| |
| |||||||
Log-Analyse und Auswertung: SVCHOST.EXE funktioniert nicht mehr?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.03.2009, 19:53
| #1 |
| |  SVCHOST.EXE funktioniert nicht mehr? bei jedem systemstart nach der anmeldung wird mein bildschirm schwarz und dann tauch da eine meldung auf : SVCHOST.EXE funktioniert nicht mehr. deswegen muss ich explorer.exe immer von meinem taskmanager aus anmachen hier sind meine logfiles(1 von HJT und 1 von ComboFix) Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:02:39, on 14.03.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lexmark 2600 Series\lxdnmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll F2 - REG:system.ini: Shell=explorer.exe C:\Users\Ahmet\AppData\Roaming\scvhost.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [recinfo914] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bpk] C:\Windows\system32\bpk.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1222018766 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/TR-TR/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 10400 bytes |
|
15.03.2009, 19:57
| #2 |
| | SVCHOST.EXE funktioniert nicht mehr? und von combofix:
__________________Code:
ATTFilter ComboFix 09-03-14.01 - ... 2009-03-15 18:49:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2047.1267 [GMT 1:00]
ausgeführt von:: c:\users\...\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\28463
c:\windows\system32\28463\MMNP.009
c:\windows\system32\inst.dat
c:\windows\system32\pk.bin
.
((((((((((((((((((((((( Dateien erstellt von 2009-02-15 bis 2009-03-15 ))))))))))))))))))))))))))))))
.
2009-03-15 14:53 . 2009-03-15 15:15 3,693 --a------ c:\users\...\AppData\Roaming\ntdetect.sys
2009-03-15 13:37 . 2009-03-15 13:37 <DIR> d-------- c:\users\All Users\NOS
2009-03-15 13:37 . 2009-03-15 13:37 <DIR> d-------- c:\programdata\NOS
2009-03-15 13:37 . 2009-03-15 13:37 <DIR> d-------- c:\program files\NOS
2009-03-14 23:21 . 2009-03-14 23:21 <DIR> d-------- c:\users\All Users\Avira
2009-03-14 23:21 . 2009-03-14 23:21 <DIR> d-------- c:\programdata\Avira
2009-03-14 23:21 . 2009-03-14 23:21 <DIR> d-------- c:\program files\Avira
2009-03-14 23:02 . 2009-03-14 23:02 <DIR> d-------- c:\program files\Trend Micro
2009-03-14 19:11 . 2009-03-14 19:11 <DIR> d-------- c:\users\...\AppData\Roaming\FOG Downloader
2009-03-14 19:04 . 2009-03-14 19:20 <DIR> d-------- c:\windows\System32\dt
2009-03-14 18:57 . 2009-03-14 19:13 3,182 --a------ c:\windows\System32\bpk.dat
2009-03-12 18:18 . 2009-03-12 18:57 75 --a------ c:\windows\System32\AttackSettings.ini
2009-03-12 18:04 . 2009-02-20 16:33 216,064 --a------ c:\windows\System32\HD Bot.exe
2009-03-11 19:46 . 2009-03-14 19:19 741,376 --a------ c:\users\...\AppData\Roaming\SCVHOST.EXE
2009-03-11 19:46 . 2009-03-14 19:19 86,528 --a------ c:\users\...\AppData\Roaming\NTCOM.DLL
2009-03-11 09:30 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 09:30 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:30 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 09:30 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 09:30 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 09:30 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-05 20:18 . 2009-03-05 21:02 <DIR> d-------- c:\users\...\AppData\Roaming\Hamachi
2009-03-05 20:18 . 2009-03-05 20:18 <DIR> d-------- c:\program files\Hamachi
2009-03-05 20:18 . 2009-03-05 20:18 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-02-28 16:38 . 2009-02-28 16:38 <DIR> d-------- c:\users\All Users\RapidSolution
2009-02-28 16:38 . 2009-02-28 16:38 <DIR> d-------- c:\programdata\RapidSolution
2009-02-21 13:21 . 2009-02-21 13:21 <DIR> d-------- c:\windows\System32\Color
2009-02-17 19:34 . 2009-02-27 14:07 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-17 19:33 . 2009-02-17 19:33 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-02-17 19:33 . 2009-02-17 19:33 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-17 19:33 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-02-17 19:32 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2009-02-15 19:01 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 19:01 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 19:01 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 19:01 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 19:01 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 16:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 16:13 --------- d-----w c:\program files\Klett
2009-03-14 21:49 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-12 10:02 --------- d-----w c:\program files\Windows Mail
2009-03-11 15:42 --------- d-----w c:\programdata\Lx_cats
2009-03-09 19:20 --------- d-----w c:\program files\ICQ6.5
2009-03-07 18:14 --------- d-----w c:\users\...\AppData\Roaming\teamspeak2
2009-02-17 18:34 --------- d-----w c:\program files\Microsoft
