| |
| |||||||
Log-Analyse und Auswertung: TR/Dropper.Gen gefunden - Wie löschen ?!?!?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.04.2009, 19:50
| #1 |
 |  TR/Dropper.Gen gefunden - Wie löschen ?!?!? Hallo, Antivir hat bei mir den Trojaner TR/Dropper.Gen gefunden und kann diesen nicht löschen. Hier mal mein Hijackthis-Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41:36, on 25.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\gearsec.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\RocketDock\RocketDock.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkASv2K.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TrayServer] D:\MAGIX\Filme_auf_DVD_8\TrayServer.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{58AD885B-011B-45C2-93A2-CC9C2FB66DD3}: NameServer = 192.168.2.1 O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\-=]GAMEZ[=-\Common\Database\bin\fbserver.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe -- End of file - 6690 bytes Welche Schäden kann dieser Trojaner anrichten, denn plötzlich werden meine USB-Sticks nicht mehr am PC erkannt und meine Festplatten werden komischerweise nicht mehr in der Datenträgervewaltung angezeigt, obwohl diese im Explorer alle da sind! Wäre super wenn mir jemand helfen könnte. |
|
25.04.2009, 19:55
| #2 | |
  |  TR/Dropper.Gen gefunden - Wie löschen ?!?!? Hallo & guten Abend,
__________________lade mal bitte diese Datei Zitat:
Diese wird dann ausgewertet.
__________________ |
|
25.04.2009, 20:12
| #3 |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!? Hi, danke für die schnelle Antwort. Habe die prnet.tmp Datei gemäß Deiner Anleitung hochgeladen. Hoffe das man mir helfen kann. Kann der Trojaner meine USB-Sticks blockieren bzw. dazu führen da im Gerätemanager keine Festplatten mehr angzeigt werden? Sehe dort nur noch meine 2 DVD-Laufwerke
__________________ |
|
25.04.2009, 20:29
| #4 | |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!? Fixe mal folgendes weg per "Do a System scan only": Zitat:
Einen Neustart und ein neues HJT-Log hier rein stellen bitte.
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around!  |
|
25.04.2009, 20:43
| #5 |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!? So sieht das ganze jetzt aus: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:49, on 25.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\gearsec.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\StkASv2K.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{58AD885B-011B-45C2-93A2-CC9C2FB66DD3}: NameServer = 192.168.2.1 O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\-=]GAMEZ[=-\Common\Database\bin\fbserver.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe -- End of file - 5426 bytes |
|
25.04.2009, 20:54
| #6 |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!? 1.) Systemdetails mit RSIT prüfen
2.) ZHPDiag von Nicolas Coolman 
__________________ --> TR/Dropper.Gen gefunden - Wie löschen ?!?!? |
|
25.04.2009, 21:10
| #7 |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!?Code:
ATTFilter --\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Programme\Common Files\EZB Systems
---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\advapi32.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\advpack.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000009-00001102-00000004-00531102}.rfx -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000009-00001102-00000004-00531102}.rfx -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\BMXState-{00000001-00000000-00000009-00001102-00000004-00531102}.rfx -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000009-00001102-00000004-00531102}.rfx -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\deploytk.dll -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\DVCState-{00000001-00000000-00000009-00001102-00000004-00531102}.dat -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000009-00001102-00000004-00531102}.dat -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtmsft.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtrans.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\eEmpty.exe -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\extmgr.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\html.iec -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\icardie.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ie4uinit.exe -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakeng.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieaksie.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakui.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieapfltr.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\iedkcs32.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieencode.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieframe.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\iernonce.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\iertutil.