| |
| |||||||
Log-Analyse und Auswertung: tr/fotomoto.e tr/bho.akyWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.09.2007, 14:49
| #1 |
 |  tr/fotomoto.e tr/bho.aky die vorgeschichte mit avira antiv: vundo usw x mal versucht, jetzt fotomoto.e resp. bho.aky..bring die nicht weg...und der pc lahmt ja das kam hierbei raus: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:30:13, on 19.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\csrss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe F:\WINDOWS\system32\spoolsv.exe f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe F:\WINDOWS\Mixer.exe F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe F:\program files\powerstrip\pstrip.exe F:\WINDOWS\system32\LVCOMSX.EXE F:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe F:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE F:\Program Files\AntiVir PersonalEdition Classic\sched.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\RocketDock\RocketDock.exe F:\download\utorrent.exe F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe F:\Program Files\Monitor Calibration Wizard\MCW.exe F:\Program Files\Picasa2\PicasaMediaDetector.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\CTsvcCDA.exe F:\WINDOWS\system32\oodag.exe F:\Program Files\Spyware Doctor\svcntaux.exe F:\Program Files\Spyware Doctor\swdsvc.exe F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\wdfmgr.exe F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe F:\WINDOWS\System32\alg.exe F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe F:\WINDOWS\system32\rundll32.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\MSN Messenger\usnsvc.exe F:\Program Files\VirtualDJ\virtualdj.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Program Files\mIRC\mirc.exe D:\Downloads\sarsfx.exe F:\hjt\Hijackthis.exe F:\WINDOWS\System32\wbem\wmiprvse.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [avgnt] "F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [StartCCC] F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [BDMCon] F:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe O4 - HKLM\..\Run: [BDNewsAgent] F:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe O4 - HKLM\..\Run: [SDTray] "F:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "F:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [µTorrent] "F:\download\utorrent.exe" O4 - HKCU\..\Run: [uTorrent] "F:\download\utorrent.exe" O4 - HKCU\..\Run: [MCW Startup] "F:\Program Files\Monitor Calibration Wizard\MCW.exe" /s /p O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172413582636 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172414169436 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\****************\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe O23 - Service: PDEngine - Raxco Software, Inc. - F:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - F:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 10432 bytes |
| Themen zu tr/fotomoto.e tr/bho.aky |
| 1.exe, ad-aware, adobe, antivir, avira, defender, dll, excel, explorer, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, monitor, mozilla, mozilla firefox, object, pc lahm, pdf, picasa, rundll, s-1-5-18, security, server, system, trend micro, vundo, windows, windows defender, windows xp |
Baum-Darstellung