|
Plagegeister aller Art und deren Bekämpfung: (wahrscheinlich) problem mit dlr.agentWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.02.2009, 20:49 | #1 |
| (wahrscheinlich) problem mit dlr.agent hey! ich habe folgendes problem: ich habe mir (anscheinend schon vor einiger zeit) einen untermieter auf meinem rechner eingefangen. ich hab ihn erst bemerkt als ich probleme bekam externe laufwerke zu öffnen (sowohl externe festplatten als auch usb-sticks). dies ist per doppelklick nicht möglich, da kommt dann ein kleines fenster und folgende fehlermeldung: Code:
ATTFilter h:\ zugriff verweigert nach virenscan und suche im internet habe ich herausgefunden, dass es sich wahrscheinlich um die malware dlr.agent handelt. daraufhin habe ich formatiert und mein system neu eingerichtet. ohne wirkung, da der trojaner anscheinend auf der externen festplatte sitzt. nach dem ersten neustart sah also alles genauso aus wie vorher... also hab ich mich erstmal damit abgefunden... aber jetzt hab ich mir eine neue externe festplatte gekauft und fände es dumm wenn ich den virus jetzt auch noch darauf setze. ich hab sie also bisher noch nicht angeschlossen! außerdem hatte ich eine weile ganz seltsame probleme mit firefox, welche sich erst nach mehrmaligem neuinstallieren gegeben haben - das muss aber natürlich nichts mit der sache an sich zu tun haben... deswegen wollte ich fragen, ob es vielleicht doch eine möglichkeit gäbe, etwas gegen mein problem zu tun... also zu meinen daten: malwarebytes-log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.34 Datenbank Version: 1795 Windows 5.1.2600 Service Pack 3 23.02.2009 15:15:49 mbam-log-2009-02-23 (15-15-49).txt Scan-Methode: Vollständiger Scan (C:\|H:\|) Durchsuchte Objekte: 155716 Laufzeit: 37 minute(s), 55 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: H:\Applications\ALPlugin-1.0.2.4-setup.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:39:04, on 23.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\acs.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\vsnp2std.exe C:\Programme\Wireless Console 2\wcourier.exe C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Atheros\ACU.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Unlocker\UnlockerAssistant.exe C:\Programme\Winamp\winampa.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\Programme\RocketDock\RocketDock.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\HideWindowPlus\HWinPlus.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Winamp\winamp.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Dokumente und Einstellungen\sunakujiro\Desktop\HiJackThis.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\SKINS\Leopard Wallpaper\LEOPARD\FindeXer Nightly V1.1.0.3.zip\FindeXer.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ACU] C:\Programme\Atheros\ACU.exe -nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HideWindowPlus] C:\Programme\HideWindowPlus\HWinPlus.exe -background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CCC.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{421A2923-F4F3-4670-881E-B86C988F33DF}: NameServer = 192.168.20.201 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Atheros-Konfigurationsdienst (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: QoS-RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing) O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7445 bytes Code:
ATTFilter 7-Zip 4.60 beta AC3Filter (remove only) Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX AmoK Playlist Copy 2.03 Apple Mobile Device Support Apple Software Update Atheros Client Installation Program ATI - Dienstprogramm zur Deinstallation der Software ATI Catalyst Control Center ATI Display Driver ATI Parental Control & Encoder ATK0100 ACPI UTILITY Bonjour Brain Trainer Brain Trainer 2 Canon MP140 series ccc-Branding CCleaner (remove only) CDisplay 1.8 CyberLink PowerDVD 8 DAEMON Tools Toolbar DFX for Winamp Free Easy Burner V 3.8 Free YouTube to Mp3 Converter version 3.1 GNU Aspell 0.50-3 GTK+ Runtime 2.12.12 rev a (nur entfernen) HijackThis 2.0.2 iColorFolder IrfanView (remove only) iTunes Java(TM) 6 Update 10 K-Lite Mega Codec Pack 4.1.4 LingoDict 2.1.1 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.6) MSXML 6.0 Parser (KB925673) Nero 8 Ultra Edition HD neroxml PDFCreator Pidgin Pro Evolution Soccer 2009 REALTEK GbE & FE Ethernet PCI NIC Driver Realtek High Definition Audio Driver RocketDock 1.3.5 TuneUp Utilities 2008 Uninstall 1.0.0.1 Unlocker 1.8.7 USB2.0 1.3M WebCam VideoLAN VLC media player 0.8.6i Winamp Windows Communication Foundation Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation Windows Workflow Foundation WinRAR Wireless Console 2 Your Uninstaller! 2008 Version 6.2 mfg, suna |
25.02.2009, 08:49 | #2 |
| (wahrscheinlich) problem mit dlr.agent hey!
__________________ich lasse grade nochmal antivir durchlaufen. ich werd dann nochmal den kompletten bericht posten, bisher kann ich nur sagen, dass mein problem nicht dlr.agent sondern (zumindest bei antivir) TR/Dldr.Agent.fdt heißt. Vielleicht kann mir ja jetzt jemand helfen... |
25.02.2009, 12:03 | #3 |
| (wahrscheinlich) problem mit dlr.agent ok, ich hab anscheinend noch viel mehr...wäre wirklich toll wenn mir jemand helfen könnte!
