| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Dropper.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.11.2008, 17:23
| #1 |
| |  TR/Dropper.Gen HI, ich habe mir gestern den Trojaner "TR/Dropper.Gen" eingefangen, leider kenne ich mich mit Trojanern und deren bekämpfung nicht gut aus darum suche ich hier Hilfe. Ich hab schon ein paar Threads gelsen und bereits HijackThis und SilentRunners einen Log erstellen lassen. Und im Ordner C:/WINDOWS/systems32/drivers kann ich die "ip6fw.sys" Datei finden jedoch nicht die "runtime2.sys" Datei. HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:50:28, on 09.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Winamp\winampa.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\Programme\Styler\Styler.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Teamspeak2_RC2\TeamSpeak.exe C:\Programme\Winamp\winamp.exe C:\Programme\Steam\Steam.exe C:\Programme\Mozilla Firefox\firefox.exe c:\programme\avira\antivir personaledition classic\avcenter.exe C:\Dokumente und Einstellungen\Headhunter\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://bar.baidu.com/sobar/defaultsearch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://bar.baidu.com/sobar/defaultsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll (file missing) O2 - BHO: (no name) - {C51F072C-24AE-4C1B-BF27-3BA9BCE758FC} - C:\WINDOWS\system32\msacm32d.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing) O3 - Toolbar: °Ù¶È¹¤¾ßÀ¸ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll (file missing) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Styler.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11054 bytes |
|
10.11.2008, 17:24
| #2 |
| |  TR/Dropper.Gen Hier SilentRunners Log:
__________________"Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [file not found] "Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "ICQ" = ""C:\Programme\ICQ6\ICQ.exe" silent" [file not found] "AdobeUpdater" = "C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"" [null data] "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"] "HP Component Manager" = ""C:\Programme\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "HP Software Update" = "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "Omnipage" = "C:\Programme\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"] "avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "TrayServer" = "C:\Programme\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [file not found] "Adobe Reader Speed Launcher" = ""C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data] "ICQ Lite" = ""C:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."] "ZoneAlarm Client" = ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Check Point Software Technologies LTD"] "UnlockerAssistant" = ""C:\Programme\Unlocker\UnlockerAssistant.exe"" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0347C33E-8762-4905-BF09-768834316C61}\(Default) = "HP Print Enhancer" -> {HKLM...CLSID} = "HP Print Enhancer" \InProcServer32\(Default) = "C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll" ["Hewlett-Packard Co."] {053F9267-DC04-4294-A72C-58F732D338C0}\(Default) = (no title provided) -> {HKLM...CLSID} = "HP Print Clips" \InProcServer32\(Default) = "C:\Programme\HP\Smart Web Printing\hpswp_framework.dll" ["Hewlett-Packard Co."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] {77FEF28E-EB96-44FF-B511-3185DEA48697}\(Default) = (no title provided) -> {HKLM...CLSID} = "BandIE Class" \InProcServer32\(Default) = "C:\PROGRA~1\baidu\bar\baidubar.dll" [file not found] {C51F072C-24AE-4C1B-BF27-3BA9BCE758FC}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\msacm32d.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Dokumente und Einstellungen\Headhunter\Desktop\WinRar\rarext.dll" [file not found] "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan" -> {HKLM...CLSID} = "ZLAVShExt Class" \InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Check Point Software Technologies LTD"] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Programme\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Programme\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <<!>> WB\DLLName = "C:\Programme\Stardock\Object Desktop\ThemeManager\fastload.dll" ["Stardock"] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Dokumente und Einstellungen\***\Desktop\WinRar\rarext.dll" [file not found] ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {HKLM...CLSID} = "ZLAVShExt Class" \InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Check Point Software Technologies LTD"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Dokumente und Einstellungen\***\Desktop\WinRar\rarext.dll" [file not found] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Dokumente und Einstellungen\***\Desktop\WinRar\rarext.dll" [file not found] ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {HKLM...CLSID} = "ZLAVShExt Class" \InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Check Point Software Technologies LTD"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ BridgeCS3ImportMediaOnArrival\ "Provider" = "Adobe Bridge CS3" "InvokeProgID" = "Adobe.adobebridge" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Programme\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."] HPAutoplayPSE\ "Provider" = "HP Photosmart Essential 2.01" "InvokeProgID" = "HpqPSApl.Autoplay" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Programme\HP\Digital Imaging\bin\HpqPsApl.exe" ["Hewlett-Packard"] MSWMEncVCArrival\ "Provider" = "Windows Media Encoder 9-Reihe" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Programme\Windows Media-Komponenten\Encoder\WMEnc.