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieudinit.exe -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\inetcpl.cpl -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\java.exe -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\javacpl.cpl -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\javaw.exe -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\javaws.exe -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\jsproxy.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\jupdate-1.6.0_13-b03.log -->01.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\kernel32.dll -->21.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\lsasrv.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->06.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeeds.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeedsbs.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtmled.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msrating.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mstime.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msvcp80.dll -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ntdll.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ntkrnlpa.exe -->10.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ntoskrnl.exe -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvapps.xml -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\occache.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\pdh.dll -->06.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc007.dat -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh007.dat -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\pngfilt.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\prnet.tmp -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\rpcss.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sc.exe -->06.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\secur32.dll -->03.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\services.exe -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\settings.sfm -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\settingsbkup.sfm -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\url.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\urlmon.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\webcheck.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wininet.dll -->03.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->25.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\xvid-uninstall.exe -->25.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntdd.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntflt.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntmgr.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avipbb.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\ssmdrv.sys -->13.02.2009
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-0EC716D9.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-30CEC19C.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ADOBEUPDATEMANAGER.EXE-2BB88D51.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AU_.EXE-24E7B479.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCENTER.EXE-1D2DB8A2.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCONFIG.EXE-18FA6095.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCONFIG.EXE-29873B78.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVGNT.EXE-39CD89BF.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVNOTIFY.EXE-31D7686A.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVSCAN.EXE-25724B6E.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-24612965.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BOOTSKIN.EXE-3B93E287.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCLEANER.EXE-065E2F3F.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CLONECDTRAY.EXE-04D55E58.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMMUNICATIONS_HELPER.EXE-25B96193.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CONVERTITP.EXE-03D8EB0B.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COOLTOM.EXE-28B3DDA5.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CTHELPER.EXE-11B416D5.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DAMNNF~1.EXE-1DD13C30.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DIVX PLAYER.EXE-0459E47A.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DMADMIN.EXE-00BCB146.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DMREMOTE.EXE-2F82CB90.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FREECOMMANDER.EXE-35C7D23A.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GETSTART.EXE-31C4B1C7.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GUARDGUI.EXE-147E0160.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-39024128.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HJTINSTALL202.EXE-13B997FC.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INCOSNET.TMP-3AD48430.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IS-IO1KL.TMP-271C155F.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ISAVER.EXE-125DD9AA.