| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie werde ich Trojaner los??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.07.2008, 16:35
| #1 |
| |  Wie werde ich Trojaner los?? Hallo, Ich habe vorgestern einen Download von Codec angenommen und wusste nicht was es ist.  Jetzt habe ich Trojaner auf meinem PC AVG hat es angezeigt . Trojan horse Generic und so was. Hier ist mein Logfile: Könnt ihr mir helfen?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:34:24, on 21.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Programme\Java\jre1.6.0_06\bin\jusched.exe C:\Programme\Windows Live\Messenger\MsnMsgr.Exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\RALINK\Common\RaUI.exe C:\Programme\WinZip\WZQKPICK.EXE C:\PROGRA~1\Magentic\bin\MgApp.exe C:\Programme\IncrediMail\bin\ImApp.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Programme\Windows Live\Messenger\usnsvc.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de-at\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de-at\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: BitTorrent.To Toolbar - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Programme\BitTorrent.To Toolbar\tbu00380\BitTorrent_v2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [BMa36d0f17] Rundll32.exe "C:\WINDOWS\system32\isstlqiv.dll",s O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: p6_erinnerung_18_demo.lnk = C:\Programme\phase6\phase6_18_demo\WinStart\WinStartDemo.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5342/mcfscan.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe -- End of file - 9497 bytes |
|
22.07.2008, 18:39
| #2 |
  |  Wie werde ich Trojaner los?? Hi resdili und
__________________ Natürlich können wir dir helfen  Bitte lass als erstes Malwarebytes laufen, lass alles löschen was er findet und poste das Log
__________________ |
|
25.07.2008, 12:07
| #3 |
| | Wie werde ich Trojaner los?? Hi,
__________________Danke hier ist mein Logfile: Malwarebytes' Anti-Malware 1.23 Datenbank Version: 985 Windows 5.1.2600 Service Pack 2 13:04:55 25.07.2008 mbam-log-7-25-2008 (13-04-55).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 50335 Laufzeit: 18 minute(s), 56 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 12 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Programme\BitTorrent.To Toolbar\tbu00380\BitTorrent_v2.dll (Adware.DosPopToolbar) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\tbsb07398.ietoolbar (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{9b83ff94-fba0-469e-98eb-b649f205215f} (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d65c5fae-31b0-49c3-bafb-ba6d08994385} (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f1bb3a9a-767b-465b-82cf-153eb890e9d0} (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\tbsb07398.ietoolbar.1 (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\tbsb07398.tbsb07398 (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\tbsb07398.tbsb07398.3 (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\lwmcvnca.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\acnvcmwl.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Programme\BitTorrent.To Toolbar\tbu00380\BitTorrent_v2.dll (Adware.DosPopToolbar) -> Delete on reboot. C:\WINDOWS\system32\etlkihgsjpimewh.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\BMa36d0f17.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMa36d0f17.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Was soll ich jetzt machen?? |
|
25.07.2008, 12:10
| #4 | |
  | Wie werde ich Trojaner los??Zitat:
__________________ mfg, Patrick Technische Kompromittierung => Tatort Internet Keine Windows-CD? Selbst brennen. |
|
25.07.2008, 17:58
| #5 | |
| | Wie werde ich Trojaner los?? Ok , gut. Bitte lass Blacklight mal laufen Poste auch ein neues HijackThis Logfile und erstelle zusätzlich noch ein Log mit RunScanner und poste alles
__________________ Kein Support per PN Zitat:
|
|
26.07.2008, 10:18
| #6 |
| | Wie werde ich Trojaner los?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:16:46, on 26.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Programme\Java\jre1.6.0_06\bin\jusched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Windows Live\Messenger\MsnMsgr.Exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Magentic\bin\MgApp.exe C:\Programme\IncrediMail\bin\ImApp.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\RALINK\Common\RaUI.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Programme\Windows Live\Messenger\usnsvc.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\winlogon.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de-at\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de-at\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BMa36d0f17] Rundll32.exe "C:\WINDOWS\system32\isstlqiv.dll",s O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKUS\S-1-5-21-1761696461-1555551974-1466496664-1006\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background (User 'HEMMA') O4 - HKUS\S-1-5-21-1761696461-1555551974-1466496664-1006\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'HEMMA') O4 - HKUS\S-1-5-21-1761696461-1555551974-1466496664-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'HEMMA') O4 - HKUS\S-1-5-21-1761696461-1555551974-1466496664-1006\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c (User 'HEMMA') O4 - HKUS\S-1-5-21-1761696461-1555551974-1466496664-1006\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c (User 'HEMMA') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: p6_erinnerung_18_demo.lnk = C:\Programme\phase6\phase6_18_demo\WinStart\WinStartDemo.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5342/mcfscan.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe -- End of file - 9761 bytes |
