|
Log-Analyse und Auswertung: TR.Dropper.Gen entdecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.04.2009, 00:12 | #1 |
| TR.Dropper.Gen entdeckt hallo wies aussieht bin ich nicht der einzige mit diesem ungeziefer. habe schon einige threats durchgelesen, allerdings sind die probleme ja immer individuell zu behandeln also hier mein HijackThis log-file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:27:07, on 18.04.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Users\***\AppData\Local\oieuwme.exe C:\Program Files (x86)\Hama\Common\RaUI.exe C:\Program Files (x86)\ASUS\AASP\1.00.23\aaCenter.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\ICQ6\ICQ.exe C:\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files (x86)\Mozilla Firefox 3 Beta 5\firefox.exe C:\Users\***\Desktop\AntiVirusStuff\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2096149 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\tbEaze.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\tbEaze.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\SysWow64\fccaWNgE.dll (file missing) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\tbEaze.dll O4 - HKLM\..\Run: [avgnt] "C:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AsusServiceProvider] "C:\Program Files (x86)\ASUS\AASP\1.00.23\aaCenter.exe" O4 - HKLM\..\Run: [AsusStartupHelp] "C:\Program Files (x86)\ASUS\AASP\1.00.23\AsRunHelp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccaWNgE.dll,#1 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [RGSC] D:\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [oieuwme] "c:\users\dave\appdata\local\oieuwme.exe" oieuwme O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files (x86)\Hama\Common\RaUI.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230470411920&h=9d8f406c1462183dfd48f6b074a38472/&filename=jinstall-6u11-windows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{73C625A4-36CE-4023-BF6D-00C8D2C383F7}: NameServer = 217.237.150.51,217.237.148.22 O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8735 bytes |
19.04.2009, 00:12 | #2 |
Administrator > Competence Manager | TR.Dropper.Gen entdecktHallo davethegrave und Bitte zuerst die Anleitung für neue User abarbeiten -> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Erst dann wird sich jemand deinem Problem annehmen!
__________________ |
19.04.2009, 00:13 | #3 |
| TR.Dropper.Gen entdeckt alware scanning"
__________________\InProcServer32\(Default) = "C:\Avira\AntiVir PersonalEdition Classic\shlext64.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" [null data] Default executables: -------------------- HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile" <<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoActiveDesktop" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoCDBurning" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} "EnableLUA" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} "EnableVirtualization" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} "EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Users\Datenbunker\Bleed´em\Logo\Bleed´em - neu.jpg" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\Datenbunker\Bleed´em\Logo\Bleed´em - neu.jpg" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSPlayCDAudioOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.AudioCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS] MSPlayDVDMovieOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.DVD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L"" [MS] MSPlaySuperVideoCDMovieOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.VCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS] MSPlayVideoCDMovieOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.VCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS] MSRipCDAudioOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.RipCD" "InvokeVerb" = "Rip" HKLM\SOFTWARE\Classes\WMP.RipCD\shell\Rip\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L" " [MS] MSWMPBurnCDOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.BurnCD" "InvokeVerb" = "Burn" HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" " [MS] MSWMPBurnDataDVDArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.BurnDVD" "InvokeVerb" = "Burn" HKLM\SOFTWARE\Classes\WMP.BurnDVD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /TaskVDWrite /Device:"%L" " [MS] NeroAutoPlay8AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay8CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay8CopyCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe /DialogiscCopy %L" ["Nero AG"] NeroAutoPlay8DataDisc_CD\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L" ["Nero AG"] NeroAutoPlay8DataDisc_DVD\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /MediaVD %L" ["Nero AG"] NeroAutoPlay8LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "LaunchNeroStartSmart_HandleDVDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay8PlayAudioCD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay8PlayDVD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay8RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "RipCD_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay8TranscodeVideo\ "Provider" = "Nero Recode" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay8VideoCapture\ "Provider" = "Nero Vision" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files (x86)\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay8ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] WIA_{C86F70EF-05FC-48C3-B84A-2EDC6DB1990A}\ "Provider" = "Photoshop Elements" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PseProxy.exe;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] Startup items in "dave" & "All Users" startup folders: ------------------------------------------------------ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup "Hama Wireless LAN Utility" -> shortcut to: "C:\Program