2009-02-17 18:33 --------- d-----w c:\program files\Windows Live
2009-02-06 18:46 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-30 20:53 --------- d-----w c:\users\...\AppData\Roaming\Teeworlds
2009-01-29 11:50 --------- d-----w c:\programdata\ThumbnailCache4R
2009-01-23 11:17 4 ----a-w c:\users\...\AppData\Roaming\wklnhst.dat
2009-01-16 12:56 --------- d-----w c:\program files\Google
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-14 18:58 1,868 ----a-w c:\program files\Windows Movie Maker 2.6.lnk
2008-12-03 19:27 992,209 ----a-w c:\users\...\Black_Amazon_by_hurtness.exe
2008-09-07 14:06 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\...\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-09 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-03 1831936]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-05-02 366400]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"recinfo914"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-01 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-01 81920]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2007-12-17 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2007-12-17 16040]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]
c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPGL"= jpgl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B73DA30D-EBE7-4CAE-886E-B95FDBF01184}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2202690F-F251-498B-9BDA-A92122CEE048}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{977A227D-F9DC-47F8-A21F-C0205C031623}"= UDP:c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe:FSCLBaseUpdaterService.exe
"{C96F40C4-01CF-475F-9A71-BAD3D5005BC7}"= TCP:c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe:FSCLBaseUpdaterService.exe
"TCP Query User{D995AF99-62BF-4A2F-82E2-3EDAB203137E}c:\\users\\ahmet\\downloads\\openoffice.org 2.4 (de) installation files\\wow-dede-installer-downloader.exe"= UDP:c:\users\ahmet\downloads\openoffice.org 2.4 (de) installation files\wow-dede-installer-downloader.exe:wow-dede-installer-downloader.exe
"UDP Query User{4CC47CD8-5DCD-450B-877F-61C30E36CC0A}c:\\users\\ahmet\\downloads\\openoffice.org 2.4 (de) installation files\\wow-dede-installer-downloader.exe"= TCP:c:\users\ahmet\downloads\openoffice.org 2.4 (de) installation files\wow-dede-installer-downloader.exe:wow-dede-installer-downloader.exe
"TCP Query User{5E2FB33C-3A0B-4DB7-8309-1D49E5122456}c:\\users\\ahmet\\downloads\\openoffice.org 2.4 (de) installation files\\wow-burningcrusade-dede-installer-downloader.exe"= UDP:c:\users\ahmet\downloads\openoffice.org 2.4 (de) installation files\wow-burningcrusade-dede-installer-downloader.exe:wow-burningcrusade-dede-installer-downloader.exe
"UDP Query User{C69A3970-50F5-411A-8240-51E27927CE15}c:\\users\\ahmet\\downloads\\openoffice.org 2.4 (de) installation files\\wow-burningcrusade-dede-installer-downloader.exe"= TCP:c:\users\ahmet\downloads\openoffice.org 2.4 (de) installation files\wow-burningcrusade-dede-installer-downloader.exe:wow-burningcrusade-dede-installer-downloader.exe
"{59F6C57D-68C1-44DE-BE67-4E95E254AEA3}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{69BB39AF-D65C-42F6-B359-5B9CAE77533B}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{496EDA86-20B4-4680-8027-8AB57B5A3DBD}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{E7A84EC8-EEC1-477F-81D2-9583DE241E63}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{F984ADDA-928B-4E57-B5F8-39B602FA39B9}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{1F289207-958D-4C56-B618-4DCA01B34489}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{CC4D6970-26BF-4084-AEE1-26277D66C71E}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{1AFC4258-8720-4499-B20A-11F6F975C472}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{4B3308B4-CE4A-4E01-AA83-E6B8E7E5C406}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{246C1311-141C-469B-B218-11083EDC3781}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{DC3AF067-A069-4C9C-9816-FCDC3B81B369}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{99A21581-C218-4E2D-93EF-B29AFD224A41}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{55B8FB14-4736-4201-9D29-8792FC021F8E}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{151442A7-E9FC-4421-AAB8-3C5DF5199595}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{95C694AD-F231-4DC3-AB94-7352DFE644E9}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{38821C20-4293-45FD-B0C3-8771E23DC182}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"TCP Query User{5A392E7A-4651-4070-B3E5-B687734CB0AC}c:\\program files\\lexmark 2600 series\\lxdnlscn.exe"= UDP:c:\program files\lexmark 2600 series\lxdnlscn.exe:lxdnlscn
"UDP Query User{B280CDC7-05C1-4746-A2B6-77013F16825C}c:\\program files\\lexmark 2600 series\\lxdnlscn.exe"= TCP:c:\program files\lexmark 2600 series\lxdnlscn.exe:lxdnlscn
