|
Plagegeister aller Art und deren Bekämpfung: Hilfe sehr gefährlicher trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.04.2009, 23:47 | #1 |
| Hilfe sehr gefährlicher trojaner hi leute, habe folgendes problem: Habe heut ein Anti virus programm durchlaufen lassen und er hat mir einen trojaner angezeigt den er nicht entfernen kann!!!! Vlt. seht ihr ja was in meinem HijackThis log. Jedenfalls ist mein rechner langsamer geworden vorhin auch schon! Bitte um antwort HTML-Code: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:38:42, on 09.04.2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16809) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe C:\Users\Standard\AppData\Local\Temp\3322305171.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\System32\mobsync.exe C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [recinfo818] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20090312 O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun O4 - HKCU\..\Run: [] C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe O4 - HKCU\..\Run: [Windows Resurections] C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe O4 - HKCU\..\Run: [Diagnostic Manager] C:\Users\Standard\AppData\Local\Temp\3322305171.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7146D02C-F1C5-45A1-AB71-618D063DC3B8}: NameServer = 217.237.151.142 217.237.150.188 O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 7709 bytes |
09.04.2009, 11:46 | #2 | |
| Hilfe sehr gefährlicher trojaner Hallo und
__________________Lass bitte folgende Dateien hier http://www.kaspersky.com/de/virusscanner unter File scanner prüfen: Zitat:
|
09.04.2009, 17:05 | #3 |
| Hilfe sehr gefährlicher trojaner 1.datei
__________________Bekannte Viren: 2028492 Updated: 09-04-2009 Größe der Datei (Kb): 15 Viren-Korpus: 0 Datei: 1 Warnungen: 0 Archive: 0 Verdächtigt: 0 2.datei Bekannte Viren: 2028492 Updated: 09-04-2009 Größe der Datei (Kb): 23 Viren-Korpus: 0 Datei: 1 Warnungen: 0 Archive: 0 Verdächtigt: 0 hi hab nun die dateien da reingeladen aber er findet nix oder sehe ich das anderst?? |
09.04.2009, 20:44 | #4 |
| Hilfe sehr gefährlicher trojaner weiß keiner mehr bescheid? Außerdem öffnet seit gestern immer eine Seite mit Werbung .. O.o SEHR oft !!! Und in meinem task Manager ist die datei d333g7rfz.exe <--- 2mal!!!!!!!!!!!! Die war vorher noch nie dadrin!!! und wenn ich sie beenden will kommt sie immer wieder o.O Mfg Bittee antwortet |
09.04.2009, 21:21 | #5 |
Administrator > Competence Manager | Hilfe sehr gefährlicher trojanerHallo und Bitte zuerst die Anleitung für neue User abarbeiten -> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Erst dann wird sich jemand deinem Problem annehmen!
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
10.04.2009, 10:23 | #6 |
| Hilfe sehr gefährlicher trojaner Malwarebytes' Anti-Malware 1.36 Datenbank Version: 1961 Windows 6.0.6000 10.04.2009 11:22:20 mbam-log-2009-04-10 (11-22-20).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 63732 Laufzeit: 3 minute(s), 49 second(s) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe (Trojan.Agent) -> Unloaded process successfully. C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe (Trojan.Agent) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows resurections (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Standard\Favorites\Free Porn Movies, Clips and DVDs - Kostenlose Pornos auf PornFish.net - PornFish - Kostenlose Pornos.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Users\Standard\AppData\Local\Temp\winlognn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Standard\AppData\Local\Temp\949018872.exe (Trojan.Downloader) -> Delete on reboot. |
11.04.2009, 15:15 | #7 |
| Hilfe sehr gefährlicher trojaner hi habe nun den log von anti malware!! Bitte helft mir, Ich glaube der trojaner ist noch da. Könnt ihr bitte nachgucken? HTML-Code: Malwarebytes' Anti-Malware 1.36 Datenbank Version: 1961 Windows 6.0.6000 11.04.2009 16:13:39 mbam-log-2009-04-11 (16-13-39).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 172422 Laufzeit: 1 hour(s), 24 minute(s), 42 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
11.04.2009, 21:53 | #8 |
| Hilfe sehr gefährlicher trojaner HIER der neue HijackThis LOG !!!!! HTML-Code: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:38:42, on 09.04.2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16809) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe C:\Users\Standard\AppData\Local\Temp\3322305171.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\System32\mobsync.exe C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [recinfo818] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20090312 O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun O4 - HKCU\..\Run: [] C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe O4 - HKCU\..\Run: [Windows Resurections] C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe O4 - HKCU\..\Run: [Diagnostic Manager] C:\Users\Standard\AppData\Local\Temp\3322305171.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7146D02C-F1C5-45A1-AB71-618D063DC3B8}: NameServer = 217.237.151.142 217.237.150.188 O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 7709 bytes bitte schaut euch das an! |
11.04.2009, 21:59 | #9 |
| Hilfe sehr gefährlicher trojaner ZHPDiag von Nicolas Coolman
ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
12.04.2009, 10:22 | #10 |
| Hilfe sehr gefährlicher trojanerCode:
ATTFilter Rapport de ZHPDiag v1.17 par Nicolas Coolman Enregistré le 12.04.2009 11:16:29 Platform : Windows Vista (TM) Home Premium MSIE: Internet Explorer v7.0.6000.16809 MFIE: Mozilla Firefox (3.0.8) ---\\ Changed inifile Value, Mapped to Registry (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=explorer.exe ---\\ Internet Explorer Start Page (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ ---\\ Auto loading programs from Registry (O4) O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW ---\\ IE Options icon not visible in Control Panel (O5) O5 - control.ini: inetcpl.cpl=no ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab ---\\ Extra protocols and protocol Hijackers (O18) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL ---\\ SharedTaskScheduler (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} ---\\ ActiveSetup Installed Components (040) O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file) O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file) O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll O40 - ASIC: .NET Framework - {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - (not file) O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file) O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file) O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file) O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file) O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file) O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file) O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file) O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file) O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file) O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash10b.ocx O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file) ---\\ Software installed (O42) O42 - Logiciel: a-squared Anti-Malware 4.0 O42 - Logiciel: Adobe Flash Player 10 ActiveX O42 - Logiciel: Adobe Flash Player 10 Plugin O42 - Logiciel: Avira AntiVir Personal - Free Antivirus O42 - Logiciel: Big Fish Games Center (remove only) O42 - Logiciel: Big Fish Games Sudoku (remove only) O42 - Logiciel: CCleaner (remove only) O42 - Logiciel: Cradle of Rome (remove only) O42 - Logiciel: DAEMON Tools Toolbar O42 - Logiciel: F-Secure Anti-Virus 2009 O42 - Logiciel: Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) O42 - Logiciel: HijackThis 2.0.2 O42 - Logiciel: ICQ Toolbar O42 - Logiciel: Ulead PhotoImpact X3 O42 - Logiciel: IrfanView (remove only) O42 - Logiciel: LimeWire 5.1.2 O42 - Logiciel: MAGIX Foto Manager 2007 4.2.0.79 (D) O42 - Logiciel: MAGIX Media Suite 1.12.0.89 (D) O42 - Logiciel: MAGIX Music Manager 2007 8.2.0.144 (D) O42 - Logiciel: MAGIX Online Druck Service 2.3.2.0 (D) O42 - Logiciel: MAGIX Ringtone Maker SE 3.1.0.4 (D) O42 - Logiciel: Mahjong Towers Eternity EU (remove only) O42 - Logiciel: Malwarebytes' Anti-Malware O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - DEU O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Mozilla Firefox (3.0.8) O42 - Logiciel: Mystery Case Files - Prime Suspects (remove only) O42 - Logiciel: NVIDIA Drivers O42 - Logiciel: Poker Superstars II (remove only) O42 - Logiciel: SlimBrowser (remove only) O42 - Logiciel: BEWERBUNGS-MASTER O42 - Logiciel: Virtual Villagers (remove only) O42 - Logiciel: VLC media player 0.9.8a O42 - Logiciel: VIA Rhine-Family Fast-Ethernet Adapter O42 - Logiciel: GIMP 2.6.5 O42 - Logiciel: WinRAR O42 - Logiciel: WordPerfect Office X3 O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - deu O42 - Logiciel: Java(TM) 6 Update 13 O42 - Logiciel: Windows Live Messenger O42 - Logiciel: Bewerbung Pro O42 - Logiciel: DHTML Editing Component O42 - Logiciel: Die Sims™ 2 Haustiere O42 - Logiciel: ICQ6.5 O42 - Logiciel: Die Sims 2 O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK O42 - Logiciel: Windows Live installer O42 - Logiciel: Adobe Flash Player 9 ActiveX O42 - Logiciel: Nero 7 Essentials O42 - Logiciel: Windows Live Anmelde-Assistent O42 - Logiciel: MSXML 4.0 SP2 (KB954430) O42 - Logiciel: FirstSteps Diagnostics O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable O42 - Logiciel: Adobe Reader 8.1.0 - Deutsch O42 - Logiciel: MSXML 4.0 SP2 (KB936181) O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) O42 - Logiciel: NVIDIA PhysX O42 - Logiciel: OLYMPUS Master 2 O42 - Logiciel: OLYMPUS Raw Codec O42 - Logiciel: Realtek High Definition Audio Driver ---\\ Contents of the Common Files folders (O43) O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe O43 - CFD:Common File Directory - C:\Program Files\Common Files\Ahead O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared O43 - CFD:Common File Directory - C:\Program Files\Common Files\Corel O43 - CFD:Common File Directory - C:\Program Files\Common Files\Fujitsu Siemens Computers O43 - CFD:Common File Directory - C:\Program Files\Common Files\MAGIX O43 - CFD:Common File Directory - C:\Program Files\Common Files\MAGIX Shared O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines O43 - CFD:Common File Directory - C:\Program Files\Common Files\System O43 - CFD:Common File Directory - C:\Program Files\Common Files\Ulead Systems O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard ---\\ Last modified or created files under System32 (O44) O44 - LFC:Last File Created - C:\Windows\System32\advpack.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\Apphlpdm.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\asferror.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\batt.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\cfgmgr32.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\ci.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\clfs.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\connect.dll -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\davclnt.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->09.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\dfshim.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\dispci.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\dnsapi.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\dnscacheugc.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\dnsrslvr.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\dpinst.exe -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\dpx.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drvinst.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\dxmasf.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\dxtmsft.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\dxtrans.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\EncDec.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\es.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\f3ahvoas.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\FwRemoteSvr.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\gameux.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\GameUXLegacyGDFs.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\gdi32.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\icardagt.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\icardie.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\icardres.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\ie4uinit.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\ieapfltr.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\iernonce.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\iesetup.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\ieui.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\inetcomm.dll -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\inetcpl.cpl -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\INETRES.dll -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\infocardapi.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\infocardcpl.cpl -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\IPSECSVC.DLL -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->09.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->09.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->09.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\jupdate-1.6.0_13-b03.log -->25.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\kbd106n.