| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Drop.Agen. ...HILFE!!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.02.2010, 20:24
| #16 |
 |  TR/Drop.Agen. ...HILFE!! neuste meldungen sind laut antivir TR/Click.Cycler.nns zb: in der Datei 'C:\Program Files\Common Files\LightScribe\lightscribecontrolpanel.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Click.Cycler.nns' [trojan] gefunden. aber auch in anderen foldern meldet er mir das....ich bin echt schon am ausrasten! ich lass jetzt dann nochmal mbam durchlaufen |
|
01.02.2010, 20:28
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Drop.Agen. ...HILFE!!Zitat:
 lad die Datei bei Virustotal.com hoch und poste den Ergebnislink.
__________________ |
|
01.02.2010, 20:41
| #18 |
| | TR/Drop.Agen. ...HILFE!! die warnmeldung kommt aber nicht nur für diesen folder....auch zum ATI TEchnologies und andere....
__________________soll ich die funde von mbam gleich löschen lassen oder erst log posten??? |
|
01.02.2010, 20:42
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Drop.Agen. ...HILFE!! Nun lass doch die Datei auswerten 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.02.2010, 20:52
| #20 |
| | TR/Drop.Agen. ...HILFE!! |
|
01.02.2010, 21:03
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Drop.Agen. ...HILFE!! Ich sagte doch esd ist ein Fehlalarm. Nichtmal das AntiVir auf Virustotal hat angeschlagen. Sind Deine Signaturen aktuell? Sonst alle Einstellungen auf standard? Ich hab den Eindruck, Dein AntiVir ist da etwas zu scharf/sensibel eingestellt und haut deswegen die Meldungen raus. Hatten wir mal einen Scan mit aggressiven Einstellungen gemacht? Wenn ja, dann mach bitte alles wieder rückgängig, also alles auf Standard zurückstellen.
__________________ --> TR/Drop.Agen. ...HILFE!! |
|
01.02.2010, 21:12
| #22 |
| | TR/Drop.Agen. ...HILFE!! ok danke, werd ich machen - mein antivir is auf dem neusten stand aber ich hab die hohe sichheit eingestellt seit dem letzten virus....  |
|
02.02.2010, 00:06
| #23 |
| | TR/Drop.Agen. ...HILFE!! so, nachdem ich dachte es ist vorbei kam die nächsté warnung --> TR/Crypt.ZPACK.Gen ich hab mal RSIT laufen lassen: Logfile of random's system information tool 1.06 (written by random/random) Run by tini at 2010-02-02 00:03:53 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 50 GB (42%) free of 119 GB Total RAM: 3071 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:04:03, on 02.02.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\syntpenh.exe C:\Program Files\ASUS\ATK Media\dmedia.exe C:\Windows\System32\asustpe.exe C:\Windows\asscrpro.exe C:\Program Files\Microsoft Office\Office12\groovemonitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Users\tini\Desktop\programme\RSIT.exe C:\Program Files\Trend Micro\HijackThis\tini.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\Users\tini\AppData\Local\Temp\E_S94B2.tmp" /EF "HKCU" O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8DDBA139-1F98-42BA-AB71-605D208C87B6}: NameServer = 10.4.40.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Google Update Service (gupdate1ca9ed857215824) (gupdate1ca9ed857215824) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 9217 bytes ======Scheduled tasks folder====== C:\Windows\tasks\At1.job C:\Windows\tasks\At10.job C:\Windows\tasks\At11.job C:\Windows\tasks\At12.job C:\Windows\tasks\At13.job C:\Windows\tasks\At14.job C:\Windows\tasks\At15.job C:\Windows\tasks\At16.job C:\Windows\tasks\At17.job C:\Windows\tasks\At18.job C:\Windows\tasks\At19.job C:\Windows\tasks\At2.job C:\Windows\tasks\At20.job C:\Windows\tasks\At21.job C:\Windows\tasks\At22.job C:\Windows\tasks\At23.job C:\Windows\tasks\At24.job C:\Windows\tasks\At3.job C:\Windows\tasks\At4.job C:\Windows\tasks\At5.job C:\Windows\tasks\At6.job C:\Windows\tasks\At7.job C:\Windows\tasks\At8.job C:\Windows\tasks\At9.