TR/Tropper.Gen

schokonina · 20.10.2013, 19:13

Ich habe das Problem, das oben genannter Virus/Trojaner genau auf dem Autorun.exe meines neuen Internetsticks sitzt. (Arbeite gerade mit anderem PC).

Die LogFiles habe ich bereits auf meinem PC durchgeführt, hier die Ergebnisse:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by Nina Saurer (administrator) on NINASAURER-PC on 20-10-2013 19:48:18
Running from F:\
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(OptionNV) C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
(ATK) C:\Program files\P4G\BatteryLife.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
(ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
(Pinnacle Systems) C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Avid Development GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
(tele.ring) C:\Program Files\telering\tele.ring Mobile Internet\tele.ring Mobile Internet.exe
(Dropbox, Inc.) C:\Users\Nina Saurer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(PPLive Corporation) C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-19] (CyberLink)
HKLM\...\Run: [P2Go_Menu] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8105984 2008-09-03] (ASUS)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1392640 2009-04-30] (VIA)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [540576 2009-04-21] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Wireless Console 3] - C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-02-07] ()
HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2008-08-19] (ASUS)
HKLM\...\Run: [ADSMTray] - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [266240 2008-04-01] (ASUSTek Computer Inc.)
HKLM\...\Run: [ACMON] - C:\Program Files\ASUS\Splendid\ACMON.exe [851968 2008-10-01] (ATK)
HKLM\...\Run: [ASUS Camera ScreenSaver] - C:\Windows\AsScrProlog.exe [47672 2009-07-12] ()
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3054136 2009-07-12] (ASUS)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKCU\...\Run: [SRS Premium Sound] - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [3405048 2009-04-07] (SRS Labs, Inc.)
HKCU\...\Run: [PMCRemote] - C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [214288 2008-06-12] (Pinnacle Systems)
HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [PPAP] - C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe [185784 2010-09-20] (PPLive Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
Startup: C:\Users\Nina Saurer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nina Saurer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kleinezeitung.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=B6C31A3B-EE10-4563-B6E2-143D2D3DBEAA&apn_sauid=E0E01020-C3E5-4BAD-B7D4-58E094265CF5
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=B6C31A3B-EE10-4563-B6E2-143D2D3DBEAA&apn_sauid=E0E01020-C3E5-4BAD-B7D4-58E094265CF5
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.162.69.170 213.162.69.2

FireFox:
========
FF ProfilePath: C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default
FF user.js: detected! => C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\user.js
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF SearchPlugin: C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nina Saurer\AppData\Local\Google\Chrome\Application\8.0.552.237\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Nina Saurer\AppData\Local\Google\Chrome\Application\8.0.552.237\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Nina Saurer\AppData\Local\Google\Chrome\Application\8.0.552.237\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Nina Saurer\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-14] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 GtDetectSc; C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe [196704 2007-12-18] (OptionNV)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 SRS_VolSync_Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [70880 2009-04-07] (SRS Labs, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1723744 2012-11-29] (TuneUp Software)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [555408 2013-03-26] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-03-26] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-03-26] (Cisco Systems, Inc.)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4386304 2009-03-19] (ATI Technologies Inc.)
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [30264 2009-07-12] (ASUSTek Computer Inc)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)
R0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-21] (Microsoft Corporation)
S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [6656 2008-04-07] (Generic)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [90112 2009-04-21] (ELAN Microelectronic Corp.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [444800 2008-06-13] (DiBcom)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2008-12-24] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] ()
R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_i386.sys [233128 2009-04-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1019392 2009-04-28] (VIA Technologies, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 ASUSProcObsrv; \??\E:\I386\AsProcOb.sys [x]
S3 catchme; \??\C:\Users\NINASA~1\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-20 19:47 - 2013-10-20 19:47 - 00000000 ____D C:\FRST
2013-10-16 16:53 - 2013-10-16 16:53 - 00000000 ____D C:\ProgramData\DatacardService
2013-10-15 21:10 - 2013-10-15 21:10 - 00139040 _____ C:\Windows\Minidump\Mini101513-01.dmp
2013-10-03 18:59 - 2013-10-03 19:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-30 11:13 - 2013-09-30 11:24 - 00000000 ____D C:\Users\Nina Saurer\Desktop\FP