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\kd1394.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\KGyGaAvL.sys -->01.04.2009 O44 - LFC:Last File Created - C:\Windows\System32\LAPRXY.DLL -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\license.rtf -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\loadperf.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\lodctr.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\logagent.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mcmde.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\MediaMetadataHandler.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mf.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mferror.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mfpmp.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mfps.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\Mpeg2Data.ax -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mpg2splt.ax -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->25.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\mscoree.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mscorier.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mscories.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\MSDvbNP.ax -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\msdxm.ocx -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mshtmled.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\MSNP.ax -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\msxml3.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\msxml3r.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\msxml6.dll -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\msxml6r.dll -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\netapi32.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\netcfg.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\netfxperf.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\netiougc.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\nshhttp.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\ntkrnlpa.exe -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\ntoskrnl.exe -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvapi.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvapps.xml -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvcod.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvcod140.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvcpl.cpl -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvcpl.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvcplui.exe -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvcpluir.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvcuda.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvcuvid.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvd3dum.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvdisp.nvu -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvdisps.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvdispsr.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvgames.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvgamesr.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvmccs.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvmccsrs.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvmccss.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvmccssr.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvmctray.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvmobls.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvmoblsr.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvoglv32.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\NvPVEnc.ax -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvsvc.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvsvcr.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvsvs.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvsvsr.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvudisp.exe -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\NVUNINST.EXE -->16.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvvitvs.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvvitvsr.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvvsvc.exe -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvwgf2um.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvwsapps.xml -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvwss.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\nvwssr.dll -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\oleaut32.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\perfc007.dat -->12.04.2009 O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->12.04.2009 O44 - LFC:Last File Created - C:\Windows\System32\perfh007.dat -->12.04.2009 O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->12.04.2009 O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->12.04.2009 |
12.04.2009, 10:24 | #11 |
| Hilfe sehr gefährlicher trojaner es hat leider net alles in einen gepasst Hier ist der 2. TEIL !! Code:
ATTFilter O44 - LFC:Last File Created - C:\Windows\System32\PhotoMetadataHandler.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\PhotoScreensaver.scr -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\PhysXLoader.dll -->16.01.2009 O44 - LFC:Last File Created - C:\Windows\System32\pngfilt.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\polstore.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\PortableDeviceApi.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\PortableDeviceClassExtension.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\PortableDeviceTypes.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\PresentationHost.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\PresentationHostProxy.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\PresentationNative_v0300.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\prflbmsg.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\printcom.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\psisdecd.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\psisrndr.ax -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\qmgr.dll -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\quartz.dll -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\rpcrt4.dll -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\rrinstaller.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\rstrui.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\sbunattend.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\schannel.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\schedsvc.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\setupapi.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\shell32.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\spwmp.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\srclient.