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-15 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-09-29 218160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-07 4853760] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-09-03 630784] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440] "ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2007-10-12 106496] "ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2008-08-07 37232] "ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2008-08-07 33136] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] "EPSON Stylus D78 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU C:\Users\tini\AppData\Local\Temp\E_S94B2.tmp /EF HKCU [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Users\tini\Program Files\DNA\btdna.exe [2009-11-13 323392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone] C:\Program Files\P4P\P4P.exe [2007-08-03 778240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-01-26 23:40:37 ----D---- C:\Users\tini\AppData\Roaming\Skip-Bo 2010-01-26 23:40:01 ----D---- C:\ProgramData\Trymedia 2010-01-26 23:39:34 ----D---- C:\ProgramData\Zylom 2010-01-26 23:39:34 ----D---- C:\GameHouse Games 2010-01-26 23:39:33 ----D---- C:\Program Files\Zylom Games 2010-01-26 23:35:55 ----D---- C:\Program Files\RealArcade 2010-01-21 20:54:23 ----A---- C:\Windows\system32\mshtml.dll 2010-01-21 20:54:23 ----A---- C:\Windows\system32\ieframe.dll 2010-01-21 20:54:22 ----A---- C:\Windows\system32\iertutil.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\wininet.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\urlmon.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\occache.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\msfeeds.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\ieui.dll 2010-01-21 20:54:21 ----A---- C:\Windows\system32\iedkcs32.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\msfeedssync.exe 2010-01-21 20:54:20 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\jsproxy.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\ieUnatt.exe 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iesysprep.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iesetup.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iernonce.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\iepeers.dll 2010-01-21 20:54:20 ----A---- C:\Windows\system32\ie4uinit.exe 2010-01-16 16:48:25 ----D---- C:\Program Files\Adobe 2010-01-13 10:44:06 ----A---- C:\Windows\system32\t2embed.dll 2010-01-13 10:44:06 ----A---- C:\Windows\system32\fontsub.dll 2010-01-05 20:33:31 ----D---- C:\Windows\temp 2010-01-05 20:33:24 ----A---- C:\ComboFix.txt 2010-01-05 20:25:13 ----D---- C:\$RECYCLE.BIN 2010-01-05 20:10:46 ----D---- C:\cofi 2010-01-05 19:54:34 ----A---- C:\Windows\SWXCACLS.exe 2010-01-05 19:19:05 ----A---- C:\Windows\system32\acovcnt.exe 2010-01-03 20:53:04 ----A---- C:\Windows\zip.exe 2010-01-03 20:53:04 ----A---- C:\Windows\SWSC.exe 2010-01-03 20:53:04 ----A---- C:\Windows\SWREG.exe 2010-01-03 20:53:04 ----A---- C:\Windows\sed.exe 2010-01-03 20:53:04 ----A---- C:\Windows\PEV.exe 2010-01-03 20:53:04 ----A---- C:\Windows\NIRCMD.exe 2010-01-03 20:53:04 ----A---- C:\Windows\MBR.exe 2010-01-03 20:53:04 ----A---- C:\Windows\grep.exe 2010-01-03 20:52:48 ----D---- C:\Windows\ERDNT 2010-01-03 20:52:07 ----D---- C:\Qoobox ======List of files/folders modified in the last 1 months====== 2010-02-02 00:04:03 ----D---- C:\Windows\Prefetch 2010-02-01 23:21:19 ----D---- C:\Users\tini\AppData\Roaming\Skype 2010-02-01 23:01:27 ----D---- C:\Windows\System32 2010-02-01 23:01:12 ----D---- C:\Windows 2010-02-01 23:01:12 ----D---- C:\Program Files\Internet Explorer 2010-02-01 23:01:12 ----D---- C:\Program Files\Common Files\LightScribe 2010-02-01 20:18:36 ----D---- C:\Users\tini\AppData\Roaming\skypePM 2010-02-01 20:17:10 ----D---- C:\Program Files 2010-02-01 14:51:01 ----D---- C:\Windows\Tasks 2010-02-01 14:51:01 ----D---- C:\Windows\system32\Tasks 2010-02-01 14:50:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-01 11:55:35 ----HD---- C:\Windows\system32\GroupPolicy 2010-02-01 11:55:35 ----D---- C:\ProgramData 2010-01-29 22:13:06 ----D---- C:\Program Files\Google 2010-01-28 00:19:27 ----D---- C:\Windows\winsxs 2010-01-27 20:28:11 ----D---- C:\Windows\system32\catroot 2010-01-26 23:52:08 ----SHD---- C:\Windows\Installer 2010-01-26 22:58:36 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-01-26 22:58:35 ----D---- C:\Windows\inf 2010-01-26 22:10:52 ----D---- C:\Windows\system32\drivers 2010-01-22 17:11:03 ----D---- C:\Windows\Debug 2010-01-22 14:45:21 ----D---- C:\Windows\system32\migration 2010-01-21 20:51:45 ----D---- C:\Windows\system32\catroot2 2010-01-21 10:20:56 ----D---- C:\Program Files\Microsoft Silverlight 2010-01-16 16:48:30 ----D---- C:\ProgramData\Adobe 2010-01-16 16:48:30 ----D---- C:\Program Files\Common Files\Adobe 2010-01-14 21:15:01 ----D---- C:\Users\tini\AppData\Roaming\DNA 2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe 2010-01-13 11:20:25 ----D---- C:\ProgramData\Microsoft Help 2010-01-13 11:19:38 ----D---- C:\Program Files\Windows Mail 2010-01-11 22:46:46 ----D---- C:\Program Files\Yahoo! 