Antivir hat Trojaner gefunden |
Willkommen, Gast ( Anmelden | Registrierung )
Antivir hat Trojaner gefunden |
Gast_Poulsen_* |
11.01.2008, 12:30
Beitrag
#1
|
Gäste |
Antivir hat gestern bei mir einen Trojaner entdeckt.
http://www.rokop-security.de/index.php?s=&...st&p=225799 Kann sich bitte mal jeman meinen Log.File angucken und auswerten? Logfile of HijackThis v1.98.2 Scan saved at 12:26:02, on 11.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\Avira Premium Security Suite\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Programme\a-squared Anti-Malware\a2service.exe C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe C:\Programme\Avira\Avira Premium Security Suite\sched.exe C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe C:\Programme\cFosSpeed\spd.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Programme\cFosSpeed\cFosSpeed.exe C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe C:\Programme\a-squared Anti-Malware\a2guard.exe C:\Programme\Java\jre1.6.0_04\bin\jusched.exe C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe C:\Programme\Creative\MediaSource\Detector\CTDetect.exe C:\Programme\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE E:\Programme\PopTray\PopTray.exe C:\totalcmd\TOTALCMD.EXE N:\Sicherheit\Hijack\hjt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NedelnyIspolnitel Class - {3a4d1c1e-979d-11dc-8314-0800200c9a66} - C:\WINDOWS\MezhdusetZagruzchik.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CTSysVol] "C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r O4 - HKLM\..\Run: [SBDrvDet] "C:\Programme\Creative\SB Drive Det\SBDrvDet.exe" /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] "RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min O4 - HKLM\..\Run: [a-squared] "C:\Programme\a-squared Anti-Malware\a2guard.exe" /d=60 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Programme\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe O4 - Startup: PopTray.lnk = E:\Programme\PopTray\PopTray.exe O4 - Startup: Wallpaper Aktualisieren.lnk = C:\Programme\Desk-Timer\Desk-Timer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Broken Internet access because of LSP provider 'avsda.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll EDIT; habe jetzt O2 - BHO: NedelnyIspolnitel Class - {3a4d1c1e-979d-11dc-8314-0800200c9a66} - C:\WINDOWS\MezhdusetZagruzchik.dll (file missing) gefixt Der Beitrag wurde von Poulsen bearbeitet: 11.01.2008, 12:41 |
|
|
Gast_Poulsen_* |
12.01.2008, 07:43
Beitrag
#2
|
Gäste |
@raman
ich danke Dir für Deine Hilfe ZITAT hat das KAV Tool auch eine deinstallation? Das werden wohl Reste sein Ich werde morgen wohl mal Acronis anwerfen Der Beitrag wurde von Poulsen bearbeitet: 12.01.2008, 08:50 |
|
|
Vereinfachte Darstellung | Aktuelles Datum: 31.05.2024, 21:05 |