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVA.EXE-2167859B.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JDOWNLOADER.EXE-2A11658A.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JDOWNLOADER.EXE-30A3CA9C.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-1E60A522.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUSCHED.EXE-336229D9.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MMC.EXE-0A5AF4A1.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSD.EXE-04C97E20.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIMN.EXE-0B61806C.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NMIndexStoreSvr.exe-1DBCF9FD.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->19.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PMAGIC.EXE-0CB9C104.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PMAGICNT.EXE-33A6483C.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PRNET.TMP-116BA69C.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PRUN.TMP-32F19441.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\READER_SL.EXE-36135169.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RN.TMP-2EE53655.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROMINATOR.EXE-02FABB22.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RSIT.EXE-01A0B2CD.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RSMSINK.EXE-032F2BAB.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1221211C.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-138FA2EF.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-15B3B2A7.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-16A39E53.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-16FBD7AB.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1C6F4D9A.pf -->25.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-21083D17.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-214B0949.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2377D063.pf -->24.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf -->24.04.2009
|
|
25.04.2009, 21:12
| #8 |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!?Code:
ATTFilter Rapport de ZHPDiag v1.19 par Nicolas Coolman Enregistré le 25.04.2009 22:02:40 Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 MSIE: Internet Explorer v7.0.5730.11 MFIE: Mozilla Firefox (3.0.9) ---\\ Processus lancés CTHELPER.EXE C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\gearsec.exe C:\Programme\Java\jre6\bin\jqs.exe c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\StkASv2K.exe C:\WINDOWS\system32\wdfmgr.exe ---\\ Pages de démarrage d'Internet Explorer (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ---\\ Browser Helper Objects de navigateur(O2) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [UDC Integration] O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data="177" O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1" ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe,302 O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe,1001 O9 - Extra 'Tools' menuitem: ICQ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\ICQ\ICQ.exe,1001 O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe,1001 O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe,302 ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14) O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com" ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ---\\ Piratage de domaine (Lop.com) (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{58AD885B-011B-45C2-93A2-CC9C2FB66DD3}: 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{58AD885B-011B-45C2-93A2-CC9C2FB66DD3}: 192.168.2.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{58AD885B-011B-45C2-93A2-CC9C2FB66DD3}: 192.168.2.1 ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: gearsec (gearsec) - C:\WINDOWS\system32\gearsec.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Programme\Java\jre6\bin\jqs.exe -service -config C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf O23 - Service: Process Monitor (LVPrcSrv) - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher (LVSrvLauncher) - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Druckwarteschlange (Spooler) - C:\WINDOWS\system32\spoolsv.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - C:\WINDOWS\System32\StkASv2K.