Files (x86)\Hama\Common\RaUI.exe -s" ["Hama GmbH & Co KG"] Non-disabled Scheduled Tasks: ----------------------------- C:\Windows\System32\Tasks "Google Software Updater" -> launches: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" ["Google"] "{1BFFA4C8-F2DD-4709-9D7F-EABE6367206D}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Datenbunker\Transmission\daemon-4112-lite.exe -d C:\Datenbunker\Transmission" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}" -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS] "OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS] "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS] "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS] "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS] "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}" -> {HKLM...CLSID} = "HotStart User Agent" \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS] "TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}" -> {HKLM...CLSID} = "Transient Multi-Monitor Manager" \InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" -> {HKLM...CLSID} = "Microsoft PlaySoundService Class" \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection "NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}" -> {HKLM...CLSID} = "Nap ITask Handler Implementation" \InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC "RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell "CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}" -> {HKLM...CLSID} = "CrawlStartPages Task Handler" \InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}" -> {HKLM...CLSID} = "GadgetsManager Class" \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip "IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS] "IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}" -> {HKLM...CLSID} = "MsCtfMonitor task handler" \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}" -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wired "GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Wireless "GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows Defender "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- |
19.04.2009, 00:16 | #4 |
| TR.Dropper.Gen entdeckt Adobe Active File Monitor V5, AdobeActiveFileMonitor5.0, "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe" [null data] Anmeldedienst, Netlogon, "C:\Windows\system32\lsass.exe" [MS] Anschlussumleitung für Terminaldienst im Benutzermodus, UmRdpService, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\umrdp.dll" [MS]} Anwendungsverwaltung, AppMgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appmgmts.dll" [MS]} Automatische Konfiguration (verkabelt), dot3svc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\dot3svc.dll" [MS]} Automatische WLAN-Konfiguration, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]} Avira AntiVir Personal – Free Antivirus Guard, AntiVirService, ""C:\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] Avira AntiVir Personal – Free Antivirus Planer, AntiVirScheduler, ""C:\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Blockebenen-Sicherungsmodul, wbengine, ""C:\Windows\system32\wbengine.exe"" [MS] CNG-Schlüsselisolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS] COM+-Systemanwendung, COMSysApp, "C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [MS] Computerbrowser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]} DFS-Replikation, DFSR, "C:\Windows\system32\DFSR.exe" [MS] Diagnosediensthost, WdiServiceHost, "C:\Windows\System32\svchost.exe -k wdisvc" {"C:\Windows\system32\wdi.dll" [MS]} Distributed Transaction Coordinator, MSDTC, "C:\Windows\System32\msdtc.exe" [MS] Erkennung interaktiver Dienste, UI0Detect, "C:\Windows\system32\UI0Detect.exe" [MS] Extensible Authentication-Protokoll, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]} Fax, Fax, "C:\Windows\system32\fxssvc.exe" [MS] Gatewaydienst auf Anwendungsebene, ALG, "C:\Windows\System32\alg.exe" [MS] Gemeinsame Nutzung der Internetverbindung, SharedAccess, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\ipnathlp.dll" [MS]} Google Software Updater, gusvc, ""C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"] InstallDriver Table Manager, IDriverT, ""C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"" ["Macrovision Corporation"] Integritätsschlüssel- und Zertifikatverwaltung, hkmsvc, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\kmsvc.dll" [MS]} Jugendschutz, WPCSvc, "C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wpcsvc.dll" [MS]} Leistungsindikator-DLL-Host, PerfHost, "C:\Windows\SysWow64\perfhost.exe" [MS] Leistungsprotokolle und -warnungen, pla, "C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\pla.dll" [MS]} Microsoft .NET Framework NGEN v2.0.50727_X64, clr_optimization_v2.0.50727_64, "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe" [MS] Microsoft .NET Framework NGEN v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS] Microsoft iSCSI-Initiator-Dienst, MSiSCSI, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\iscsiexe.dll" [MS]} NAP-Agent (Network Access Protection), napagent, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\system32\qagentRT.dll" [MS]} Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"] NMIndexingService, NMIndexingService, ""C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" ["NVIDIA Corporation"] Peer Name Resolution-Protokoll, PNRPsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\system32\p2psvc.dll" [MS]} Peernetzwerk-Gruppenzuordnung, p2psvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\system32\p2psvc.dll" [MS]} Peernetzwerkidentitäts-Manager, p2pimsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\system32\p2psvc.dll" [MS]} PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\Windows\SysWOW64\IoctlSvc.exe" ["Prolific Technology