| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: they jacked my ass: ist das ein rootkit??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.11.2007, 09:43
| #1 |
 |  they jacked my ass: ist das ein rootkit?? Meine Geschichte fing damit an, dass Kaspersky 7 anfing Alarm zu schlagen. Nämlich, nahezu jedes Programm, das ich gestartet hatte, war wohl verändert worden. Der Scan meines PCs mit dem oft besungenen und angeblich dem bessten Antivirusschutz Kaspersky 7 führte jedoch zu keinem Ergebnis; kein Fehler, nicht einmal eine Spyware oder so..  Auch andere Programme, wie Lavasoft Ad-Aware oder Spybot, fanden nichts nennenswertes, schlimmer noch, wurden beim starten auch anscheind "modifiziert". Nach dem Stöbern im "trojaner-board.de" führte ich einen e-scan durch mit folgendem Ergebnis: +++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2007.06.16.01 Microsoft Windows XP [Version 5.1.2600] Bootmodus: NETWORK eScan Version: 9.5.6 Sprache: English Virus Database Date: 11/23/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ System found infected with killav.nbd Browser Hijacker ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken. System found infected with killav.nbd Browser Hijacker ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({2a652f47-a8ce-414c-bbb4-203a59031056})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({3c43bba2-9e93-4758-8669-adce56687e0c})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({4898d118-1d1e-4a2d-a8a3-4a75bf333cd5})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({517f778c-078d-4d33-953b-afbf1720c947})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({76d230aa-fc0c-4dd4-bf9e-4032d60369f1})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({87b24642-366e-4393-851a-b6cec5d7e641})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({8c22668a-d7d8-42f5-99e8-4f30ed0d18b0})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({963dfd8c-2e6a-4db4-bcb3-9d5c78142e41})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({a06d036f-984f-4482-ad5c-ebd11a638b4c})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({a434ac6f-7286-42c3-982b-20f00263501b})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({c5a786b9-3bd6-4a4e-b4d7-9b752138dc4b})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({d044d89c-01e4-4722-8812-8df543680606})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({d3e78b93-4b65-405d-9095-e82b78555173})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({e6857874-b535-46d7-a3eb-4103614e91fc})! Action taken: No Action Taken. System found infected with spyware.imfmonitor Spyware/Adware ({fbd42940-b837-40eb-bdb4-86ae00e1d0d1})! Action taken: No Action Taken. System found infected with euniverse/keenvalue variant Spyware/Adware (bho.dll)! Action taken: No Action Taken. System found infected with euniverse/keenvalue variant Spyware/Adware (bho.dll)! Action taken: No Action Taken. System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: No Action Taken. System found infected with rohbot Worm (C:\WINDOWS\system32\pskill.exe)! Action taken: No Action Taken. Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "saminside Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "saminside Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "saminside Spyware/Adware" found in File System! Action Taken: No Action Taken. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ File C:\Documents and Settings\Administrator\My Documents\Downloads\setupeng.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012039.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012042.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012049.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012050.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012051.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012061.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012065.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012066.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012067.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012096.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP35\A0012102.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. File D:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP47\A0023506.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken. File E:\System Volume Information\_restore{6BB7B0A9-5D73-45DC-96B5-B47679B9F0D1}\RP185\A0236918.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ File C:\WINDOWS\system32\cmdow.exe tagged as "not-a-virus:RiskTool.Win32.HideWindows". Action Taken: No Action Taken. File C:\WINDOWS\system32\pskill.exe tagged as "not-a-virus:RiskTool.Win32.PsKill.e". Action Taken: No Action Taken. File C:\WINDOWS\system32\cmdow.exe tagged as "not-a-virus:RiskTool.Win32.HideWindows". Action Taken: No Action Taken. File C:\WINDOWS\system32\pskill.exe tagged as "not-a-virus:RiskTool.Win32.PsKill.e". Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Offending file found: C:\WINDOWS\system32\unrar.dll Offending file found: C:\WINDOWS\system32\pskill.exe ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Offending Folder found: C:\Documents and Settings\Administrator\Application Data\macromedia\dreamweaver 8\configuration\menus\cache\tools Offending Folder found: C:\Documents and Settings\All Users\Start Menu\Programs\multimediatools\k-lite codec pack\tools Offending Folder found: C:\Documents and Settings\All Users\Start Menu\programs\multimediatools\k-lite codec pack\tools ~~~~~~~~~~~ Registry ~~~~~~~~~~~ Offending Key found: HKCR\magnet !!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ D:\System Volume Information\_restore{68D8D2F7-BC9E-464E-959B-F094DAD4C51B}\RP46\A0023380.exe not Scanned. Possibly password protected... E:\Documents and Settings\Administrator\Local Settings\Temp\SIntf16.dll not Scanned. Possibly password protected... E:\RECYCLER\S-1-5-21-1482476501-842925246-725345543-500\Dc1802.jc! not Scanned. Possibly password protected... E:\System Volume Information\_restore{6BB7B0A9-5D73-45DC-96B5-B47679B9F0D1}\RP174\A0226251.dll not Scanned. Possibly password protected... ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc C:\WINDOWS\System32\drivers\etc\hosts : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total Critical Objects: 43 Total Disinfected Objects: 0 Total Objects Renamed: 0 Total Deleted Objects: 0 Total Errors: 72 Time Elapsed: 02:12:42 Total Objects Scanned: 218445 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory Check: Enabled Registry Check: Enabled System Folder Check: Enabled System Area Check: Disabled Services Check: Enabled Drive Check: Disabled All Drive Check :Enabled All Drive Check :Enabled Batchstart: 7:30:49,82 Batchende: 7:31:15,40 ++++++++++++++++++++++++++++++++++++++++++++++++ Danach habe ich Kaspersky deinstalliert und mit AVAST den PC bereinigt: (1) ...\-restore{68D8......C51B}\RP46\A0023240.exe is infected by Win32:Zapchast-DA [Trj] ---------deleted (2) %system folder%\system32\ActiveScan\pskavs.dll is infected by Win32:CTX ---------moved to chest Wieder mal was Neues  Nun ja, jetzt weiss ich nicht was ich noch machen soll. Habe ganz arg die Befürchtung, dass die Viren immer noch schön mein System weiter infizieren. Warum hat Kaspersky-Scan nichts gefunden, ist doch angeblich der Antivirus mit der bessten Erkennungsquote??... Habe ich ein Rootkit? Ist mein System noch zu retten??  Zu guter Letzt noch ein aktueller HiJack-scan: +++++++++++++++++++++++++++++++++++++++ Logfile of HijackThis v1.99.1 Scan saved at 09:16:56, on 30.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\NetLimiter 2 Monitor\NLClient.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Alwil Software\Avast4\setup\setup.ovr C:\Program Files\(HijackThis)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Program Files\GMX\GMX Toolbar\toolbar.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe |
| Themen zu they jacked my ass: ist das ein rootkit?? |
| 1.exe, ad-aware, adobe, application, avast!, browser, canon, cmdow.exe, computer, defender, drivers, excel, exe.corrupted, fehler, hijackthis, hosts-datei, internet, internet explorer, kaspersky, letzt, object, programm, prozesse, registry, rootkit, rootkit?, rundll, scan, software, spyware, start menu, starten, system, viren, warum, windows, windows xp, windows\system32\drivers |
Baum-Darstellung