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] MxVideoDeLuxeVideoCameraArrival\ "Provider" = "MAGIX Video deluxe 2008 Trial" "ProgID" = "Magix.videodeLuxe" HKLM\SOFTWARE\Classes\Magix.videodeLuxe\CLSID\(Default) = "{1810360D-0FC7-474B-ABC1-84E96BF51D2F}" -> {HKLM...CLSID} = "videodeLuxe AutoplayClass" \LocalServer32\(Default) = "C:\Programme\MAGIX\Video_deluxe_2008_e-version\Videodeluxe.exe" [file not found] UVSFolder\ "Provider" = "Ulead VideoStudio 7" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Programme\Ulead Systems\Ulead VideoStudio 7 SE Basic\Vstudio.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Programme\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Programme\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Programme\Winamp\winamp.exe"" ["Nullsoft"] Startup items in "Headhunter" & "All Users" startup folders: ------------------------------------------------------------ C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart "Stardock ObjectDock" -> shortcut to: "C:\Programme\Stardock\ObjectDock\ObjectDock.exe" ["Stardock"] "Styler" -> shortcut to: "C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe" [null data] C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart "HP Digital Imaging Monitor" -> shortcut to: "C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "Logitech Desktop Messenger" -> shortcut to: "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup" ["Logitech Inc."] "Logitech SetPoint" -> shortcut to: "C:\Programme\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "WebReg Deskjet D1400 series" -> launches: "C:\Programme\HP\Digital Imaging\bin\hpqwrg.exe "Deskjet D1400 series"" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" [file not found] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" [file not found] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" [file not found] "{B580CF65-E151-49C3-B73F-70B13FCA8E86}" = (no title provided) -> {HKLM...CLSID} = "°Ù¶È¹¤¾ßÀ¸" \InProcServer32\(Default) = "C:\PROGRA~1\baidu\bar\baidubar.dll" [file not found] "{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}" = (no title provided) -> {HKLM...CLSID} = "StylerToolBar" \InProcServer32\(Default) = "C:\Programme\Styler\TB\StylerTB.dll" ["StyleFantasist"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."] {58ECB495-38F0-49CB-A538-10282ABF65E7}\ "ButtonText" = "HP Sammelmappe" "CLSIDExtension" = "{E763472E-A716-4CD9-89BD-DBDA6122F741}" -> {HKLM...CLSID} = "ClipBookBtn Class" \InProcServer32\(Default) = "C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."] {700259D7-1666-479A-93B1-3250410481E8}\ "ButtonText" = "HP Intelligente Auswahl" "CLSIDExtension" = "{A93C41D8-01F8-4F8B-B14C-DE20B117E636}" -> {HKLM...CLSID} = "EnhSelectionBtn Class" \InProcServer32\(Default) = "C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ "ButtonText" = "Skype" "CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ "ButtonText" = "PartyPoker.com" "MenuText" = "PartyPoker.com" "Exec" = "C:\Programme\PartyGaming\PartyPoker\RunApp.exe" [file not found] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {E59EB121-F339-4851-A3BA-FE49C35617C2}\ "ButtonText" = "ICQ6" "MenuText" = "ICQ6" "Exec" = "C:\Programme\ICQ6\ICQ.exe" [file not found] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [file not found] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."] AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] HP CUE DeviceDiscovery Service, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]} hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]} PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data] Remote Access, download02, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\SvK427_360.dll" [null data]} TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Check Point Software Technologies LTD"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ hpzsnt10\Driver = "hpzsnt10.dll" ["HP"] LIDIL hpzll5ha\Driver = "hpzll5ha.dll" ["Hewlett-Packard Company"] ---------- (launch time: 2008-11-10 00:21:58) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 67 seconds, including 7 seconds for message boxes) Ich starte jetzt meinen PC neu und werde MWAV (eScan) - Free Antivirus drüber laufen lassen aber ich poste es hier schon mal vll. antwortet ja schon einer. |
|
10.11.2008, 18:00
| #3 |
| | TR/Dropper.Gen Hier der MWAV Scan nicht komplett sondern nur das Zeug das er gefunden hat, sonst müsste ich mehr Posts machen um alles zu posten.
