Erhalte beim System Start einen Roten Bildschirm mit der meldung dass is zu viele Ciren habe und deshalb für die entfernung extra b ezahlen muss. nach Neustart war es wieder weg aber kommt ab und zu wieder.

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:44:02, on 04.08.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\IDT\WDM\sttray.exe
D:\Program Files\DellTPad\Apoint.exe
D:\Program Files\Sicherheitspaket\Common\FSM32.EXE
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
D:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Users\srh\AppData\Roaming\Identities\{6CB8795B-AC48-11DF-AFDD-806E6F6E6963}\svghost.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\Program Files\DellTPad\ApMsgFwd.exe
D:\Program Files\DellTPad\HidFind.exe
D:\Program Files\DellTPad\Apntex.exe
D:\Windows\system32\conhost.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
D:\Windows\system32\NOTEPAD.EXE
D:\Program Files\Sicherheitspaket\FSGUI\fscuif.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Windows\system32\taskmgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - D:\Program Files\Sicherheitspaket\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - D:\Program Files\Sicherheitspaket\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [SysTrayApp] D:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IMSS] "D:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [Apoint] D:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe D:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Sicherheitspaket\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Sicherheitspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Dell Webcam Central] "D:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [{6CB8795B-AC48-11DF-AFDD-806E6F6E6963}] D:\Users\srh\AppData\Roaming\Identities\{6CB8795B-AC48-11DF-AFDD-806E6F6E6963}\svghost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-4045713834-2158509001-2201878697-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4045713834-2158509001-2201878697-1001\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: OpenOffice.org 3.3.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - D:\Users\srh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - (no file)
O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - (no file)
O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AA47D5E-4AC3-4320-B191-312832DE6503}: NameServer = 193.189.244.225 193.189.244.206
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe
O23 - Service: ArchiCrypt Shredder - Sichere Löschzonen Hilfsservice (ArchiCrypt Sichere Loeschzonen) - Softwareentwicklung Remus - ArchiCrypt - D:\Program Files\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector32.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - D:\Program Files\Sicherheitspaket\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Sicherheitspaket\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\Sicherheitspaket\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - D:\Program Files\Sicherheitspaket\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - D:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - D:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\STacSV.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - D:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 9097 bytes
         

Der File ist sehr Verdächtig und lässt sich nicht löschen:

D:\Users\srh\AppData\Roaming\Identities\{6CB8795B-AC48-11DF-AFDD-806E6F6E6963}\svghost.exe

http://www.trojaner-board.de/95173-b...es-posten.html