"{475A05DF-4E72-4776-948D-5AD858EFE706}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-deDE-Win-Final-downloader.exe:Blizzard Downloader
"{BE7BFC74-052D-4677-8314-90DC7173F736}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-deDE-Win-Final-downloader.exe:Blizzard Downloader
"{CB68ECA5-0476-4559-A8F4-4D55C85AC543}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{8B857AE9-F57B-4E8D-AB77-5F710CB3427D}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{F3318628-B70E-4841-924D-F7BC14010326}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{5FF54A28-BFA9-4BF6-86D1-EDC4453E04FD}c:\\big fish games\\world of warcraft\\metin2\\metin2.bin"= UDP:c:\big fish games\world of warcraft\metin2\metin2.bin:metin2.bin
"UDP Query User{0D1E81A4-44E5-4121-9A36-69D3E5EC0049}c:\\big fish games\\world of warcraft\\metin2\\metin2.bin"= TCP:c:\big fish games\world of warcraft\metin2\metin2.bin:metin2.bin
"TCP Query User{110F9410-1724-4508-98DB-30F70003904A}c:\\program files\\lexmark 2600 series\\lxdnmon.exe"= UDP:c:\program files\lexmark 2600 series\lxdnmon.exe:Printer Device Monitor
"UDP Query User{D4B6A998-BC57-48BF-AD31-C81EB1122ADE}c:\\program files\\lexmark 2600 series\\lxdnmon.exe"= TCP:c:\program files\lexmark 2600 series\lxdnmon.exe:Printer Device Monitor
"TCP Query User{F1AFFFBF-938E-40D9-B9A2-7A9A983ED6E0}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FD1CFC1C-50CF-4A33-8090-797DCABECF0B}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"{620DA27C-B08F-4F8F-83F5-AD69EF23CE3B}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:Blizzard Downloader
"{AFCCAA51-7014-4B07-BD34-14C41DE2CBF2}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:Blizzard Downloader
"TCP Query User{0AF36C79-0519-481C-BB92-CE89042483E9}c:\\big fish games\\world of warcraft\\cabaltemp\\estsetuploader.exe"= UDP:c:\big fish games\world of warcraft\cabaltemp\estsetuploader.exe:EST! download engine
"UDP Query User{CE0DAEAB-B87E-4623-9909-DEC8FB0B1871}c:\\big fish games\\world of warcraft\\cabaltemp\\estsetuploader.exe"= TCP:c:\big fish games\world of warcraft\cabaltemp\estsetuploader.exe:EST! download engine
"TCP Query User{D7069DFC-9440-42C8-898A-683CCF3C7748}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{A6279C8D-EAA4-4861-8F88-5F96E135ECE7}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{1E78F6DA-D4F9-45A6-A89F-B1F637464D7B}c:\\big fish games\\bfg communication\\world of warcraft\\launcher.exe"= UDP:c:\big fish games\bfg communication\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{741D18BC-A7DD-4914-B43B-90E49C3965E9}c:\\big fish games\\bfg communication\\world of warcraft\\launcher.exe"= TCP:c:\big fish games\bfg communication\world of warcraft\launcher.exe:Blizzard Launcher
"{01692E0D-A9DE-4149-B680-9BC92741FBBF}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{CAE7FED4-29AB-4BCF-8E43-DEC6775BF995}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{1DA2B81B-2F98-4890-861F-E5B441D5998C}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"TCP Query User{F578E068-9762-49DB-AD74-BCADFDE5D9A4}c:\\users\\...\\appdata\\roaming\\mozilla\\firefox\\profiles\\buothxib.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= UDP:c:\users\...\appdata\roaming\mozilla\firefox\profiles\buothxib.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe
"UDP Query User{C9D54685-15BF-4AC8-A62C-50D06B793521}c:\\users\\...\\appdata\\roaming\\mozilla\\firefox\\profiles\\buothxib.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= TCP:c:\users\ahmet\appdata\roaming\mozilla\firefox\profiles\buothxib.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe
"TCP Query User{DBDA7644-A449-4E73-91F7-A37E6AE8E9B3}c:\\users\\ahmet\\downloads\\fogdownloaderde-runesofmagic.exe"= UDP:c:\users\ahmet\downloads\fogdownloaderde-runesofmagic.exe:fogdownloaderde-runesofmagic.exe
"UDP Query User{17BCFD12-00AF-4B85-BF87-938ED392A5A8}c:\\users\\ahmet\\downloads\\fogdownloaderde-runesofmagic.exe"= TCP:c:\users\ahmet\downloads\fogdownloaderde-runesofmagic.exe:fogdownloaderde-runesofmagic.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-04-03 554352]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [2007-12-05 98984]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\System32\drivers\pcam800.sys [2002-07-27 210792]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-17 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-15 33176]
S3 scramby_out;Scramby Output;c:\windows\System32\drivers\scramby_out.sys [2007-08-08 23840]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a80fc8f-7f66-11dd-a363-001d926e0ea9}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FATMA.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e34258-7ce5-11dd-946c-001d926e0ea9}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FATMA.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e34264-7ce5-11dd-946c-001d926e0ea9}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FATMA.vbs
.
