|
Log-Analyse und Auswertung: TR/Tropper.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.10.2013, 19:13 | #1 |
| TR/Tropper.Gen Ich habe das Problem, das oben genannter Virus/Trojaner genau auf dem Autorun.exe meines neuen Internetsticks sitzt. (Arbeite gerade mit anderem PC). Die LogFiles habe ich bereits auf meinem PC durchgeführt, hier die Ergebnisse: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013 Ran by Nina Saurer (administrator) on NINASAURER-PC on 20-10-2013 19:48:18 Running from F:\ Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe () C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Teruten) C:\Windows\system32\FsUsbExService.Exe (OptionNV) C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe () C:\Program Files\ASUS\ASUS Live Update\ALU.exe (ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ATK) C:\Program files\P4G\BatteryLife.exe (ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe () C:\Program Files\ASUS\Wireless Console 3\wcourier.exe (ATK) C:\Program Files\ASUS\Splendid\ACMON.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE (ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUSTeK) C:\Windows\System32\ACEngSvr.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUS) C:\Windows\AsScrPro.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (Pinnacle Systems) C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Avid Development GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (tele.ring) C:\Program Files\telering\tele.ring Mobile Internet\tele.ring Mobile Internet.exe (Dropbox, Inc.) C:\Users\Nina Saurer\AppData\Roaming\Dropbox\bin\Dropbox.exe (PPLive Corporation) C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-19] (CyberLink) HKLM\...\Run: [P2Go_Menu] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.) HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS) HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8105984 2008-09-03] (ASUS) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-19] (Advanced Micro Devices, Inc.) HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1392640 2009-04-30] (VIA) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [540576 2009-04-21] (ELAN Microelectronic Corp.) HKLM\...\Run: [Wireless Console 3] - C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-02-07] () HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2008-08-19] (ASUS) HKLM\...\Run: [ADSMTray] - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [266240 2008-04-01] (ASUSTek Computer Inc.) HKLM\...\Run: [ACMON] - C:\Program Files\ASUS\Splendid\ACMON.exe [851968 2008-10-01] (ATK) HKLM\...\Run: [ASUS Camera ScreenSaver] - C:\Windows\AsScrProlog.exe [47672 2009-07-12] () HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3054136 2009-07-12] (ASUS) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-16] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKCU\...\Run: [SRS Premium Sound] - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [3405048 2009-04-07] (SRS Labs, Inc.) HKCU\...\Run: [PMCRemote] - C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [214288 2008-06-12] (Pinnacle Systems) HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [PPAP] - C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe [185784 2010-09-20] (PPLive Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT Startup: C:\Users\Nina Saurer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Nina Saurer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kleinezeitung.at/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=B6C31A3B-EE10-4563-B6E2-143D2D3DBEAA&apn_sauid=E0E01020-C3E5-4BAD-B7D4-58E094265CF5 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=B6C31A3B-EE10-4563-B6E2-143D2D3DBEAA&apn_sauid=E0E01020-C3E5-4BAD-B7D4-58E094265CF5 SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com) Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 213.162.69.170 213.162.69.2 FireFox: ======== FF ProfilePath: C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default FF user.js: detected! => C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\user.js FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Ask.com FF Homepage: hxxp://www.google.at/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF SearchPlugin: C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\searchplugins\askcom.