Inc."] PnP-X-IP-Busauflistung, IPBusEnum, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\ipbusenum.dll" [MS]} PNRP-Computernamenveröffentlichungs-Dienst, PNRPAutoReg, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\system32\p2psvc.dll" [MS]} Remoteregistrierung, RemoteRegistry, "C:\Windows\system32\svchost.exe -k regsvc" {"C:\Windows\system32\regsvc.dll" [MS]} Richtlinie zum Entfernen der Scmartcard, SCPolicySvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\certprop.dll" [MS]} RPC-Locator, RpcLocator, "C:\Windows\system32\locator.exe" [MS] SL-Benutzerschnittstellen-Benachrichtigungsdienst, SLUINotify, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\SLUINotify.dll" [MS]} Smartcard, SCardSvr, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\System32\SCardSvr.dll" [MS]} SNMP-Trap, SNMPTRAP, "C:\Windows\System32\snmptrap.exe" [MS] SSTP-Dienst, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]} Startprogramm für Windows Media Center, ehstart, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\ehome\ehstart.dll" [MS]} Steam Client Service, Steam Client Service, "C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService" ["Valve Corporation"] Terminaldienstekonfiguration, SessionEnv, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\sessenv.dll" [MS]} TPM-Basisdienste, TBS, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\tbssvc.dll" [MS]} Unterstützung in der Systemsteuerung unter Lösungen für Probleme, wercplsupport, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\wercplsupport.dll" [MS]} Verbessertes Windows-Audio/Video-Streaming, QWAVE, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\qwave.dll" [MS]} Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm, lltdsvc, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\lltdsvc.dll" [MS]} Verwaltung für automatische RAS-Verbindung, RasAuto, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\rasauto.dll" [MS]} Virtueller Datenträger, vds, "C:\Windows\System32\vds.exe" [MS] Windows CardSpace, idsvc, ""C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"" [MS] Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]} Windows Installer, msiserver, "C:\Windows\system32\msiexec /V" [MS] Windows Media Center-Empfängerdienst, ehRecvr, "C:\Windows\ehome\ehRecvr.exe" [MS] Windows Media Center-Planerdienst, ehSched, "C:\Windows\ehome\ehsched.exe" [MS] Windows Media Player-Netzwerkfreigabedienst, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS] Windows Presentation Foundation-Schriftartcache 3.0.0.0, FontCache3.0.0.0, "C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe" [MS] Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]} Windows-Ereignissammlung, Wecsvc, "C:\Windows\system32\svchost.exe -k NetworkService" {"C:\Windows\system32\wecsvc.dll" [MS]} Windows-Farbsystem, WcsPlugInService, "C:\Windows\system32\svchost.exe -k wcssvc" {"C:\Windows\System32\WcsPlugInService.dll" [MS]} Windows-Remoteverwaltung (WS-Verwaltung), WinRM, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\system32\WsmSvc.dll" [MS]} Windows-Sicherung, SDRSVC, "C:\Windows\system32\svchost.exe -k SDRSVC" {"C:\Windows\System32\SDRSVC.dll" [MS]} Windows-Sofortverbindung - Konfigurationsregistrierungsstelle, wcncsvc, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\wcncsvc.dll" [MS]} WMI-Leistungsadapter, wmiApSrv, "C:\Windows\system32\wbem\WmiApSrv.exe" [MS] Zertifikatverteilung, CertPropSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\certprop.dll" [MS]} Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]} ---------- (launch time: 2009-04-19 00:58:58) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 56 seconds, including 24 seconds for message boxes) ------------------------------------------------------------------- das ist leider alles, was ich jetzt anzubieten habe, da ich diese fint.bat die man für den eScan benötigt weder finde, noch runterladen kann. aber danke im voraus gruß dave |
19.04.2009, 00:30 | #5 |
Administrator > Competence Manager | TR.Dropper.Gen entdeckt ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
19.04.2009, 10:56 | #6 |
| TR.Dropper.Gen entdeckt ja vielen dank schonmal soweit. 2 fragen noch: soll ich das prog. im abgesicherten modus ausführen? ich bekomme angezeigt, dass mein antivir personal edition noch läuft, ich kann allerdings keinen prozess finden und es somit auch nicht beenden. gruß |
19.04.2009, 10:57 | #7 |
Administrator > Competence Manager | TR.Dropper.Gen entdeckt Es reicht wenn du denn GUARD von Antivir in der Zeit des Scans deaktivierst..
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
19.04.2009, 11:00 | #8 |
| TR.Dropper.Gen entdeckt ok, im abgesicherten modus oder normal? |
19.04.2009, 11:03 | #9 |
Administrator > Competence Manager | TR.Dropper.Gen entdeckt Normal....
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
19.04.2009, 11:06 | #10 |
| TR.Dropper.Gen entdeckt hm... combfix läuft scheinbar nicht auf vista... leider habe ich dieses |
19.04.2009, 11:13 | #11 |
Administrator > Competence Manager | TR.Dropper.Gen entdeckt Das hab ich wohl irgendwie überlesen das du eine 64bit hast, versuche es daher damit: Cureit Dr.Web
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
19.04.2009, 11:46 | #12 |
| TR.Dropper.Gen entdeckt ***Batch entfernt*** |
19.04.2009, 11:47 | #13 |
Administrator > Competence Manager | TR.Dropper.Gen entdeckt Warum hast du die Batch hier reinkopiert?!
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
19.04.2009, 11:56 | #15 |
Administrator > Competence Manager | TR.Dropper.Gen entdeckt Wer hat was von MWAV geschrieben?! Du sollst das hier ausführen: Cureit Dr.Web
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
Themen zu TR.Dropper.Gen entdeckt |
adobe, antivir, asus, avg, avira, bho, browser, desktop, explorer, firefox, google, gservice, hijack, hijackthis, internet, internet explorer, lan, log-file, monitor, mozilla, nvidia, photoshop, plug-in, rundll, software, syswow64, vista, windows, windows sidebar, wireless lan |