Inhalt des "geplante Tasks" Ordners
2009-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888669380-1727950260-3000317607-1000.job
- c:\users\...\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-09 14:57]
2009-03-15 c:\windows\Tasks\User_Feed_Synchronization-{8DF981CB-55D3-4D19-8868-D012570C8EBE}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\...\AppData\Roaming\Mozilla\Firefox\Profiles\buothxib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\users\...\AppData\Roaming\Mozilla\Firefox\Profiles\buothxib.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\...\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\...\AppData\Roaming\Mozilla\Firefox\Profiles\buothxib.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 18:50:49
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2009-03-15 18:52:48
ComboFix-quarantined-files.txt 2009-03-15 17:52:46
Vor Suchlauf: 33 Verzeichnis(se), 184.494.329.856 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 185,608,302,592 Bytes frei
229 --- E O F --- 2009-03-14 09:02:13
|
|
15.03.2009, 20:07
| #3 |
  | SVCHOST.EXE funktioniert nicht mehr? Hallo und
__________________ Bitte in Zukunft nicht in ComboFix-Logs editieren. Das macht die Bereinigung schwieriger. Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen: Code:
ATTFilter c:\users\...\AppData\Roaming\SCVHOST.EXE
c:\users\...\AppData\Roaming\NTCOM.DLL
c:\windows\System32\HD Bot.exe
ciao, andreas
__________________ |
|
15.03.2009, 20:13
| #4 |
| | SVCHOST.EXE funktioniert nicht mehr?Code:
ATTFilter Datei SCVHOST.EXE empfangen 2009.03.15 20:09:27 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 10/39 (25.65%)a-squared 4.0.0.101 2009.03.15 Trojan-Dropper.Win32.Delf!IK
AhnLab-V3 5.0.0.2 2009.03.15 -
AntiVir 7.9.0.114 2009.03.13 -
Authentium 5.1.0.4 2009.03.15 -
Avast 4.8.1335.0 2009.03.14 -
AVG 8.0.0.237 2009.03.15 PSW.Delf.CWA
BitDefender 7.2 2009.03.15 -
CAT-QuickHeal 10.00 2009.03.14 Trojan.Agent.IRC
ClamAV 0.94.1 2009.03.15 -
Comodo 1057 2009.03.15 -
DrWeb 4.44.0.09170 2009.03.15 -
eSafe 7.0.17.0 2009.03.15 Win32.TrojanDropperD
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.15 -
F-Secure 8.0.14470.0 2009.03.15 -
Fortinet 3.117.0.0 2009.03.15 PossibleThreat
GData 19 2009.03.15 -
Ikarus T3.1.1.45.0 2009.03.15 Trojan-Dropper.Win32.Delf
K7AntiVirus 7.10.671 2009.03.14 -
Kaspersky 7.0.0.125 2009.03.15 -
McAfee 5554 2009.03.15 -
McAfee+Artemis 5554 2009.03.15 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.03.13 -
Microsoft 1.4405 2009.03.15 TrojanDropper:Win32/Delf.TE
NOD32 3937 2009.03.15 -
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.15 -
Panda 10.0.0.10 2009.03.15 Suspicious file
PCTools 4.4.2.0 2009.03.15 -
Prevx1 V2 2009.03.15 Medium Risk Malware
Rising 21.20.62.00 2009.03.15 -
Sophos 4.39.0 2009.03.15 -
Sunbelt 3.2.1858.2 2009.03.15 -
Symantec 1.4.4.12 2009.03.15 -
TheHacker 6.3.3.0.282 2009.03.15 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.15 -
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.15 -
|
|
15.03.2009, 20:18
| #5 |
| | SVCHOST.EXE funktioniert nicht mehr? dies hier c:\users\...\AppData\Roaming\NTCOM.DLL konnte ich nicht bei virustotal uploaden deswegen habe ich es bei virscan.org upgeloadet Code:
ATTFilter Datei Informationen
Dateiname : NTCOM.DLL
Größe : 86528 byte
Typ : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : a2d9e3354c1f792db0a1a724a3f4fe2a
SHA1 : b96db2398ef547b9e2fd2136468cfca8ddb682dd
Scan Ergebnis
Scan Ergebnis : 3% der Scanner (1/37) haben Malware gefunden!