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: No Name - C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Chrome: ======= CHR HomePage: hxxp://www.google.at/ CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nina Saurer\AppData\Local\Google\Chrome\Application\8.0.552.237\pdf.dll No File CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Nina Saurer\AppData\Local\Google\Chrome\Application\8.0.552.237\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Nina Saurer\AppData\Local\Google\Chrome\Application\8.0.552.237\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll No File CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Nina Saurer\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx ========================== Services (Whitelisted) ================= R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG) R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-14] () R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () R2 GtDetectSc; C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe [196704 2007-12-18] (OptionNV) R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () R2 SRS_VolSync_Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [70880 2009-04-07] (SRS Labs, Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1723744 2012-11-29] (TuneUp Software) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [555408 2013-03-26] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-03-26] (Cisco Systems, Inc.) S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-03-26] (Cisco Systems, Inc.) R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.) R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4386304 2009-03-19] (ATI Technologies Inc.) R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [30264 2009-07-12] (ASUSTek Computer Inc) R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH) R0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-21] (Microsoft Corporation) S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [6656 2008-04-07] (Generic) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [90112 2009-04-21] (ELAN Microelectronic Corp.) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] () S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.) S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.) S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( ) R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider) S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [444800 2008-06-13] (DiBcom) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2008-12-24] (ATK0100) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] () R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_i386.sys [233128 2009-04-01] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1019392 2009-04-28] (VIA Technologies, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 ASUSProcObsrv; \??\E:\I386\AsProcOb.sys [x] S3 catchme; \??\C:\Users\NINASA~1\AppData\Local\Temp\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 ipswuio; System32\DRIVERS\ipswuio.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-20 19:47 - 2013-10-20 19:47 - 00000000 ____D C:\FRST 2013-10-16 16:53 - 2013-10-16 16:53 - 00000000 ____D C:\ProgramData\DatacardService 2013-10-15 21:10 - 2013-10-15 21:10 - 00139040 _____ C:\Windows\Minidump\Mini101513-01.dmp 2013-10-03 18:59 - 2013-10-03 19:00 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-30 11:13 - 2013-09-30 11:24 - 00000000 ____D C:\Users\Nina Saurer\Desktop\FP ==================== One Month Modified Files and Folders ======= 2013-10-20 19:49 - 2012-12-16 23:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-20 19:47 - 2013-10-20 19:47 - 00000000 ____D C:\FRST 2013-10-20 19:47 - 2006-11-02 14:52 - 00305322 _____ C:\Windows\setupact.log 2013-10-20 19:43 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-20 19:43 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-20 19:33 - 2006-11-02 12:33 - 01445310 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-20 19:32 - 2009-07-12 21:30 - 01711970 _____ C:\Windows\WindowsUpdate.log 2013-10-20 19:30 - 2012-06-01 10:16 - 00000000 ____D C:\Users\Nina Saurer\AppData\Roaming\Dropbox 2013-10-20 19:30 - 2010-01-11 11:14 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI 2013-10-20 19:30 - 2009-08-19 17:41 - 03268220 _____ C:\Users\Nina Saurer\AppData\Local\Optimizer.txt 2013-10-20 19:28 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-16 17:21 - 2006-11-02 15:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-16 16:53 - 2013-10-16 16:53 - 00000000 ____D C:\ProgramData\DatacardService 2013-10-16 09:47 - 2009-09-21 20:43 - 00000263 _____ C:\Windows\Brownie.ini 2013-10-16 