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe ---\\ Enumération des composants Active Desktop (O24) O24 - Desktop Component 0: Die derzeitige Homepage - file:About:Home ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe O40 - ASIC: Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Browseranpassungen - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file) O40 - ASIC: Vektorgrafik-Rendering (VML) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file) O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file) O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll O40 - ASIC: Dynamic HTML-Datenbindung für Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file) O40 - ASIC: Erweitertes Authoring - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file) O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file) O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: DirectAnimation Java Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file) O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file) O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file) O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file) O40 - ASIC: Adressbuch 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install O40 - ASIC: .NET Framework - {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - (not file) O40 - ASIC: Windows Desktop-Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file) O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file) O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file) O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file) O40 - ASIC: Taskplaner - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file) O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file) O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file) ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: ACEDRV07 (ACEDRV07) - C:\WINDOWS\system32\drivers\ACEDRV07.sys O41 - Driver: Microsoft Kernel-Echounterdrückung (aec) - C:\WINDOWS\system32\drivers\aec.sys O41 - Driver: AMD K7-Prozessortreiber (AmdK7) - C:\WINDOWS\system32\DRIVERS\amdk7.sys O41 - Driver: 1394-ARP-Clientprotokoll (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys O41 - Driver: Asynchroner RAS -Medientreiber (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys O41 - Driver: Protokoll für ATM ARP-Client (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys O41 - Driver: Audiostubtreiber (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys O41 - Driver: avgio (avgio) - C:\Programme\Avira\AntiVir Desktop\avgio.sys O41 - Driver: avgntflt (avgntflt) - C:\WINDOWS\system32\DRIVERS\avgntflt.sys O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: Untertiteldecoder (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys O41 - Driver: Creative AC3 Software Decoder (ctac32k) - C:\WINDOWS\system32\drivers\ctac32k.sys O41 - Driver: Creative Audio Driver (WDM) (ctaud2k) - C:\WINDOWS\system32\drivers\ctaud2k.sys O41 - Driver: Creative DVD-Audio Device Driver (ctdvda2k) - C:\WINDOWS\system32\drivers\ctdvda2k.sys O41 - Driver: Creative Proxy Driver (ctprxy2k) - C:\WINDOWS\system32\drivers\ctprxy2k.sys O41 - Driver: Creative SoundFont Management Device Driver (ctsfm2k) - C:\WINDOWS\system32\drivers\ctsfm2k.sys O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys O41 - Driver: (no object) (dmio) - C:\WINDOWS\System32\drivers\dmio.sys O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys O41 - Driver: Microsoft Kernel-DLS-Synthesizer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys O41 - Driver: Microsoft Kernel-DRM-Audioentschlüsselung (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys O41 - Driver: 3Com EtherLink XL 90XB/C-Adaptertreiber (EL90XBC) - C:\WINDOWS\system32\DRIVERS\el90xbc5.sys O41 - Driver: ElbyCDIO Driver (ElbyCDIO) - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys O41 - Driver: E-mu Plug-in Architecture Driver (emupia) - C:\WINDOWS\system32\drivers\emupia2k.sys O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys O41 - Driver: Gameport-Enumerator (gameenum) - C:\WINDOWS\system32\DRIVERS\gameenum.sys O41 - Driver: GEARAspiWDM (GEARAspiWDM) - C:\WINDOWS\system32\drivers\gearaspiwdm.sys O41 - Driver: Standardpaketklassifizierung (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys O41 - Driver: Creative Hardware Abstract Layer Driver (ha10kx2k) - C:\WINDOWS\system32\drivers\ha10kx2k.sys O41 - Driver: Creative P16V HAL Driver (hap16v2k) - C:\WINDOWS\system32\drivers\hap16v2k.sys O41 - Driver: Microsoft HID Class-Treiber (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys O41 - Driver: i8042-Tastatur- und PS/2-Mausanschluss-Treiber (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys O41 - Driver: IPv6-Windows-Firewalltreiber (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys O41 - Driver: Filtertreiber für IP-Verkehr (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys O41 - Driver: IP/IP-Tunneltreiber (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys O41 - Driver: IPSEC-Treiber (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys O41 - Driver: IR-Enumeratordienst (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys O41 - Driver: Microsoft Kernel-Waveaudiomixer (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys O41 - Driver: Logitech AEC Driver (LVcKap) - C:\WINDOWS\system32\DRIVERS\LVcKap.sys O41 - Driver: Logitech Machine Vision Engine Loader (LVMVDrv) - C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys O41 - Driver: Logitech LVPr2Mon Driver (LVPr2Mon) - C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys O41 - Driver: MIINPazX NDIS Protocol Driver (MIINPazX) - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS O41 - Driver: BDA MPE-Filter (MPE) - C:\WINDOWS\system32\DRIVERS\MPE.sys O41 - Driver: Redirector für WebDav-Client (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys O41 - Driver: Microsoft Proxy für Streaming Clock (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys O41 - Driver: Microsoft Proxy für Streaming Quality Manager (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys O41 - Driver: Microsoft-Systemverwaltungs-BIOS-Treiber (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys O41 - Driver: Microsoft Streaming Tee/Sink-to-Sink-Konvertierung (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys O41 - Driver: NABTS/FEC VBI-Codec (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys O41 - Driver: Microsoft TV-/Videoverbindung (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys O41 - Driver: RAS-NDIS-TAPI-Treiber (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys O41 - Driver: NDIS-Benutzermodus-E/A-Protokoll (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys O41 - Driver: RAS-NDIS-WAN-Treiber (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys O41 - Driver: NetBIOS-Schnittstelle (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys O41 - Driver: NetBios über TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys O41 - Driver: 1394-Netzwerktreiber (NIC1394) - C:\WINDOWS\system32\DRIVERS\nic1394.sys O41 - Driver: Nokia USB Phone Parent (nmwcd) - C:\WINDOWS\system32\drivers\ccdcmb.sys O41 - Driver: Nokia USB Generic (nmwcdc) - C:\WINDOWS\system32\drivers\ccdcmbo.sys O41 - Driver: (no object) (nv) - C:\WINDOWS\system32\DRIVERS\nv4_mini.sys O41 - Driver: (no object) (nvatabus) - C:\WINDOWS\system32\DRIVERS\nvatabus.sys O41 - Driver: NVIDIA nForce Networking Controller Driver (NVENET) - C:\WINDOWS\system32\DRIVERS\NVENET.sys O41 - Driver: NVIDIA nForce AGP Bus Filter (nv_agp) - C:\WINDOWS\system32\DRIVERS\nv_agp.sys O41 - Driver: Filtertreiber für IPX-Verkehr (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys O41 - Driver: Treiber für IPX-Verkehrsweiterleitung (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys O41 - Driver: OHCI-konformer IEEE 1394-Hostcontroller (ohci1394) - C:\WINDOWS\system32\DRIVERS\ohci1394.sys O41 - Driver: Creative OS Services Driver (ossrv) - C:\WINDOWS\system32\drivers\ctoss2k.sys O41 - Driver: Volume Adapter (pepifilter) - C:\WINDOWS\system32\DRIVERS\lv302af.sys O41 - Driver: Padus ASPI Shell (pfc) - C:\WINDOWS\system32\drivers\pfc.sys O41 - Driver: (no object) (PfModNT) - C:\WINDOWS\system32\drivers\PfModNT.sys O41 - Driver: Logitech QuickCam IM(PID_PEPI) (PID_PEPI) - C:\WINDOWS\system32\DRIVERS\LV302V32.SYS O41 - Driver: WAN-Miniport (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys O41 - Driver: QoS-Paketplaner (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys O41 - Driver: Treiber für direkte Parallelverbindung (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys O41 - Driver: (no object) (PxHelp20) - C:\WINDOWS\system32\DRIVERS\PxHelp20.sys O41 - Driver: Treiber für automatische RAS-Verbindung (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys O41 - Driver: WAN-Miniport (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys O41 - Driver: Remotezugriff-PPPOE-Treiber (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys O41 - Driver: Parallelanschluss (direkt) (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys O41 - Driver: Filtertreiber für digitale CD-Audiowiedergabe (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys O41 - Driver: Serenum-Filtertreiber (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys O41 - Driver: BDA Slip De-Framer (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys O41 - Driver: Microsoft Kernel-Audiosplitter (splitter) - C:\WINDOWS\system32\drivers\splitter.sys O41 - Driver: Filtertreiber für Systemwiederherstellung (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys O41 - Driver: Syntek STK1160 (StkAMini) - C:\WINDOWS\System32\Drivers\StkAMini.sys O41 - Driver: Syntek STK1160 Still Image (StkScan) - C:\WINDOWS\System32\Drivers\StkScan.sys O41 - Driver: BDA-IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys O41 - Driver: Software-Bus-Treiber (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys O41 - Driver: Microsoft Kernel GS Wavetablesynthesizer (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys O41 - Driver: Microsoft Kernel-Systemaudiogerät (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys O41 - Driver: TCP/IP-Protokolltreiber (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys O41 - Driver: Microsoft IPv6-Protokolltreiber (Tcpip6) - C:\WINDOWS\system32\DRIVERS\tcpip6.sys O41 - Driver: truecrypt (truecrypt) - C:\WINDOWS\System32\drivers\truecrypt.sys O41 - Driver: Microsoft Tun-Miniportadaptertreiber (tunmp) - C:\WINDOWS\system32\DRIVERS\tunmp.sys O41 - Driver: Microcode Updatetreiber (Update) - C:\WINDOWS\system32\DRIVERS\update.sys O41 - Driver: (no