Zeit : 2009/03/15 20:15:15 (CET)
Scanner ↓ Engine Ver Sig Ver Sig Datum Scan Ergebnis Zeit
a-squared 4.0.0.32 20090315223639 2009-03-15
-
2.460
AhnLab V3 2009.03.15.00 2009.03.15 2009-03-15
-
1.109
AntiVir 7.9.0.114 7.1.2.171 2009-03-13
-
1.940
Antiy 2.0.18 20090315.2217560 2009-03-15
-
0.119
Authentium 5.1.1 200903141844 2009-03-14
-
1.290
AVAST! 3.0.1 090314-0 2009-03-14
-
0.010
AVG 7.5.52.442 270.11.15/2003 2009-03-15
PSW.Delf.CVZ
1.955
BitDefender 7.81008.2794426 7.24204 2009-03-16
-
2.556
CA (VET) 9.0.0.143 31.6.6395 2009-03-13
-
3.813
ClamAV 0.94.2 9110 2009-03-15
-
0.025
Comodo 3.8 1057 2009-03-15
-
0.509
CP Secure 1.1.0.715 2009.03.15 2009-03-15
-
7.486
Dr.Web 4.44.0.9170 2009.03.15 2009-03-15
-
4.174
F-Prot 4.4.4.56 20090315 2009-03-15
-
1.311
F-Secure 5.51.6100 2009.03.15.02 2009-03-15
-
0.054
Fortinet 2.81-3.117 10.161 2009-03-15
-
0.242
GData 19.3971/19.261 20090315 2009-03-15
-
3.388
Ikarus T3.1.01.45 2009.03.15.72430 2009-03-15
-
4.340
JiangMin 11.0.706 2009.03.15 2009-03-15
-
1.642
Kaspersky 5.5.10 2009.03.15 2009-03-15
-
0.044
KingSoft 2009.2.5.15 2009.3.15.20 2009-03-15
-
1.772
McAfee 5.3.00 5554 2009-03-15
-
2.697
Microsoft 1.4405 2009.03.15 2009-03-15
-
6.540
mks_vir 2.01 2009.03.15 2009-03-15
-
2.919
Norman 6.00.06 6.00.00 2009-03-13
-
8.010
nProtect 20090315.01 3335700 2009-03-15
-
5.271
Panda 9.05.01 2009.03.15 2009-03-15
-
1.665
Quick Heal 10.00 2009.03.14 2009-03-14
-
1.719
Rising 20.0 21.20.62.00 2009-03-15
-
0.949
Sophos 2.84.1 4.39 2009-03-16
-
2.116
Sunbelt 5042 5042 2009-03-14
-
0.696
Symantec 1.3.0.24 20090315.003 2009-03-15
-
0.048
The Hacker 6.3.2.7 v00282 2009-03-15
-
0.556
Trend Micro 8.700-1004 5.896.44 2009-03-15
-
0.029
VBA32 3.12.10.1 20090314.1951 2009-03-14
-
1.734
ViRobot 20090313 2009.03.13 2009-03-13
-
0.414
VirusBuster 4.5.11.10 10.102.11/978871 2009-03-15
-
1.262
|
|
15.03.2009, 20:22
| #6 |
| | SVCHOST.EXE funktioniert nicht mehr? dies : c:\windows\System32\HD Bot.exe, ging ebenfalls nicht bei TV also musste ich es wieder bei virscan.org uploaden Code:
ATTFilter Datei Informationen
Dateiname : HD Bot.exe
Größe : 216064 byte
Typ : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : f1ac469009b60c572f052918e1747dcc
SHA1 : 5bd1a4cc5a54032136f981faca8e3b20697bff68
Scan Ergebnis
Scan Ergebnis : Es wurde keine Infektion ermittelt!