09:34 - 2009-07-12 22:52 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2013-10-16 07:09 - 2009-08-19 17:35 - 00000000 ____D C:\Program Files\telering 2013-10-16 07:09 - 2009-08-19 17:12 - 00000000 ____D C:\Users\Nina Saurer 2013-10-16 07:09 - 2009-07-12 22:42 - 00000000 ____D C:\ProgramData\P4G 2013-10-16 07:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool 2013-10-16 07:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc 2013-10-16 07:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration 2013-10-16 07:09 - 2006-11-02 12:22 - 50069504 _____ C:\Windows\system32\config\software_previous 2013-10-16 07:09 - 2006-11-02 12:22 - 26738688 _____ C:\Windows\system32\config\system_previous 2013-10-16 07:05 - 2006-11-02 12:22 - 43778048 _____ C:\Windows\system32\config\components_previous 2013-10-16 07:05 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous 2013-10-15 21:10 - 2013-10-15 21:10 - 00139040 _____ C:\Windows\Minidump\Mini101513-01.dmp 2013-10-15 21:10 - 2009-10-28 23:42 - 00000000 ____D C:\Windows\Minidump 2013-10-15 21:10 - 2009-10-28 23:41 - 198304448 _____ C:\Windows\MEMORY.DMP 2013-10-14 23:36 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous 2013-10-14 23:36 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\default_previous 2013-10-14 23:22 - 2009-08-19 17:54 - 00000000 ____D C:\Users\Nina Saurer\AppData\Local\tele.ring Mobile Internet 2013-10-11 10:12 - 2009-08-19 17:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 10:11 - 2009-07-12 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-11 10:10 - 2013-07-25 19:26 - 00000000 ____D C:\Windows\system32\MRT 2013-10-11 10:07 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-10-11 09:05 - 2009-11-01 17:39 - 00001356 _____ C:\Users\Nina Saurer\AppData\Local\d3d9caps.dat 2013-10-10 20:30 - 2012-06-01 10:18 - 00000000 ___RD C:\Users\Nina Saurer\Dropbox 2013-10-07 21:18 - 2012-11-17 22:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-03 19:00 - 2013-10-03 18:59 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-01 19:44 - 2012-10-10 16:38 - 00000000 ____D C:\Users\Nina Saurer\Desktop\SBWL Personal 2013-09-30 11:24 - 2013-09-30 11:13 - 00000000 ____D C:\Users\Nina Saurer\Desktop\FP Some content of TEMP: ==================== C:\Users\Nina Saurer\AppData\Local\temp\20130513045058811jniverify.dll C:\Users\Nina Saurer\AppData\Local\temp\APNStub.exe C:\Users\Nina Saurer\AppData\Local\temp\AskSLib.dll C:\Users\Nina Saurer\AppData\Local\temp\kademlia.dll C:\Users\Nina Saurer\AppData\Local\temp\logclient.dll C:\Users\Nina Saurer\AppData\Local\temp\pdf24-creator-update.exe C:\Users\Nina Saurer\AppData\Local\temp\peer.dll C:\Users\Nina Saurer\AppData\Local\temp\pprepair.dll C:\Users\Nina Saurer\AppData\Local\temp\PPTV_Update.exe C:\Users\Nina Saurer\AppData\Local\temp\SkypeSetup.exe C:\Users\Nina Saurer\AppData\Local\temp\softonic_ggl_1.6.7.4.exe C:\Users\Nina Saurer\AppData\Local\temp\tipsbubble.dll C:\Users\Nina Saurer\AppData\Local\temp\tipsclient.dll C:\Users\Nina Saurer\AppData\Local\temp\tipsdone.dll C:\Users\Nina Saurer\AppData\Local\temp\tipsstatistic.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-20 19:34 ==================== End Of Log ============================ & der Additional Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013 Ran by Nina Saurer at 2013-10-20 19:49:56 Running from F:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Adobe Flash Player ActiveX (Version: 9.0.124.0) Adobe Reader 9.2 - Deutsch (Version: 9.2.0) AMD USB Audio Driver Filter (Version: 1.0.7.0031) Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ASUS CopyProtect (Version: 1.0.0009) ASUS Data Security Manager (Version: 1.00.0011) ASUS FancyStart (Version: 1.0.2) ASUS LifeFrame3 (Version: 3.0.20) ASUS Live Update (Version: 2.5.6) ASUS MultiFrame (Version: 1.0.0018) ASUS Power4Gear Hybrid (Version: 1.1.10) ASUS SmartLogon (Version: 1.0.0006) ASUS Splendid Video Enhancement Technology (Version: 1.02.0023) ASUS Virtual Camera (Version: 1.0.13) Asus_Camera_ScreenSaver (Version: 2.0.0008) Atheros Client Installation Program (Version: 7.0) ATI Catalyst Install Manager (Version: 3.0.715.0) ATK Generic Function Service (Version: 1.00.0008) ATK Hotkey (Version: 1.0.0049) ATK Media (Version: 2.0.0001) ATKOSD2 (Version: 7.0.0002) AutoUpdate (Version: 1.1) Avira Free Antivirus (Version: 12.1.9.2500) Bonjour (Version: 3.0.0.10) Brother HL-2030 (Version: 1.00) Catalyst Control Center - Branding (Version: 1.00.0000) Danke für die Hilfe! |