==================== One Month Modified Files and Folders =======

2013-10-20 19:49 - 2012-12-16 23:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-20 19:47 - 2013-10-20 19:47 - 00000000 ____D C:\FRST
2013-10-20 19:47 - 2006-11-02 14:52 - 00305322 _____ C:\Windows\setupact.log
2013-10-20 19:43 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 19:43 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 19:33 - 2006-11-02 12:33 - 01445310 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-20 19:32 - 2009-07-12 21:30 - 01711970 _____ C:\Windows\WindowsUpdate.log
2013-10-20 19:30 - 2012-06-01 10:16 - 00000000 ____D C:\Users\Nina Saurer\AppData\Roaming\Dropbox
2013-10-20 19:30 - 2010-01-11 11:14 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-10-20 19:30 - 2009-08-19 17:41 - 03268220 _____ C:\Users\Nina Saurer\AppData\Local\Optimizer.txt
2013-10-20 19:28 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-16 17:21 - 2006-11-02 15:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-16 16:53 - 2013-10-16 16:53 - 00000000 ____D C:\ProgramData\DatacardService
2013-10-16 09:47 - 2009-09-21 20:43 - 00000263 _____ C:\Windows\Brownie.ini
2013-10-16 09:34 - 2009-07-12 22:52 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-10-16 07:09 - 2009-08-19 17:35 - 00000000 ____D C:\Program Files\telering
2013-10-16 07:09 - 2009-08-19 17:12 - 00000000 ____D C:\Users\Nina Saurer
2013-10-16 07:09 - 2009-07-12 22:42 - 00000000 ____D C:\ProgramData\P4G
2013-10-16 07:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-10-16 07:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-10-16 07:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-10-16 07:09 - 2006-11-02 12:22 - 50069504 _____ C:\Windows\system32\config\software_previous
2013-10-16 07:09 - 2006-11-02 12:22 - 26738688 _____ C:\Windows\system32\config\system_previous
2013-10-16 07:05 - 2006-11-02 12:22 - 43778048 _____ C:\Windows\system32\config\components_previous
2013-10-16 07:05 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-10-15 21:10 - 2013-10-15 21:10 - 00139040 _____ C:\Windows\Minidump\Mini101513-01.dmp
2013-10-15 21:10 - 2009-10-28 23:42 - 00000000 ____D C:\Windows\Minidump
2013-10-15 21:10 - 2009-10-28 23:41 - 198304448 _____ C:\Windows\MEMORY.DMP
2013-10-14 23:36 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-10-14 23:36 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-10-14 23:22 - 2009-08-19 17:54 - 00000000 ____D C:\Users\Nina Saurer\AppData\Local\tele.ring Mobile Internet
2013-10-11 10:12 - 2009-08-19 17:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 10:11 - 2009-07-12 21:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 10:10 - 2013-07-25 19:26 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 10:07 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-11 09:05 - 2009-11-01 17:39 - 00001356 _____ C:\Users\Nina Saurer\AppData\Local\d3d9caps.dat
2013-10-10 20:30 - 2012-06-01 10:18 - 00000000 ___RD C:\Users\Nina Saurer\Dropbox
2013-10-07 21:18 - 2012-11-17 22:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-03 19:00 - 2013-10-03 18:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 19:44 - 2012-10-10 16:38 - 00000000 ____D C:\Users\Nina Saurer\Desktop\SBWL Personal
2013-09-30 11:24 - 2013-09-30 11:13 - 00000000 ____D C:\Users\Nina Saurer\Desktop\FP

Some content of TEMP:
====================
C:\Users\Nina Saurer\AppData\Local\temp\20130513045058811jniverify.dll
C:\Users\Nina Saurer\AppData\Local\temp\APNStub.exe
C:\Users\Nina Saurer\AppData\Local\temp\AskSLib.dll
C:\Users\Nina Saurer\AppData\Local\temp\kademlia.dll
C:\Users\Nina Saurer\AppData\Local\temp\logclient.dll
C:\Users\Nina Saurer\AppData\Local\temp\pdf24-creator-update.exe
C:\Users\Nina Saurer\AppData\Local\temp\peer.dll
C:\Users\Nina Saurer\AppData\Local\temp\pprepair.dll
C:\Users\Nina Saurer\AppData\Local\temp\PPTV_Update.exe
C:\Users\Nina Saurer\AppData\Local\temp\SkypeSetup.exe
C:\Users\Nina Saurer\AppData\Local\temp\softonic_ggl_1.6.7.4.exe
C:\Users\Nina Saurer\AppData\Local\temp\tipsbubble.dll
C:\Users\Nina Saurer\AppData\Local\temp\tipsclient.dll
C:\Users\Nina Saurer\AppData\Local\temp\tipsdone.dll
C:\Users\Nina Saurer\AppData\Local\temp\tipsstatistic.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-20 19:34

==================== End Of Log ============================

& der Additional

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013
Ran by Nina Saurer at 2013-10-20 19:49:56
Running from F:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Reader 9.2 - Deutsch (Version: 9.2.0)
AMD USB Audio Driver Filter (Version: 1.0.7.0031)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASUS CopyProtect (Version: 1.0.0009)
ASUS Data Security Manager (Version: 1.00.0011)
ASUS FancyStart (Version: 1.0.2)
ASUS LifeFrame3 (Version: 3.0.20)
ASUS Live Update (Version: 2.5.6)
ASUS MultiFrame (Version: 1.0.0018)
ASUS Power4Gear Hybrid (Version: 1.1.10)
ASUS SmartLogon (Version: 1.0.0006)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0023)
ASUS Virtual Camera (Version: 1.0.13)
Asus_Camera_ScreenSaver (Version: 2.0.0008)
Atheros Client Installation Program (Version: 7.0)
ATI Catalyst Install Manager (Version: 3.0.715.0)
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.0.0049)
ATK Media (Version: 2.0.0001)
ATKOSD2 (Version: 7.0.0002)
AutoUpdate (Version: 1.1)
Avira Free Antivirus (Version: 12.1.9.2500)
Bonjour (Version: 3.0.0.10)
Brother HL-2030 (Version: 1.00)
Catalyst Control Center - Branding (Version: 1.00.0000)

Danke für die Hilfe!

schrauber · 21.10.2013, 06:41

Hi,

wer meldet was wo?

schokonina · 21.10.2013, 08:40

Sry für meine unkonkrete Beschreibung.