object) (upperdev) - C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys O41 - Driver: USB 2861 Device (USB28xxBGA) - C:\WINDOWS\system32\DRIVERS\emBDA.sys O41 - Driver: USB 28xx OEM Filter (USB28xxOEM) - C:\WINDOWS\system32\DRIVERS\emOEM.sys O41 - Driver: USB-Audiotreiber (WDM) (usbaudio) - C:\WINDOWS\system32\drivers\usbaudio.sys O41 - Driver: Microsoft Standard-USB-Haupttreiber (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys O41 - Driver: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys O41 - Driver: Microsoft USB-Standardhubtreiber (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys O41 - Driver: Miniporttreiber für Microsoft USB Open Host-Controller (usbohci) - C:\WINDOWS\system32\DRIVERS\usbohci.sys O41 - Driver: USB Modem Driver (usbser) - C:\WINDOWS\system32\drivers\usbser.sys O41 - Driver: (no object) (UsbserFilt) - C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys O41 - Driver: USB-Massenspeichertreiber (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS O41 - Driver: Sony Ericsson W810 Driver driver (WDM) (w810bus) - C:\WINDOWS\system32\DRIVERS\w810bus.sys O41 - Driver: Sony Ericsson W810 USB WMC Modem Filter (w810mdfl) - C:\WINDOWS\system32\DRIVERS\w810mdfl.sys O41 - Driver: Sony Ericsson W810 USB WMC Modem Driver (w810mdm) - C:\WINDOWS\system32\DRIVERS\w810mdm.sys O41 - Driver: Sony Ericsson W810 USB WMC Device Management Drivers (WDM) (w810mgmt) - C:\WINDOWS\system32\DRIVERS\w810mgmt.sys O41 - Driver: Sony Ericsson W810 USB WMC OBEX Interface (w810obex) - C:\WINDOWS\system32\DRIVERS\w810obex.sys O41 - Driver: RAS-IP-ARP-Treiber (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys O41 - Driver: Wdf01000 (Wdf01000) - C:\WINDOWS\system32\DRIVERS\Wdf01000.sys O41 - Driver: Treiber für Microsoft WINMM-WDM-Audiokompatibilität (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys O41 - Driver: WpdUsb (WpdUsb) - C:\WINDOWS\System32\Drivers\wpdusb.sys O41 - Driver: World Standard Teletext-Codec (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS O41 - Driver: Microsoft Common Controller For Windows Driver Service (xnacc) - C:\WINDOWS\system32\DRIVERS\xnacc.sys |
|
25.04.2009, 21:14
| #9 |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!?Code:
ATTFilter ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Programme\ICQ\Icq.exe"="C:\Programme\ICQ\Icq.exe:*:Enabled:ICQ"
O47 - AAKE:Key Export - "C:\Programme\FlashFXP\flashfxp.exe"="C:\Programme\FlashFXP\flashfxp.exe:*:Enabled:flashfxp.exe"
O47 - AAKE:Key Export - "C:\Programme\Serv-U\ServUAdmin.exe"="C:\Programme\Serv-U\ServUAdmin.exe:*:Enabled:Serv-U Administrator"
O47 - AAKE:Key Export - "C:\Programme\SmartFTP\SmartFTP.exe"="C:\Programme\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
O47 - AAKE:Key Export - "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
O47 - AAKE:Key Export - "D:\eMule0.46c\emule.exe"="D:\eMule0.46c\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export - "C:\Programme\BPFTP Server\bpftpserver.exe"="C:\Programme\BPFTP Server\bpftpserver.exe:*:Enabled:BulletProof FTP Server (http://www.bpftpserver.com)"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
O47 - AAKE:Key Export - "D:\Azureus\Azureus.exe"="D:\Azureus\Azureus.exe:*:Enabled:Azureus"
O47 - AAKE:Key Export - "D:\CryptLoad0.8second\RouterRecorder.exe"="D:\CryptLoad0.8second\RouterRecorder.exe:*:Enabled:RouterRecorder"
O47 - AAKE:Key Export - "E:\weihnachtskeks\PWKEKS_20\PWKEKS.exe"="E:\weihnachtskeks\PWKEKS_20\PWKEKS.exe:*:Disabled:PWKEKS"
O47 - AAKE:Key Export - "C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Programm zur Dateiübertragung"
O47 - AAKE:Key Export - "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export - "C:\Programme\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe"="C:\Programme\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export - "C:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe"="C:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export - "C:\Programme\Java\jre1.6.0_07\bin\javaw.exe"="C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export - "C:\Programme\Java\jre1.6.0_07\bin\java.exe"="C:\Programme\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export - "C:\Dokumente und Einstellungen\CoolTom\Lokale Einstellungen\Temp\IXP000.TMP\key.exe"="C:\Dokumente und Einstellungen\CoolTom\Lokale Einstellungen\Temp\IXP000.TMP\key.exe:*:Disabled:Host Order"
O47 - AAKE:Key Export - "C:\Programme\TVersity\Media Server\MediaServer.exe"="C:\Programme\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
O47 - AAKE:Key Export - "C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export - "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
---\\ Déni du service LSA (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll
---\\ Contrôle du Safe Boot (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{c242bdb8-1e37-11db-9206-00508d5574ca}\Shell\AutoRun\command - J:\LaunchU3.exe
