|
Plagegeister aller Art und deren Bekämpfung: Virus Win32:Horst-ADXWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.07.2009, 18:55 | #1 |
| Virus Win32:Horst-ADX Hallo Leute ich habe ein Problem mit einen Virus Wie oben beschrieben heißt er Win32:Horst-ADX. Mein GDATA Internetsecurity kann ihn nicht löschen. Leider habe ich weniger Erfahrungen damit was kann ich machen? Danke schon mal für eure Tipps im voraus! |
05.07.2009, 08:05 | #2 |
| Virus Win32:Horst-ADX Heute Morgen kam noch eine Fehler meldung hinzu:
__________________das er die cisvc.exe nicht gefunden hat. Was kann ich jetzt noch machen???? hier mal mein logfile Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:57:58, on 05.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe C:\Programme\Java\jre6\bin\jusched.exe C:\DOKUME~1\ADMINI~1\ANWEND~1\dllhst3g.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe D:\Hijacks\HijackThis.exe |
05.07.2009, 21:15 | #3 |
| Virus Win32:Horst-ADX Hat keiner eine Idee was ich machen kann.
__________________Ich hänge immer noch an dem selben Problem. Ein Tipp wäre super. |
05.07.2009, 21:51 | #4 |
/// Helfer-Team | Virus Win32:Horst-ADX hi mic67 und arbeite bitte folgende Liste ab Punkt 2 ab: http://www.trojaner-board.de/69886-a...-beachten.html Poste bitte die Logfiles komplett hier... (das Hijackthis-Log ist nicht vollständig) Trotzdem: das hier: Code:
ATTFilter C:\DOKUME~1\ADMINI~1\ANWEND~1\dllhst3g.exe ThreatExpert Reports Gruß handball100 |
06.07.2009, 16:36 | #5 |
| Virus Win32:Horst-ADX Hallo Hanball10 danke erst mal für dein Antwort. Habe den Malware durch laufen lassen. Hier ist der Scan Bericht: Malwarebytes' Anti-Malware 1.38 Datenbank Version: 2379 Windows 5.1.2600 Service Pack 3 06.07.2009 17:19:44 mbam-log-2009-07-06 (17-19-44).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 270588 Laufzeit: 2 hour(s), 25 minute(s), 35 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 22 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MstInit (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MstInit (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Mstsc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Dropper) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\Live_TV (Adware.Agent) -> Quarantined and deleted successfully. Infizierte Dateien: c:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully. e:\programme\photoshop\adobe.photoshop.cs4.extended.v11.0.only.keymaker-core\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. e:\programme\TV\sop cast 3.0\Setup-SopCast-3.0.3-2008-4-30.exe (Rogue.Installer) -> Quarantined and deleted successfully. c:\programme\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully. und hier auch der neue Logfile von Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:25:59, on 06.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Internet Explorer\iexplore.exe D:\Hijacks\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.problems-solution.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programme\securedie\tbsecu.dll O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programme\securedie\tbsecu.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Itunes\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cisvc.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mstsc.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sessmgr.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System\clipsrv.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOKUME~1\ADMINI~1\ANWEND~1\clipsrv.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\DOKUME~1\ADMINI~1\ANWEND~1\dllhst3g.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\cisvc.exe /waitservice O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\spoolsv.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOKUME~1\ADMINI~1\ANWEND~1\cmstp.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\sessmgr.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\mstinit.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ieudinit.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\mqtgsvc.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\mstsc.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\DOKUME~1\ADMINI~1\ANWEND~1\comrepl.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\spoolsv.exe /waitservice (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ISQ\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ISQ\ICQ6\ICQ.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - D:\Itunes\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe Bin für jeden Tipp Dankbar. Der mir weiter hilft. |
07.07.2009, 00:22 | #6 |
/// Helfer-Team | Virus Win32:Horst-ADX Und wieder jemand, der sich das Rattengift in die Suppe mischt und sich dann beschwert, warum es einem schlecht geht: Code:
ATTFilter e:\programme\photoshop\adobe.photoshop.cs4.extende d.v11.0.only.keymaker-core\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Ich bin raus. Code:
ATTFilter O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cisvc.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mstsc.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sessmgr.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICR OS~1\dllhst3g.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System\clipsrv.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOKUME~1\ADMINI~1\ANWEND~1\clipsrv.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\DOKUME~1\ADMINI~1\ANWEND~1\dllhst3g.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\sess mgr.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\cisv c.exe /waitservice O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\spoo lsv.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICR OS~1\esentutl.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOKUME~1\ADMINI~1\ANWEND~1\cmstp.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\sessmgr.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\msti nit.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICR OS~1\logman.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ieudinit.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\mqtg svc.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\msts c.exe /waitservice (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\DOKUME~1\ADMINI~1\ANWEND~1\comrepl.exe /waitservice (User 'SYSTEM') Hier gehts weiter: http://www.trojaner-board.de/51262-a...sicherung.html Gruß Handball10 |
Themen zu Virus Win32:Horst-ADX |
erfahrungen, gdata, gen, inter, interne, internetsecurity, leute, problem, security, tipps, virus, weniger, win, win32 |