Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   F-Secure findet: backdoor.Win32.Rukap.gen, kann aber nicht entfernen? (https://www.trojaner-board.de/40412-f-secure-findet-backdoor-win32-rukap-gen-entfernen.html)

Arwo_5 28.06.2007 19:00
F-Secure findet: backdoor.Win32.Rukap.gen, kann aber nicht entfernen?
 
Bitte um Hilfe! F-Secure kann damit nichts anfangen, was kann ich tun? Ich habe gerade ein Logfile mit HiJackThis erstellt, vielleicht hilft es. Danke voraus:
Logfile of HijackThis v1.99.1
Scan saved at 19:31:58, on 28.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programme\F-Secure Internet Security\Common\FCH32.EXE
C:\Programme\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programme\F-Secure Internet Security\FSPC\fspc.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\MicroStar\WLANUtility\WlanUtility.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programme\MicroStar\WLANUtility\WLAN_Service.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\F-Secure Internet Security\FSGUI\fsavgui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

h**p://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

ftp=127.0.0.1:8080;h**p=127.0.0.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} -

C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet

Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EstEID AIP switch] C:\Programme\IT Arendus\ID-kaart\\aipswitch 1
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Desktop Manager.lnk = C:\Programme\Research In

Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: WlanUtility.lnk = C:\Programme\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\F-Secure Internet

Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} -

C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure

Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} -

C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -

C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -

C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} -

C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {096DCF31-53FA-4BA6-A729-D85D29FC0D70} (Detect Class) -

h**ps://installer.id.ee/IDInstaller.cab
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programme\AutoCAD

2002 Deu\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) -

file://C:\Programme\AutoCAD 2002 Deu\AcDcToday.ocx
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -

file://E:\ols\connect\fscax.cab
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD

2002 Deu\InstBanr.ocx
O16 - DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} (esteidTool Class) -

h**p://w*w.sk.ee/id-kontroll/20070223.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) -

file://C:\Programme\AutoCAD 2002 Deu\AcPreview.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation -

C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation -

C:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation -

C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\F-Secure Internet

Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSI_WLAN_Service - Unknown owner -

C:\Programme\MicroStar\WLANUtility\WLAN_Service.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

cosinus 28.06.2007 21:42
Wo wird der Schädling gefunden (Pfadangabe) ?
Bitte poste das HJT-Logfile normal, so wie es jetzt ist, ist es sehr unübersichtlich mit den vielen Zeilenumbrüchen.
Poste dann auch bitte gleich ein Logfile von Silent Runners

Arwo_5 29.06.2007 10:24
C:\WINDOWS\system32\directx.0xe

cosinus 30.06.2007 19:47
Wahrscheinlich ist dein System komrpomittiert. Die Datei sieht nicht nach einer Systemdatei aus. Werte die Datei

C:\WINDOWS\system32\directx.0xe

doch mal bei Virustotal oder Jotti aus und poste sämtliche Ergebnisse inkl. Angaben zu Dateigröße und Prüfsummen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131