 08.03.2014 (11)
  3. Avira meldet: HTML/Malicious.Flash.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (15)
  4. AVIRA meldet 'TR/Crypt.ZPACK.Gen8' (C:\System Volume Information\_restore{...}\RP353\A0103375.exe)
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (11)
  5. Avira meldet HTML/Dldr.Iframe.HJ, was ist das?
    Log-Analyse und Auswertung - 14.01.2013 (15)
  6. TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit)
    Log-Analyse und Auswertung - 12.10.2012 (21)
  7. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  8. Avira meldet HTML/IFrame.puas in Firefox Profile
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (2)
  9. avira meldet: HTML/Spoofing.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2011 (26)
  10. Avira Guard meldet HTML/Crypted.Gen' [virus]
    Plagegeister aller Art und deren Bekämpfung - 11.11.2010 (10)
  11. HTML/Infected.Webpage.Gen2 meldet mir Avira ständig
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (1)
  12. Avira meldet: HTML/infected.WebPage.Gen
    Log-Analyse und Auswertung - 08.09.2010 (6)
  13. Avira meldet HTML/MaliciousPDF.Gen
    Log-Analyse und Auswertung - 22.01.2010 (1)
  14. Avira AntiVirus meldet: HTML/Infected.WebPage.Gen
    Plagegeister aller Art und deren Bekämpfung - 07.07.2009 (0)
  15. Avira meldet Trojaner TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 15.04.2009 (0)
  16. avira meldet wiederholt Dropper
    Plagegeister aller Art und deren Bekämpfung - 27.02.2009 (1)
  17. Avira meldet HTML/Click.Agent.C
    Mülltonne - 05.08.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen - Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ - Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen...
Archiv
Du betrachtest: Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132