__________________10 Nov 2008 00:58:22 - ***** Registrierungsdatenbank und Dateisystem werden auf Schnüffelprogramme (Spyware) und werbefinanzierte Software (Adware) geprüft ***** 10 Nov 2008 00:58:27 - Signaturen der Spionageprogramme werden aus einer neuen auswärtigen Datenbank geladen [Name: C:\DOKUME~1\HEADHU~1\LOKALE~1\Temp\spydb.avs, Größe: 866983]… 10 Nov 2008 00:58:46 - Indexed Spyware Databases Successfully Created... 10 Nov 2008 00:58:46 - System found infected with baidubar Toolbar (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{77fef28e-eb96-44ff-b511-3185dea48697})! Action taken: Keine Maßnahme ergriffen. 10 Nov 2008 00:58:46 - System found infected with baidubar Toolbar (HKEY_CLASSES_ROOT\clsid\{7c76c055-ed6e-4535-a70f-cd476e727f67})! Action taken: Keine Maßnahme ergriffen. 10 Nov 2008 00:58:46 - System found infected with baidubar Toolbar (HKEY_CLASSES_ROOT\clsid\{a7f05ee4-0426-454f-8013-c41e3596e9e9})! Action taken: Keine Maßnahme ergriffen. 10 Nov 2008 00:58:46 - System found infected with baidu toolbar Spyware/Adware (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar/{b580cf65-e151-49c3-b73f-70b13fca8e86})! Action taken: Keine Maßnahme ergriffen. 10 Nov 2008 00:58:46 - System found infected with baidubar Toolbar (HKEY_CLASSES_ROOT\clsid\{fe14f22e-be14-4f08-a80f-f27bc3a67b2d})! Action taken: Keine Maßnahme ergriffen. 10 Nov 2008 00:58:46 - System found infected with baidu toolbar Spyware/Adware ({b580cf65-e151-49c3-b73f-70b13fca8e86})! Action taken: Keine Maßnahme ergriffen. 10 Nov 2008 00:58:46 - System found infected with combo Spyware/Adware ({07aa283a-43d7-4cbe-a064-32a21112d94d})! Action taken: Keine Maßnahme ergriffen. 10 Nov 2008 00:58:46 - System found infected with combo Spyware/Adware ({07aa283a-43d7-4cbe-a064-32a21112d94d})! Action taken: Keine Maßnahme ergriffen. 10 Nov 2008 00:58:46 - System found infected with baidubar Toolbar ({89fdcc4b-8d91-49b0-81a6-18bcff582735})! Action taken: Keine Maßnahme ergriffen. 10 Nov 2008 00:58:46 - System found infected with baidubar Toolbar (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{77fef28e-eb96-44ff-b511-3185dea48697})! Action taken: Keine Maßnahme ergriffen. Hoffe auf gute Hilfe Gruß Fanat!c |
|
10.11.2008, 18:26
| #4 |
 | TR/Dropper.Gen Hi, neues Beispiel dass Tollbars fürn ..... sind  :bitte tue folgendes: Lade die MAM runter und mache einen scan damit und poste hinterher das Log hier rein(siehe Anleitung: http://www.trojaner-board.de/51187-a...i-malware.html) Das gleiche mit Anti-Spyware: http://www.trojaner-board.de/51871-a...tispyware.html Bitte nur bis incl. Schritt 3! Und danach n neues HJT Log. MfG dborys |
|
10.11.2008, 18:36
| #5 |
| | TR/Dropper.Gen Wird gemacht! Poste es ca. 9 Uhr, weil ich jetzt in Fahrschule muss ^^ und schon mal dickes Danke für die schnelle Hilfe |
|
11.11.2008, 12:53
| #6 |
| | TR/Dropper.Gen [edit] bitte eröffne, wie jeder andere hier auch, für dein problem einen eigenen beitrag nur so wird sichergestellt, das jedem user übersichtlich und individuell geholfen werden kann danke GUA  [/edit] |
|
11.11.2008, 17:13
| #7 |
| | TR/Dropper.Gen Bei mir dauerts bisschen mit dem Log, weil ich es wegen des Zeitaufwandes und der Arbeit nicht schaffe aber ich denke morgen Abend hab ich es gemacht. |
|
| Themen zu TR/Dropper.Gen |
| add-on, adobe, antivir, askbar, avira, bho, bonjour, computer, desktop, einstellungen, explorer, firefox, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, internet, internet explorer, ip6fw.sys, locker, log, magix, mozilla, ordner, pdf, programme, skype.exe, software, suche, teamspeak, toolbars, tr/dropper.gen, trojaner, urlsearchhook, windows xp |
Linear-Darstellung