---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="MSh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MPG4"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MP42"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.DIVX"="DivX.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yv12"="xvidvfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo"="vfwwdm32.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.XVID"="xvidvfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi4"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux3"="wdmaud.drv"
End of the scan:
|
|
25.04.2009, 21:15
| #10 |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!? Lade mal beide Logs von RSIT und von ZHPDiag bitte hoch. Das wird sonst zu lange. Separat hochladen bitte 
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
|
25.04.2009, 21:15
| #11 |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!?Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random)
Run by CoolTom at 2009-04-25 22:00:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 1 GB (12%) free of 10 GB
Total RAM: 1023 MB (58% free)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\StkASv2K.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\CoolTom\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\CoolTom.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58AD885B-011B-45C2-93A2-CC9C2FB66DD3}: NameServer = 192.168.2.1
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\-=]GAMEZ[=-\Common\Database\bin\fbserver.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
--
End of file - 5447 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-10-06 24576]
"CloneCDTray"=C:\Programme\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]
"BootSkin Startup Jobs"=C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe [2004-04-26 270336]
"LogitechCommunicationsManager"=C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"UDC Integration"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2005-12-16 94208]
"updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"RocketDock"=C:\Programme\RocketDock\RocketDock.exe [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Programme\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe -atboottime []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=B1000000
"NoDriveAutorun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ICQ\Icq.exe"="C:\Programme\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Programme\FlashFXP\flashfxp.exe"="C:\Programme\FlashFXP\flashfxp.exe:*:Enabled:flashfxp.exe"
"C:\Programme\Serv-U\ServUAdmin.exe"="C:\Programme\Serv-U\ServUAdmin.exe:*:Enabled:Serv-U Administrator"
"C:\Programme\SmartFTP\SmartFTP.exe"="C:\Programme\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"D:\eMule0.46c\emule.exe"="D:\eMule0.46c\emule.exe:*:Enabled:eMule"
"C:\Programme\BPFTP Server\bpftpserver.exe"="C:\Programme\BPFTP Server\bpftpserver.exe:*:Enabled:BulletProof FTP Server (http://www.bpftpserver.com)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Azureus\Azureus.exe"="D:\Azureus\Azureus.exe:*:Enabled:Azureus"
"D:\CryptLoad0.8second\RouterRecorder.exe"="D:\CryptLoad0.8second\RouterRecorder.exe:*:Enabled:RouterRecorder"
"E:\weihnachtskeks\PWKEKS_20\PWKEKS.exe"="E:\weihnachtskeks\PWKEKS_20\PWKEKS.exe:*:Disabled:PWKEKS"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Programm zur Dateiübertragung"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe"="C:\Programme\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe"="C:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Java\jre1.6.0_07\bin\javaw.exe"="C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Java\jre1.6.0_07\bin\java.exe"="C:\Programme\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Dokumente und Einstellungen\CoolTom\Lokale Einstellungen\Temp\IXP000.TMP\key.exe"="C:\Dokumente und Einstellungen\CoolTom\Lokale Einstellungen\Temp\IXP000.TMP\key.exe:*:Disabled:Host Order"
"C:\Programme\TVersity\Media Server\MediaServer.exe"="C:\Programme\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c242bdb8-1e37-11db-9206-00508d5574ca}]
shell\AutoRun\command - J:\LaunchU3.exe
======File associations======
.js - open - "D:\_PORTA~1\DREAMW~2\Files\DREAMW~1.EXE","%1"
======List of files/folders created in the last 1 months======
2009-04-25 22:00:03 ----D---- C:\rsit
2009-04-25 20:13:55 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-25 15:55:15 ----D---- C:\escan
2009-04-25 13:01:52 ----A---- C:\WINDOWS\system32\msvcp80.dll
2009-04-25 13:01:51 ----A---- C:\WINDOWS\system32\eEmpty.exe
2009-04-25 13:01:49 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2009-04-25 13:01:49 ----A---- C:\WINDOWS\system32\T.COM
2009-04-25 13:01:49 ----A---- C:\WINDOWS\REGEDIT.COM
2009-04-25 13:01:49 ----A---- C:\WINDOWS\R.COM
2009-04-25 13:01:48 ----D---- C:\Programme\Gemeinsame Dateien\MicroWorld
2009-04-25 13:01:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
2009-04-25 12:04:14 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2009-04-25 12:04:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2009-04-25 11:09:51 ----A---- C:\WINDOWS\system32\prnet.tmp