2010-01-05 21:38:17 ----D---- C:\Windows\system32\WDI 2010-01-05 20:25:31 ----A---- C:\Windows\system.ini 2010-01-05 20:21:56 ----D---- C:\Windows\system32\config 2010-01-05 20:21:56 ----D---- C:\Boot 2010-01-05 20:17:03 ----D---- C:\Windows\AppPatch 2010-01-05 20:17:02 ----D---- C:\Program Files\Common Files 2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-31 743424] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2009-09-15 37376] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-08 2044896] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680] R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-10 57856] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400] R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2009-09-15 32768] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2008-04-03 49904] S3 catchme;catchme; \??\C:\cofi\catchme.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-11-17 224816] R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-11-12 331824] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S2 gupdate1ca9ed857215824;Google Update Service (gupdate1ca9ed857215824); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-26 133104] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 fsssvc;Windows Live Family Safety-Dienst; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768] S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-11-17 57640] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- |
|
02.02.2010, 08:24
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Drop.Agen. ...HILFE!!Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2010, 12:11
| #25 |
| | TR/Drop.Agen. ...HILFE!! sryin der Datei 'C:\Windows\temp\gcvx.tmp\svchost.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. aber der temp ordner is ständig ein andrer..... |
|
02.02.2010, 13:06
| #27 |
| | TR/Drop.Agen. ...HILFE!! |
|
02.02.2010, 13:49
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Drop.Agen. ...HILFE!! Da ist ein Rootkit noch aktiv! Wenn Du eine Vista-DVD parat hast: Boote von der Vista-DVD, geh in die Wiederherstellungskonsole / Eingabeaufforderung. Führ diese 2 Befehle aus Code:
ATTFilter copy c:\windows\system32\drivers\atapi.sys c:\atapi.bad
Code:
ATTFilter copy X:\i386\atapi.sys C:\windows\system32\drivers\atapi.sys
Wenn der 2. Befehl erfolgreich war, neu starten (normal Vista von Platte), achte darauf, dass der Virenscanner die Datei c:\atapi.bad in Ruhe lässt!! Diese dann bitte bei Virustotal auswerten lassen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2010, 15:38
| #29 |
| | TR/Drop.Agen. ...HILFE!! okeee......blöde frage: was genau bedeutet booten mit cd?  |
|
02.02.2010, 15:41
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Drop.Agen. ...HILFE!! Vista-DVD einlegen und von dieser den Rechner starten. Evtl. musst Du am Anfang mit der F11- oder F12-Taste in Bootmenü. Wenn von der Vista-DVD gebootet wird, erscheint diese Meldung: Drücken Sie eine beliebige Taste um von der DVD zu starten und Du musst irgendeine Taste (zB Leertaste) drücken... Wenn Du normal Deinen Computer hochfährst, startet Dein Rechner von der Platte.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Drop.Agen. ...HILFE!! |
| adobe, antivir guard, avg, avgntflt.sys, avira, bho, browser, converter, defender, desktop, device driver, diagnostics, error, excel, fontcache, google, hdaudio.sys, hijack, hijackthis, home, home premium, hotspot, hotspot shield, infizierte, local\temp, nodrives, object, plug-in, programdata, realtek, registrierungsschlüssel, registry, saver, screensaver, seaport.exe, security, senden, software, svchost.exe, system, toolbars, torrent.exe, usbvideo.sys, warnung, wireless lan |
Linear-Darstellung
