| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner srv3.exe??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.12.2007, 12:19
| #1 |
 |  Trojaner srv3.exe?? Guten Tag, Ich habe mein Anti-Virus-Programm nun schon mehrere Male durchscannen lassen und bis eben konnte ich auch alle Maleware die als Trojaner angezeigt wurde in den Container verschieben(Avast Antivirus).Ich bin nun auf dies gestoßen: Datei-Name:C:\Windows\System32\srv32.exe Malware-Name:Win32:SubSeven-217 [Trj] Malware-Typ:Trojanisches Pferd Hier ist mein Hijack-Logfile  Dazu muss ich sagen,dass ich Windows Vista habe,da das System Unknown ist)Logfile of HijackThis v1.99.1 Scan saved at 12:09:38, on 15.12.2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Home Cinema\TV Enhance\TVEService.exe C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\ICQ6\ICQ.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe C:\Users\Kevin\Desktop\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Home Cinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Ich bitte um Hilfe. MfG König der Trojaner |
|
15.12.2007, 12:21
| #2 |
| | Trojaner srv3.exe?? Hallo, lasse mal diese Datei hier
__________________C:\Windows\System32\srv32.exe bei Virustotal.com durchlaufen und Poste das Ergebnis.
__________________ |
|
15.12.2007, 12:42
| #3 |
| | Trojaner srv3.exe?? AhnLab-V3 2007.12.15.10 2007.12.14 Win-Trojan/SubSeven.55808
__________________AntiVir 7.6.0.45 2007.12.14 BDS/Sub7-220.Srv Authentium 4.93.8 2007.12.15 W32/SubSeven.backdoor.v22a Avast 4.7.1098.0 2007.12.14 Win32:SubSeven-217 AVG 7.5.0.503 2007.12.14 BackDoor.Subseven BitDefender 7.2 2007.12.15 Backdoor.Subseven.CM CAT-QuickHeal 9.00 2007.12.15 SubSeven.2x ClamAV 0.91.2 2007.12.15 Trojan.SubSeven.22.D DrWeb 4.44.0.09170 2007.12.14 BackDoor.SubSeven eSafe 7.0.15.0 2007.12.13 suspicious Trojan/Worm eTrust-Vet 31.3.5377 2007.12.15 Win32/SubSeven.AM Ewido 4.0 2007.12.14 Backdoor.SubSeven.22 FileAdvisor 1 2007.12.15 - Fortinet 3.14.0.0 2007.12.15 W32/SubSeven.22.A!tr F-Prot 4.4.2.54 2007.12.14 W32/SubSeven.backdoor.v22a F-Secure 6.70.13030.0 2007.12.14 Backdoor.Win32.SubSeven.22 Ikarus T3.1.1.15 2007.12.15 Backdoor.Win32.SubSeven.22 Kaspersky 7.0.0.125 2007.12.15 Backdoor.Win32.SubSeven.22 McAfee 5186 2007.12.14 BackDoor-Sub7.svr Microsoft 1.3109 2007.12.15 Backdoor:Win32/Subseven.A NOD32v2 2723 2007.12.14 Win32/SubSeven.2_2.A Norman 5.80.02 2007.12.13 W32/SubSeven.2_2 Panda 9.0.0.4 2007.12.14 Bck/Subseven.P Prevx1 V2 2007.12.15 Heuristic: Suspicious File With Covert Attributes Rising 20.22.41.00 2007.12.14 Backdoor.Win32.SubSeven.psx Sophos 4.24.0 2007.12.15 Troj/Sub7-2.2 Sunbelt 2.2.907.0 2007.12.15 - Symantec 10 2007.12.15 Backdoor.SubSeven22 TheHacker 6.2.9.160 2007.12.14 BackDoor-Sub7.svr3 VBA32 3.12.2.5 2007.12.15 Backdoor.Win32.SubSeven.22 VirusBuster 4.3.26:9 2007.12.14 Backdoor.Subseven.22.A Webwasher-Gateway 6.6.2 2007.12.15 Trojan.Backdoor.Sub7-220.Srv Ok ich glaube,lokalisiert ist er auf jeden Fall. |
|
15.12.2007, 12:49
| #4 |
| | Trojaner srv3.exe?? Oh mein Gott da hab ich wohl die richtiege Datei erwischt^^ naja da dieses File (Backdoor.Win32.SubSeven.22.d ) Backdoor eigenschaften haben würde ich sagen das es das beste ist wenn du dein system neu aufsetzt. |
|
15.12.2007, 12:51
| #5 |
| | Trojaner srv3.exe?? Komisch,ich hatte grade wegen dem Virustotal wieder beim durchsuchen nach der File eine Benachrichtigung bekommen und zum Test auf Löschen gedrückt.Jetzt finde ich die exe nicht mehr.Was ist jetzt los? |
|
| Themen zu Trojaner srv3.exe?? |
| adobe, antivirus, appinit_dlls, avast, avast antivirus, avast!, bho, cyberlink, defender, desktop, dll, ebay, explorer, gservice, hijackthis, home, install.exe, internet, internet explorer, magix, maleware, mehrere, odsbcapp.exe, pdf, rundll, senden, server, software, svchost.exe, system, trojaner, unknown file in winsock lsp, vista, windows, windows defender, wmp |
Linear-Darstellung