2009-04-24 20:32:57 ----A---- C:\WINDOWS\system32\udcpm.dll
2009-04-24 20:32:55 ----RD---- C:\UDC Output Files
2009-04-24 20:32:55 ----D---- C:\Programme\Universal Document Converter
2009-04-20 23:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-04-20 19:20:32 ----D---- C:\Programme\WBFS
2009-04-19 16:15:01 ----D---- C:\WINDOWS\SxsCaPendDel
2009-04-08 17:52:21 ----A---- C:\WINDOWS\RCoUn0.exe
2009-04-01 16:56:55 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-01 16:56:55 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-01 16:56:55 ----A---- C:\WINDOWS\system32\java.exe
2009-03-31 17:17:13 ----D---- C:\Programme\Symantec
======List of files/folders modified in the last 1 months======
2009-04-25 21:44:43 ----D---- C:\WINDOWS\Temp
2009-04-25 21:39:24 ----D---- C:\Programme\Mozilla Firefox
2009-04-25 21:39:05 ----D---- C:\WINDOWS\system32
2009-04-25 21:38:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-25 21:37:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-25 21:29:53 ----D---- C:\Programme\FreeCommander
2009-04-25 21:21:50 ----D---- C:\Programme\CCleaner
2009-04-25 21:19:34 ----RD---- C:\Programme
2009-04-25 21:18:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-04-25 20:32:43 ----D---- C:\WINDOWS\system32\drivers
2009-04-25 16:18:07 ----D---- C:\WINDOWS\Prefetch
2009-04-25 16:18:05 ----D---- C:\Programme\Avira
2009-04-25 15:56:43 ----AD---- C:\WINDOWS
2009-04-25 15:56:01 ----SH---- C:\boot.ini
2009-04-25 15:56:01 ----A---- C:\WINDOWS\win.ini
2009-04-25 15:56:01 ----A---- C:\WINDOWS\system.ini
2009-04-25 13:01:48 ----D---- C:\Programme\Gemeinsame Dateien
2009-04-25 12:04:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-25 12:04:14 ----HD---- C:\WINDOWS\inf
2009-04-24 20:09:14 ----AC---- C:\WINDOWS\CITP_SearchHistory.INI
2009-04-24 20:09:04 ----AC---- C:\WINDOWS\SW_Win2000X24.DLL
2009-04-24 18:21:05 ----D---- C:\Dokumente und Einstellungen\CoolTom\Anwendungsdaten\Rominator Data
2009-04-23 19:15:32 ----D---- C:\Programme\MSD 0.65
2009-04-20 23:34:27 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-20 23:34:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-20 19:53:11 ----D---- C:\Programme\Wiizle_Diizle_Shiizle_v1.3
2009-04-20 19:26:39 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-20 19:22:25 ----D---- C:\Programme\R4 Commander V2.0
2009-04-20 19:22:08 ----SHD---- C:\WINDOWS\Installer
2009-04-19 19:26:38 ----D---- C:\temp
2009-04-19 16:55:28 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-19 16:55:26 ----RSD---- C:\WINDOWS\assembly
2009-04-19 16:17:23 ----D---- C:\WINDOWS\WinSxS
2009-04-19 16:16:23 ----D---- C:\WINDOWS\system32\XPSViewer
2009-04-19 16:16:20 ----D---- C:\WINDOWS\system32\en-us
2009-04-19 16:16:16 ----RSD---- C:\WINDOWS\Fonts
2009-04-19 16:13:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 19:18:05 ----D---- C:\WINDOWS\Minidump
2009-04-17 19:18:05 ----D---- C:\WINDOWS\Debug
2009-04-17 16:41:49 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 16:41:49 ----D---- C:\WINDOWS\AppPatch
2009-04-16 23:07:20 ----D---- C:\WINDOWS\system32\de-de
2009-04-16 23:07:20 ----D---- C:\Programme\Internet Explorer
2009-04-16 23:04:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-14 21:01:40 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-13 17:14:12 ----HD---- C:\Programme\InstallShield Installation Information
2009-04-13 17:13:08 ----D---- C:\WINDOWS\Downloaded Installations
2009-04-08 17:57:52 ----D---- C:\RouterControl
2009-04-06 16:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 21:24:39 ----D---- C:\Programme\RSD0.52T5
2009-04-01 17:18:39 ----D---- C:\Programme\jdownloader
2009-04-01 16:56:54 ----D---- C:\Programme\Java
2009-03-31 17:15:13 ----D---- C:\WINDOWS\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
|
|
25.04.2009, 21:19
| #12 | |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!?Zitat:
logs.rar ... at uploaded.to - Free File Hosting, Free Image Hosting, Free Music Hosting, Free Video Hosting, ... |
|
25.04.2009, 21:22
| #13 |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!? Bitte Deinstalliere: eMule Azureus Ad-Aware Spybot S&D eScan Acrobat Reader bitte beide und alle Javas BIS auf Java 13 Bootskin ICQ ist veraltet, aktuell ist ICQ 6,5 Advertisement Service runter. Poste anschließend nochmal ein neues HJT LOG.
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! Geändert von Angel21 (25.04.2009 um 21:48 Uhr) |
|
25.04.2009, 21:38
| #14 | |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!?Zitat:
|
|
25.04.2009, 21:46
| #15 | |
| | TR/Dropper.Gen gefunden - Wie löschen ?!?!?Zitat:
|
|
| Themen zu TR/Dropper.Gen gefunden - Wie löschen ?!?!? |
| adobe, antivir guard, avg, avira, bho, desktop, dll, explorer, festplatte, firefox, hijack, hkus\s-1-5-18, internet, internet explorer, magix, mozilla, nvidia, object, pdf, plug-in, programme, rundll, software, super, system, tr/dropper.gen, trojaner, windows, windows xp |
Linear-Darstellung