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\srcore.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\srdelayed.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\sysmain.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\tcpipcfg.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\timedate.cpl -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\tzres.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\umpnpmgr.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\unlodctr.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\WebClnt.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\win32spl.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\WindowsCodecs.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\WindowsCodecsExt.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\winipsec.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\winload.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\winresume.exe -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wlan.tmf -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wlanapi.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wlanhlp.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wlanmsm.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wlansec.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wlansvc.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\WMASF.DLL -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\WMNetMgr.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wmp.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wmpeffects.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wmploc.DLL -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\WMVCORE.DLL -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wpd_ci.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wshrm.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wtsapi32.dll -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wuapi.dll -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wuapp.exe -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wuauclt.exe -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wuaueng.dll -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wucltux.dll -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wudriver.dll -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wups.dll -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wups2.dll -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\wuwebv.dll -->12.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\acpi.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\atapi.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\ataport.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\avgntflt.sys -->13.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\avipbb.sys -->13.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\fsbts.sys -->09.04.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\i8042prt.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\kbdclass.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\kbdhid.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06.04.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06.04.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\monitor.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\mouclass.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\mouhid.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\mrxdav.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\mrxsmb.sys -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\mrxsmb10.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\mrxsmb20.sys -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\netio.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\ntfs.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\nvBridge.kmd -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\nvlddmkm.sys -->18.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\nwifi.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\pciidex.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\rmcast.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\sermouse.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\srv.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\srv2.sys -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\srvnet.sys -->15.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\ssmdrv.sys -->13.02.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\tcpip.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\viaide.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\volsnap.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\Wdf01000.sys -->16.03.2009 O44 - LFC:Last File Created - C:\Windows\System32\drivers\WdfLdr.sys -->16.03.2009 ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages - O48 - LSA:Local Security Authority Notification Packages - End of the scan: |
12.04.2009, 22:44 | #12 |
| Hilfe sehr gefährlicher trojaner Lass noch SUPERAntiSpyware laufen (Punkt 1-3 der Anleitung). Poste danach ein neues HJT-Log. Starte diesmal HJT mit der rechten Maustaste => Ausführen als Administrator. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
13.04.2009, 19:29 | #13 |
| Hilfe sehr gefährlicher trojaner hi hab nun gescannt mit dem programm! hier der neue HijackThis log Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:27:33, on 13.04.2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16809) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Windows\System32\mobsync.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST') O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7146D02C-F1C5-45A1-AB71-618D063DC3B8}: NameServer = 217.237.151.142 217.237.150.188 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 3670 bytes |
13.04.2009, 19:35 | #14 | |
| Hilfe sehr gefährlicher trojanerZitat:
ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
13.04.2009, 20:02 | #15 |
| Hilfe sehr gefährlicher trojaner habe ihn gepostet. wartet hier nochmal HTML-Code: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:27:33, on 13.04.2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16809) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Windows\System32\mobsync.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST') O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7146D02C-F1C5-45A1-AB71-618D063DC3B8}: NameServer = 217.237.151.142 217.237.150.188 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 3670 bytes |
Themen zu Hilfe sehr gefährlicher trojaner |
adobe, antivir guard, avg, avira, bho, defender, desktop, entfernen, explorer, g data, gservice, hijack, hijackthis, internet, internet explorer, local\temp, logfile, magix, olympus, plug-in, problem, programdata, programm, rundll, software, system, temp, trojane, trojaner, virus, vista, windows, windows defender, windows sidebar |