Virus Win32:Horst-ADX

mic67 · 04.07.2009, 18:55

Hallo Leute ich habe ein Problem mit einen Virus
Wie oben beschrieben heißt er Win32:Horst-ADX.

Mein GDATA Internetsecurity kann ihn nicht löschen.
Leider habe ich weniger Erfahrungen damit was kann ich machen?

Danke schon mal für eure Tipps im voraus!

mic67 · 05.07.2009, 08:05

Heute Morgen kam noch eine Fehler meldung hinzu:

das er die cisvc.exe nicht gefunden hat.

Was kann ich jetzt noch machen????

hier mal mein logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57:58, on 05.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe
C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\DOKUME~1\ADMINI~1\ANWEND~1\dllhst3g.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
D:\Hijacks\HijackThis.exe

mic67 · 05.07.2009, 21:15

Hat keiner eine Idee was ich machen kann.

Ich hänge immer noch an dem selben Problem.

Ein Tipp wäre super.

handball10 · 05.07.2009, 21:51

hi mic67 und

arbeite bitte folgende Liste ab Punkt 2 ab:
http://www.trojaner-board.de/69886-a...-beachten.html

Poste bitte die Logfiles komplett hier... (das Hijackthis-Log ist nicht vollständig)

Trotzdem:

das hier:

Code:

ATTFilter

C:\DOKUME~1\ADMINI~1\ANWEND~1\dllhst3g.exe

gefällt mir nicht:
ThreatExpert Reports

Gruß
handball100

mic67 · 06.07.2009, 16:36

Hallo Hanball10

danke erst mal für dein Antwort.

Habe den Malware durch laufen lassen.
Hier ist der Scan Bericht:

Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2379
Windows 5.1.2600 Service Pack 3

06.07.2009 17:19:44
mbam-log-2009-07-06 (17-19-44).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 270588
Laufzeit: 2 hour(s), 25 minute(s), 35 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 22
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MstInit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MstInit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Mstsc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Dropper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
e:\programme\photoshop\adobe.photoshop.cs4.extended.v11.0.only.keymaker-core\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\programme\TV\sop cast 3.0\Setup-SopCast-3.0.3-2008-4-30.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\programme\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.

und hier auch der neue Logfile von Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:59, on 06.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe
C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Hijacks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.problems-solution.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programme\securedie\tbsecu.dll
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Programme\securedie\tbsecu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Itunes\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOKUME~1\ADMINI~1\ANWEND~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\DOKUME~1\ADMINI~1\ANWEND~1\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOKUME~1\ADMINI~1\ANWEND~1\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ieudinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\mqtgsvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\mstsc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\DOKUME~1\ADMINI~1\ANWEND~1\comrepl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\spoolsv.exe /waitservice (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ISQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ISQ\ICQ6\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - D:\Itunes\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

Bin für jeden Tipp Dankbar.
Der mir weiter hilft.

handball10 · 07.07.2009, 00:22

Und wieder jemand, der sich das Rattengift in die Suppe mischt und sich dann beschwert, warum es einem schlecht geht:

Code:

ATTFilter

e:\programme\photoshop\adobe.photoshop.cs4.extende d.v11.0.only.keymaker-core\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Ich bin raus.

Code:

ATTFilter

O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICR OS~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOKUME~1\ADMINI~1\ANWEND~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\DOKUME~1\ADMINI~1\ANWEND~1\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\sess mgr.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\cisv c.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\spoo lsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICR OS~1\esentutl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOKUME~1\ADMINI~1\ANWEND~1\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [SessMgr] C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\sessmgr.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOKUME~1\ADMINI~1\ANWEND~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\msti nit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\MICR OS~1\logman.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ieudinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\mqtg svc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\Dokumente und Einstellungen\Administrator\LOCALS~1\APPLIC~1\msts c.exe /waitservice (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\DOKUME~1\ADMINI~1\ANWEND~1\comrepl.exe /waitservice (User 'SYSTEM')

Alles schädliche Einträge

Hier gehts weiter:
http://www.trojaner-board.de/51262-a...sicherung.html

Gruß
Handball10

05.07.2009, 21:51	#4
handball10 /// Helfer-Team	Virus Win32:Horst-ADX hi mic67 und arbeite bitte folgende Liste ab Punkt 2 ab: http://www.trojaner-board.de/69886-a...-beachten.html Poste bitte die Logfiles komplett hier... (das Hijackthis-Log ist nicht vollständig) Trotzdem: das hier: Code: ATTFilter C:\DOKUME~1\ADMINI~1\ANWEND~1\dllhst3g.exe gefällt mir nicht: ThreatExpert Reports Gruß handball100

Virus Win32:Horst-ADX

Plagegeister aller Art und deren Bekämpfung: Virus Win32:Horst-ADX