21.10.2013, 06:41 | #2 |
/// the machine /// TB-Ausbilder | TR/Tropper.Gen Hi,
__________________wer meldet was wo?
__________________ |
21.10.2013, 08:40 | #3 |
| TR/Tropper.Gen Sry für meine unkonkrete Beschreibung.
__________________Also ich habe einen neuen Internet UsB Stick. Wenn ich diesen in meinen Laptop stecke, sollte er normalerweise sich selbst installieren. (tut er anscheinend auch) Nur das Verbindungsfenster fährt dann nicht hoch. Wenn ich in den Dateiordner des Usb's klicke, meldet mir Avira sofort, dass hier der TR/Tropper.Gen drin ist. Stick funktioniert auf anderem PC problemlos. |
21.10.2013, 15:57 | #4 |
/// the machine /// TB-Ausbilder | TR/Tropper.Gen Lass die von Avira angemeckerte Datei bitte mal bei www.virustotal.com testen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.10.2013, 23:44 | #5 |
| TR/Tropper.Gen Also, es gibt zwei verdächtige Dateien in meinem Ordner des USB Internetsticks. Einmal das Autorun.exe und einmal das Setup.exe, wobei Avira bei Klick auf Autorun.exe auch die Virusmeldung für Setup.exe meldet?! Ich habe nun bei Virustotal versucht, die Datei zu überprüfen. Die Setup.exe Datei lässt er mich nicht hochladen (Meldung: Ich bin nicht der Administrator bzw. besitze keine Berechtigung auf die Datei zuzugreifen.) - Dasselbe wird gemeldet, wenn ich versuche die Setup.exe auf einen USB Stick zu ziehen. Alle anderen Dateien des USB Internet Sticks lassen sich problemlos übertragen. Das Komische bei der Sache ist nur, dass der USB Internetstick bei einem anderen PC sofort funktioniert! Keine Virusmeldung und problemloser Verbindungsaufbau zum Internet! |
24.10.2013, 11:14 | #6 |
/// the machine /// TB-Ausbilder | TR/Tropper.Gen Ich denke ja auch an einen Fehlalarm von Antivir.
__________________ --> TR/Tropper.Gen |
25.10.2013, 08:01 | #7 |
| TR/Tropper.Gen Okay, nur was soll ich jetzt machen bzw. wie finde ich das heraus? (Virustotal scheint ja nicht zu funktionieren) Danke und Gruß |
25.10.2013, 11:07 | #8 |
/// the machine /// TB-Ausbilder | TR/Tropper.Gen Scanne den Stick einfach mit deinem AV Programm. Das ist definitiv nen Fehlalarm da er an anderen Rechnern tadellos funktioniert.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.10.2013, 15:51 | #9 |
| TR/Tropper.Gen Konnte nun den Stick installieren (Avira hab ich vorübergehend einfach ausgeschalten). Er funktioniert, - TR/Tropper.Gen ist in Quarantäne. Avira meckert zwar, wenn ich den Ordner aufmache aber ja. Muss ich mir irgendwelche Sorge um mein System machen oder passt das jetzt so? Danke |
27.10.2013, 19:05 | #10 |
/// the machine /// TB-Ausbilder | TR/Tropper.Gen Das passt. Avira wegwerfen und was anständig installieren.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu TR/Tropper.Gen |
adobe, antivir, antivirus, avira, bonjour, branding, browser, computer, defender, desktop, farbar, farbar recovery scan tool, flash player, home, homepage, installation, minidump, mozilla, object, plug-in, problem, registry, rundll, security, services.exe, software, svchost.exe, system, temp, tr/tropper.gen, windows |