__________________hier der komplette report: Code:
ATTFilter Avira AntiVir Premium Report file date: Mittwoch, 25. Februar 2009 08:46 Scanning for 1264982 virus strains and unwanted programs. Licensed to: *** Serial number: *** Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: *** Computer name: *** Version information: BUILD.DAT : 8.2.0.374 20012 Bytes 21.11.2008 10:11:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18.11.2008 08:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26.05.2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26.05.2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 07:43:47 ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 20.02.2009 07:43:51 ANTIVIR3.VDF : 7.1.2.76 100352 Bytes 25.02.2009 07:43:53 Engineversion : 8.2.0.88 AEVDF.DLL : 8.1.1.0 106868 Bytes 25.02.2009 07:44:19 AESCRIPT.DLL : 8.1.1.52 348538 Bytes 25.02.2009 07:44:18 AESCN.DLL : 8.1.1.7 127347 Bytes 25.02.2009 07:44:15 AERDL.DLL : 8.1.1.3 438645 Bytes 04.11.2008 13:58:38 AEPACK.DLL : 8.1.3.8 397684 Bytes 25.02.2009 07:44:14 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 25.02.2009 07:44:10 AEHEUR.DLL : 8.1.0.97 1610103 Bytes 25.02.2009 07:44:09 AEHELP.DLL : 8.1.2.0 119159 Bytes 25.02.2009 07:43:59 AEGEN.DLL : 8.1.1.21 336244 Bytes 25.02.2009 07:43:58 AEEMU.DLL : 8.1.0.9 393588 Bytes 14.10.2008 10:05:56 AECORE.DLL : 8.1.6.6 176501 Bytes 25.02.2009 07:43:55 AEBB.DLL : 8.1.0.3 53618 Bytes 14.10.2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 31.07.2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2564353 Bytes 12.06.2008 13:29:30 RCTEXT.DLL : 8.0.51.0 86273 Bytes 27.06.2008 11:00:56 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\programme\avira\antivir personaledition premium\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, H:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Mittwoch, 25. Februar 2009 08:46 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'pidgin.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avmailc.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned Scan process 'avesvc.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'winamp.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'CCC.exe' - '1' Module(s) have been scanned Scan process 'CCC.exe' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'HWinPlus.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'RocketDock.exe' - '1' Module(s) have been scanned Scan process 'MOM.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'ACU.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'PDVD8Serv.exe' - '1' Module(s) have been scanned Scan process 'wcourier.exe' - '1' Module(s) have been scanned Scan process 'vsnp2std.exe' - '1' Module(s) have been scanned Scan process 'HControl.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'acs.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 59 processes with 59 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! [WARNING] System error [21]: Das Gerät ist nicht bereit. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'H:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '65' files ). Starting the file scan: Begin scan in 'C:\' C:\ARKDD.tmp [DETECTION] Is the TR/Dldr.Agent.fdt Trojan [NOTE] The file was moved to '49eff7b4.qua'! C:\ARKDE.tmp [0] Archive type: RSRC --> Object [DETECTION] Is the TR/Dldr.Agent.fdt Trojan [NOTE] The file was moved to '49eff7b8.qua'! C:\pagefile.sys [WARNING] The file could not be opened! C:\Dokumente und Einstellungen\sunakujiro\Anwendungsdaten\NTuser3.exe [0] Archive type: RSRC --> Object [DETECTION] Is the TR/Agent.ypg Trojan [NOTE] The file was moved to '4a19f7d4.qua'! C:\System Volume Information\_restore{3A3C74B9-7A1E-4740-ABEF-3C0B8A4AF0F4}\RP14\A0005178.exe [0] Archive type: RSRC --> Object [DETECTION] Is the TR/Agent.ypg Trojan [NOTE] The file was moved to '49d4fb81.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'H:\' <Ma-xXx-tor> H:\RECYCLER\S-1-5-21-448539723-2025429265-725345543-1003\Dk3.rar [0] Archive type: RAR --> Crack.exe [DETECTION] Contains recognition pattern of the ADSPY/LinkReplacer.C adware or spyware [NOTE] The file was moved to '49d80170.qua'! H:\System Volume Information\_restore{3A3C74B9-7A1E-4740-ABEF-3C0B8A4AF0F4}\RP12\A0004015.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49d50155.qua'! H:\System Volume Information\_restore{51E0620B-9983-4E4E-A8D0-2F3BDFC2F505}\RP53\A0008637.exe [DETECTION] Contains recognition pattern of the ADSPY/LinkReplacer.C adware or spyware [NOTE] The file was moved to '49d50180.qua'! End of the scan: Mittwoch, 25. Februar 2009 09:29 Used time: 43:34 Minute(s) The scan has been done completely. 10266 Scanning directories 316061 Files were scanned 7 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 7 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 316052 Files not concerned 2859 Archives were scanned 3 Warnings 7 Notes |
27.02.2009, 11:12 | #4 |
| (wahrscheinlich) problem mit dlr.agent wow! diese enorme hilfsbereitschaft ist wirklich beeindruckend! vielen dank! (was mach ich denn falsch??) |
Themen zu (wahrscheinlich) problem mit dlr.agent |
7-zip, bho, bonjour, browser, converter, desktop, entfernen, festplatte, firefox, flash player, frage, handel, hijack, hkus\s-1-5-18, installation, internet explorer, locker, logfile, malware, malwarebytes' anti-malware, mozilla, mp3, nicht möglich, plug-in, problem, registrierungsschlüssel, scan, senden, software, system, system neu, trojan.antileechplugin, trojaner, tuneup.defrag, virus, vlc media player, windows xp |