Also ich habe einen neuen Internet UsB Stick. Wenn ich diesen in meinen Laptop stecke, sollte er normalerweise sich selbst installieren. (tut er anscheinend auch)
Nur das Verbindungsfenster fährt dann nicht hoch. Wenn ich in den Dateiordner des Usb's klicke, meldet mir Avira sofort, dass hier der TR/Tropper.Gen drin ist.
Stick funktioniert auf anderem PC problemlos.

schrauber · 21.10.2013, 15:57

Lass die von Avira angemeckerte Datei bitte mal bei www.virustotal.com testen.

schokonina · 23.10.2013, 23:44

Also,

es gibt zwei verdächtige Dateien in meinem Ordner des USB Internetsticks. Einmal das Autorun.exe und einmal das Setup.exe, wobei Avira bei Klick auf Autorun.exe auch die Virusmeldung für Setup.exe meldet?!

Ich habe nun bei Virustotal versucht, die Datei zu überprüfen.
Die Setup.exe Datei lässt er mich nicht hochladen (Meldung: Ich bin nicht der Administrator bzw. besitze keine Berechtigung auf die Datei zuzugreifen.) - Dasselbe wird gemeldet, wenn ich versuche die Setup.exe auf einen USB Stick zu ziehen. Alle anderen Dateien des USB Internet Sticks lassen sich problemlos übertragen.

Das Komische bei der Sache ist nur, dass der USB Internetstick bei einem anderen PC sofort funktioniert! Keine Virusmeldung und problemloser Verbindungsaufbau zum Internet!

schrauber · 24.10.2013, 11:14

Ich denke ja auch an einen Fehlalarm von Antivir.

schokonina · 25.10.2013, 08:01

Okay, nur was soll ich jetzt machen bzw. wie finde ich das heraus? (Virustotal scheint ja nicht zu funktionieren)

Danke und Gruß

schrauber · 25.10.2013, 11:07

Scanne den Stick einfach mit deinem AV Programm. Das ist definitiv nen Fehlalarm da er an anderen Rechnern tadellos funktioniert.

schokonina · 27.10.2013, 15:51

Konnte nun den Stick installieren (Avira hab ich vorübergehend einfach ausgeschalten). Er funktioniert, - TR/Tropper.Gen ist in Quarantäne.
Avira meckert zwar, wenn ich den Ordner aufmache aber ja. Muss ich mir irgendwelche Sorge um mein System machen oder passt das jetzt so?

Danke

schrauber · 27.10.2013, 19:05

Das passt. Avira wegwerfen und was anständig installieren.

21.10.2013, 06:41	#2
schrauber /// the machine /// TB-Ausbilder	TR/Tropper.Gen Hi, wer meldet was wo? __________________ __________________

21.10.2013, 15:57	#4
schrauber /// the machine /// TB-Ausbilder	TR/Tropper.Gen Lass die von Avira angemeckerte Datei bitte mal bei www.virustotal.com testen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

24.10.2013, 11:14	#6
schrauber /// the machine /// TB-Ausbilder	TR/Tropper.Gen Ich denke ja auch an einen Fehlalarm von Antivir. __________________ --> TR/Tropper.Gen

25.10.2013, 11:07	#8
schrauber /// the machine /// TB-Ausbilder	TR/Tropper.Gen Scanne den Stick einfach mit deinem AV Programm. Das ist definitiv nen Fehlalarm da er an anderen Rechnern tadellos funktioniert. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

27.10.2013, 19:05	#10
schrauber /// the machine /// TB-Ausbilder	TR/Tropper.Gen Das passt. Avira wegwerfen und was anständig installieren. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

TR/Tropper.Gen

Log-Analyse und Auswertung: TR/Tropper.Gen

TR/Tropper.Gen

TR/Tropper.Gen

TR/Tropper.Gen

TR/Tropper.Gen

TR/Tropper.Gen

TR/Tropper.Gen

TR/Tropper.Gen

TR/Tropper.Gen

TR/Tropper.Gen

TR/Tropper.Gen

Ähnliche Themen: TR/Tropper.Gen

25.10.2013, 08:01	#7
schokonina	TR/Tropper.Gen Okay, nur was soll ich jetzt machen bzw. wie finde ich das heraus? (Virustotal scheint ja nicht zu funktionieren) Danke und Gruß

27.10.2013, 15:51	#9
schokonina	TR/Tropper.Gen Konnte nun den Stick installieren (Avira hab ich vorübergehend einfach ausgeschalten). Er funktioniert, - TR/Tropper.Gen ist in Quarantäne. Avira meckert zwar, wenn ich den Ordner aufmache aber ja. Muss ich mir irgendwelche Sorge um mein System machen oder passt das jetzt so? Danke