|
26.07.2008, 10:21
| #7 |
| | Wie werde ich Trojaner los?? Runscanner logfile http://www.runscanner.net * = signed file - = file not found 000 General info ---------------- Computer name : TERESA Creation time : 26.07.2008 11:19:56 Hosts <> 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 6.0.2900.2180 OS : Microsoft Windows XP OS Build : 2600 OS SP : Service Pack 2 RunScanner Version : 1.6.3.0 User Language : Deutsch (Deutschland) User rights : Administrator Windows folder : C:\WINDOWS 001 Running processes --------------------- c:\programme\avira\antivir personaledition classic\avguard.exe (Avira GmbH) c:\programme\avira\antivir personaledition classic\sched.exe (Avira GmbH) c:\programme\avira\antivir personaledition classic\avgnt.exe (Avira GmbH) c:\programme\avira\antivir personaledition classic\avgnt.exe (Avira GmbH) * c:\windows\system32\services.exe (Microsoft Corporation) c:\programme\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe (Apache Software Foundation) c:\programme\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe (Apache Software Foundation) * c:\windows\system32\alg.exe (Microsoft Corporation) c:\programme\analog devices\soundmax\smax4.exe (Analog Devices, Inc.) c:\programme\analog devices\soundmax\smax4.exe (Analog Devices, Inc.) * c:\windows\system32\csrss.exe (Microsoft Corporation) * c:\windows\system32\csrss.exe (Microsoft Corporation) * c:\windows\system32\ctfmon.exe (Microsoft Corporation) c:\programme\nvidia corporation\networkaccessmanager\bin\ntrayfw.exe (NVIDIA Corporation) c:\programme\nvidia corporation\networkaccessmanager\bin\ntrayfw.exe (NVIDIA Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\programme\google\googletoolbarnotifier\googletoolbarnotifier.exe (Google Inc.) * c:\programme\google\googletoolbarnotifier\googletoolbarnotifier.exe (Google Inc.) c:\programme\hp\digital imaging\product assistant\bin\hprblog.exe (Hewlett-Packard Co.) c:\programme\hp\hp software update\hpwuschd2.exe (Hewlett-Packard Co.) c:\programme\hp\digital imaging\product assistant\bin\hprblog.exe (Hewlett-Packard Co.) c:\programme\hp\hp software update\hpwuschd2.exe (Hewlett-Packard Co.) c:\programme\hp\digital imaging\bin\hpqste08.exe (Hewlett-Packard Co.) c:\programme\hp\digital imaging\bin\hpqste08.exe (Hewlett-Packard Co.) c:\programme\hp\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) c:\programme\hp\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) * c:\programme\incredimail\bin\imapp.exe (IncrediMail, Ltd.) * c:\programme\incredimail\bin\imapp.exe (IncrediMail, Ltd.) * c:\programme\internet explorer\iexplore.exe (Microsoft Corporation) * c:\programme\internet explorer\iexplore.exe (Microsoft Corporation) * c:\programme\java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.) * c:\programme\java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.) * c:\windows\system32\lsass.exe (Microsoft Corporation) c:\programme\gemeinsame dateien\lightscribe\lssrvc.exe (Hewlett-Packard Company) * c:\progra~1\magentic\bin\mgapp.exe * c:\progra~1\magentic\bin\mgapp.exe * c:\programme\windows live\messenger\usnsvc.exe (Microsoft Corporation) c:\programme\nvidia corporation\networkaccessmanager\bin\nsvcip.exe (NVIDIA Corporation) c:\programme\nvidia corporation\networkaccessmanager\bin\nsvclog.exe (NVIDIA) * c:\windows\system32\nvsvc32.exe (NVIDIA Corporation) c:\programme\cyberlink\powerdvd\pdvdserv.exe (Cyberlink Corp.) c:\programme\cyberlink\powerdvd\pdvdserv.exe (Cyberlink Corp.) c:\programme\ralink\common\raui.exe (Ralink Technology, Corp.) c:\programme\cyberlink\shared files\richvideo.exe * c:\dokumente und einstellungen\resa\lokale einstellungen\temp\wz2c95\runscanner.exe (Runscanner.net) * c:\programme\analog devices\core\smax4pnp.exe (Analog Devices, Inc.) * c:\programme\analog devices\core\smax4pnp.exe (Analog Devices, Inc.) * c:\windows\system32\spoolsv.exe (Microsoft Corporation) * c:\windows\explorer.exe (Microsoft Corporation) * c:\windows\explorer.exe (Microsoft Corporation) * c:\programme\windows live\messenger\msnmsgr.exe (Microsoft Corporation) * c:\programme\windows live\messenger\msnmsgr.exe (Microsoft Corporation) * c:\windows\system32\winlogon.exe (Microsoft Corporation) * c:\windows\system32\winlogon.exe (Microsoft Corporation) * c:\windows\system32\smss.exe (Microsoft Corporation) * c:\progra~1\winzip\winzip32.exe (WinZip Computing, S.L.) * c:\programme\winzip\wzqkpick.exe (WinZip Computing, S.L.) * c:\programme\winzip\wzqkpick.exe (WinZip Computing, S.L.) * c:\programme\gemeinsame dateien\microsoft shared\windows live\wlloginproxy.exe (Microsoft Corporation) 002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- c:\programme\avira\antivir personaledition classic\avgnt.exe (Avira GmbH) - c:\windows\system32\isstlqiv.dll c:\programme\hp\hp software update\hpwuschd2.exe (Hewlett-Packard Co.) - c:\virusfighter\bin\zlh.exe c:\programme\nvidia corporation\networkaccessmanager\bin\ntrayfw.exe (NVIDIA Corporation) C:\WINDOWS\system32\nwiz.exe c:\programme\cyberlink\powerdvd\pdvdserv.exe (Cyberlink Corp.) c:\programme\analog devices\soundmax\smax4.exe (Analog Devices, Inc.) 003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- * c:\programme\incredimail\bin\incmail.exe (IncrediMail, Ltd.) * c:\progra~1\magentic\bin\magentic.exe 005 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -------------------------------------------------------------------------- c:\progra~1\adobe\acroba~1.0\reader\reader~1.exe (Adobe Systems Incorporated) c:\progra~1\hp\digita~1\bin\hpqtra08.exe (Hewlett-Packard Co.) c:\progra~1\ralink\common\raui.exe (Ralink Technology, Corp.) c:\progra~1\phase6\phase6~1\winstart\winsta~1.exe (phase6) 010 HKLM\SYSTEM\CurrentControlSet\Services (Services) ----------------------------------------------------- c:\programme\avira\antivir personaledition classic\avguard.exe (Avira AntiVir Personal – Free Antivirus Guard) c:\programme\avira\antivir personaledition classic\sched.exe (Avira AntiVir Personal – Free Antivirus Planer) c:\programme\cyberlink\shared files\richvideo.exe (Cyberlink RichVideo Service(CRVS)) c:\programme\nvidia corporation\networkaccessmanager\bin\nsvcip.exe (ForceWare IP service) c:\programme\nvidia corporation\networkaccessmanager\bin\nsvclog.exe (ForceWare user log service) c:\programme\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe (Forceware Web Interface) c:\programme\gemeinsame dateien\lightscribe\lssrvc.exe (LightScribeService Direct Disc Labeling Service) 011 HKLM\SYSTEM\CurrentControlSet\Services (drivers) ---------------------------------------------------- c:\windows\system32\drivers\acedrv05.sys (ACEDRV05) C:\WINDOWS\system32\drivers\aegisp.sys (AEGIS Protocol (IEEE 802.1x) v3.4.3.0) * c:\programme\avira\antivir personaledition classic\avgio.sys (avgio) * c:\programme\avira\antivir personaledition classic\avgntflt.sys (avgntflt) * C:\WINDOWS\system32\drivers\avipbb.sys (avipbb) - c:\windows\system32\drivers\changer.sys (Changer) - c:\windows\system32\drivers\i2omgmt.sys (i2omgmt) - c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc) * c:\windows\system32\drivers\mbamswissarmy.sys (MBAMSwissArmy) - c:\windows\system32\drivers\pcidump.sys (PCIDump) - c:\windows\system32\drivers\pdcomp.sys (PDCOMP) - c:\windows\system32\drivers\pdframe.sys (PDFRAME) - c:\windows\system32\drivers\pdreli.sys (PDRELI) - c:\windows\system32\drivers\pdrframe.sys (PDRFRAME) - c:\windows\system32\drivers\alcxwdm.sys (Service for Realtek AC97 Audio (WDM)) C:\WINDOWS\system32\drivers\ssmdrv.sys (ssmdrv) - c:\windows\system32\drivers\wdica.sys (WDICA) 030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter ------------------------------------------ C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} 031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler ------------------------------------------- c:\progra~1\gemein~1\system\oledb~1\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} c:\progra~1\gemein~1\system\oledb~1\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} c:\progra~1\gemein~1\system\oledb~1\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} 035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components ------------------------------------------------------------------ c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820} 040 HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks ------------------------------------------------------------ * c:\programme\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88} 041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar ---------------------------------------------------------- c:\programme\msn apps\msn toolbar\01.02.5000.1021\de-at\msntb.dll (Microsoft Corporation) {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} * c:\programme\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88} 042 HKLM\Software\Microsoft\Internet Explorer\Extensions -------------------------------------------------------- c:\programme\messenger\msmsgs.exe (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683} 045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser ---------------------------------------------------------------- c:\programme\msn apps\msn toolbar\01.02.5000.1021\de-at\msntb.dll (Microsoft Corporation) {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} * c:\programme\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88} 052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ---------------------------------------------------------------------------------- c:\programme\msn apps\msn toolbar\01.02.5000.1021\de-at\msntb.dll (Microsoft Corporation) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} c:\programme\msn apps\st\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation) {9394EDE7-C8B5-483E-8773-474BF36AF6E4} * c:\programme\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {02478D38-C3F9-4efb-9B51-7695ECA05670} 061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved --------------------------------------------------------------------------------- c:\programme\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} - deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} c:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D} c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8} 062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------------ c:\programme\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627} 068 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 -------------------------------------------------------------------------------- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) 069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors -------------------------------------------------------- C:\WINDOWS\system32\hptcpmon.dll (Hewlett Packard) 070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages --------------------------------------------------------------------- - c:\windows\system32\fccbcvtq 100 Internet Explorer settings ------------------------------ Start Page HKCU : http://www.google.at/ 104 HKLM\Software\Microsoft\Code Store Database\Distribution Units ------------------------------------------------------------------ c:\windows\downloaded program files\messengerstatspaclient.dll (Microsoft Corporation) {14B87622-7E19-4EA8-93B3-97215F77A6BC} * c:\programme\yahoo!\common\yinsthelper.dll (Yahoo! Inc.) {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} c:\windows\downloaded program files\msnmessengersetupdownloader.ocx (Microsoft Corporation) {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} c:\windows\downloaded program files\zintro.ocx (Microsoft Corporation) {B8BE5E93-A60C-4D26-A2DC-220313175592} * c:\dokumente und einstellungen\all users\anwendungsdaten\zylom\zylomgamesplayer\zylomgamesplayer.dll (Zylom Games) {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} c:\programme\java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} * c:\windows\mcafee.com\freescan\mcfscan.dll (McAfee, Inc.) {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} * c:\windows\downlo~1\gopets~1.ocx (GoPets LTD) {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} 171 HKCU\Control Panel\Desktop\SCRNSAVE.EXE ------------------------------------------- * c:\windows\system32\magent~1.scr (IncrediMail LTD.) 173 HKCR\*\shellex\ContextMenuHandlers -------------------------------------- c:\programme\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} 221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers ------------------------------------------------------- c:\programme\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} 223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- * c:\programme\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} 225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers ------------------------------------------------------------ * c:\programme\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} * c:\programme\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} 227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers --------------------------------------------------------------- c:\programme\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} 231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------- c:\programme\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info |
|
26.07.2008, 10:29
| #8 |
 | Wie werde ich Trojaner los?? Du hasst ein rotkit drauf um den zu entfernen muss man meistens den PC neu aufsetzten. C:\WINDOWS\system32\etlkihgsjpimewh.exe (Rootkit.Agent) |
|
26.07.2008, 10:44
| #9 |
| | Wie werde ich Trojaner los?? Kann ich das nicht ohne neu aufsetzen machen?? Das kostet so viel... |
|
26.07.2008, 13:22
| #10 |
| | Wie werde ich Trojaner los?? |
|
26.07.2008, 18:21
| #11 |
| | Wie werde ich Trojaner los?? ja schon aber es findet nichts. |
|
26.07.2008, 18:23
| #12 |
| | Wie werde ich Trojaner los?? ja aber es findet nichts |
|
26.07.2008, 19:42
| #13 |
| |  Wie werde ich Trojaner los?? Hallo,Also ich hab jetzt alle unsichtbaren Hintergrund Dateien angeschaut und da ist auf einmal so ein Ordner mit so einem Bild von einem Orchester gekommen... Es heißt: AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Large.jpg wie ich auf löschen gegangen bin ist gestanden es ist eine Systemdatei und so. Dann hab ichs nicht gelöscht. was soll das?? |
|
27.07.2008, 12:16
| #14 |
| Gast | Wie werde ich Trojaner los?? Wenn du mit Windows Media Player arbeitest dann holt er sich beim Start aktuelle Informationen zu deinen Liedern aus dem Internet so z.B zeigt er auch Bilder der Alben an die du besitzt (bzw. es kann auch nur ein Lied aus einem Album sein) und diese Datei die du beschrieben ist die angelegte Bilddatei des Albums zu dem das/die Lieder gehören. |
|
31.07.2008, 15:27
| #15 |
| | Wie werde ich Trojaner los?? aso na dann |
|
| Themen zu Wie werde ich Trojaner los?? |
| adobe, alert, avg, bho, e-mail, explorer, generic, google, helfen, helper, hijack, hijackthis, hkus\s-1-5-18, installation, internet, internet explorer, logfile, norman, nvidia, programme, rundll, server, shortcut, software, system, trojaner, unknown file in winsock lsp, urlsearchhook, windows, windows xp |
Linear-Darstellung