Zeit : 2009/03/15 20:19:51 (CET)
Scanner ↓ Engine Ver Sig Ver Sig Datum Scan Ergebnis Zeit
a-squared 4.0.0.32 20090315223639 2009-03-15
-
2.582
AhnLab V3 2009.03.15.00 2009.03.15 2009-03-15
-
1.104
AntiVir 7.9.0.114 7.1.2.171 2009-03-13
-
1.908
Antiy 2.0.18 20090315.2217560 2009-03-15
-
0.124
Authentium 5.1.1 200903141844 2009-03-14
-
1.096
AVAST! 3.0.1 090314-0 2009-03-14
-
0.878
AVG 7.5.52.442 270.11.15/2003 2009-03-15
-
1.953
BitDefender 7.81008.2794426 7.24204 2009-03-16
-
2.548
CA (VET) 9.0.0.143 31.6.6395 2009-03-13
-
5.190
ClamAV 0.94.2 9110 2009-03-15
-
0.035
Comodo 3.8 1057 2009-03-15
-
0.515
CP Secure 1.1.0.715 2009.03.15 2009-03-15
-
7.466
Dr.Web 4.44.0.9170 2009.03.15 2009-03-15
-
4.169
F-Prot 4.4.4.56 20090315 2009-03-15
-
1.087
F-Secure 5.51.6100 2009.03.15.02 2009-03-15
-
4.863
Fortinet 2.81-3.117 10.161 2009-03-15
-
0.212
GData 19.3971/19.261 20090315 2009-03-15
-
3.314
Ikarus T3.1.01.45 2009.03.15.72430 2009-03-15
-
4.301
JiangMin 11.0.706 2009.03.15 2009-03-15
-
1.576
Kaspersky 5.5.10 2009.03.15 2009-03-15
-
0.046
KingSoft 2009.2.5.15 2009.3.15.20 2009-03-15
-
0.617
McAfee 5.3.00 5554 2009-03-15
-
2.701
Microsoft 1.4405 2009.03.15 2009-03-15
-
4.482
mks_vir 2.01 2009.03.15 2009-03-15
-
2.692
Norman 6.00.06 6.00.00 2009-03-13
-
8.009
nProtect 20090315.01 3335700 2009-03-15
-
4.292
Panda 9.05.01 2009.03.15 2009-03-15
-
3.635
Quick Heal 10.00 2009.03.14 2009-03-14
-
1.287
Rising 20.0 21.20.62.00 2009-03-15
-
0.802
Sophos 2.84.1 4.39 2009-03-16
-
2.077
Sunbelt 5042 5042 2009-03-14
-
0.562
Symantec 1.3.0.24 20090315.003 2009-03-15
-
0.050
The Hacker 6.3.2.7 v00282 2009-03-15
-
0.537
Trend Micro 8.700-1004 5.896.44 2009-03-15
-
0.029
VBA32 3.12.10.1 20090314.1951 2009-03-14
-
1.729
ViRobot 20090313 2009.03.13 2009-03-13
-
0.413
VirusBuster 4.5.11.10 10.102.11/978871 2009-03-15
-
1.229
|
|
15.03.2009, 20:35
| #7 |
| | SVCHOST.EXE funktioniert nicht mehr? Falls du noch keine Recovery-DVD erstellt hast, solltest du das schnellstens nachholen. Mit schnellstens meine ich nach der Bereinigung. Scripten mit Combofix
Code:
ATTFilter KILLALL::
DirLook::
c:\program files\Common Files\Blizzard Entertainment
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"swg"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a80fc8f-7f66-11dd-a363-001d926e0ea9}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e34258-7ce5-11dd-946c-001d926e0ea9}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e34264-7ce5-11dd-946c-001d926e0ea9}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888669380-1727950260-3000317607-1000.job
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer.  Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
| Themen zu SVCHOST.EXE funktioniert nicht mehr? |
| .exe funktioniert nicht mehr, adobe, bho, bildschirm, combofix, defender, desktop, dll, firefox, funktioniert nicht mehr, google, google update, gservice, hijack, hijackthis, internet, internet explorer, mozilla, object, pdf, picasa, rundll, senden, software, svchost.exe, symantec, taskmanager, vista, windows, windows defender, windows sidebar, wmp |
Linear-Darstellung
