Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
JS\Hiloti.C.1 und HTML/Rce.Gen

JS\Hiloti.C.1 und HTML/Rce.Gen


Plagegeister aller Art und deren Bekämpfung: JS\Hiloti.C.1 und HTML/Rce.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.03.2012, 09:32   #1
Enna-AF
 
JS\Hiloti.C.1 und HTML/Rce.Gen - Standard

JS\Hiloti.C.1 und HTML/Rce.Gen


Hallo,

gestern meldete Avira den Fund von JS\Hiloti.C.1. Ich habe die Datei mit Avira entfernt. Heute meldete Avira dann den Fund von HTML/Rce.Gen in C:\Users\Niklas Herrmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VX7ANWWW\3307[1].htm. Leider war ich so blöd und habe mit CCleaner die Logfiles gelöscht.



Defogger meldetet:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:22 on 31/03/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by *** at 10:23:06 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2575 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Users\Niklas Herrmann\Downloads\the West Lan Windows 0.1.0.14\twlandownload\mysql\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\nHancer\nHancerService.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\maxdome\DCBin\DCService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.de/
uSearch Bar =
uInternet Settings,ProxyServer = 152.3.138.4:80
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Turnabout Helper: {87ff76f0-bca9-40dc-b1e5-254062eee8f4} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Reify Toolbar: {b99f805c-f0b1-48ea-8c8b-753bfcbed912} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll
TB: Gutscheinmieze: {dfefcdee-cf1a-4fc8-88ad-48514e463b27} - C:\Users\Niklas Herrmann\AppData\Roaming\Gutscheinmieze\toolbar.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {942CD1D4-9CC1-4D31-876A-EA8F489F7A59} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [<NO NAME>]
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: NoFileAssociate = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: ath.cx\twtool
Trusted Zone: web.de
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxps://img.web.de/v/smartdrive/v23/activex/web_de_osupload_2002.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{AE59E6C5-8877-4A9A-A091-CA83E1D33B2B} : DhcpNameServer = 192.168.178.1
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll
Handler: data - {038664DA-5BA5-47FC-88D9-15ADE940ED55} - C:\Program Files (x86)\Reify Software\Turnabout\turnabout.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
{0347C33E-8762-4905-BF09-768834316C61}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{87FF76F0-BCA9-40DC-B1E5-254062EEE8F4}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{EEE6C35C-6118-11DC-9C72-001320C79847}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{B99F805C-F0B1-48EA-8C8B-753BFCBED912}
{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}
{EEE6C35B-6118-11DC-9C72-001320C79847}
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB-X64: {942CD1D4-9CC1-4D31-876A-EA8F489F7A59} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jqxu2rri.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://weww.the-west.de
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.ftp - 152.3.138.4
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 152.3.138.4
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 152.3.138.4
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 152.3.138.4
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 152.3.138.4
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6\components\FirefoxExtension.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys --> C:\Windows\system32\DRIVERS\rtlprot.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-18 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-18 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 Prosieben;maxdome Download Manager;C:\Program Files (x86)\maxdome\DCBin\DCService.exe [2009-5-1 77032]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-17 2255464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 Apache2.2;Apache2.2;C:\Users\***\Downloads\the West Lan Windows 0.1.0.14\twlandownload\apache\bin\httpd.exe [2009-12-20 29416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-26 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]
S3 CBPSp50a64;CBPSp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\CBPSp50a64.sys --> C:\Windows\system32\Drivers\CBPSp50a64.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-9-4 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-9-3 79360]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-26 133104]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 12288]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-30 13:00:47 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAEE2B89-5409-4171-8609-DFE15CECE54A}\mpengine.dll
2012-03-30 12:21:16 97208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-03-30 12:21:16 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-30 12:21:16 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-30 11:52:20 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-29 16:23:10 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-29 16:23:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-29 16:23:09 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-29 16:08:41 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-03-29 16:08:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-03-29 16:08:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-29 16:08:37 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-29 16:08:35 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-29 16:08:33 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-03-29 16:08:32 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-03-29 16:08:32 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-03-29 16:08:16 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-03-29 16:08:16 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-03-29 16:04:48 -------- d-----w- C:\Program Files\Core Temp
2012-03-29 16:04:40 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-29 16:04:40 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-29 16:04:40 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-29 16:04:39 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-29 16:04:39 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-29 16:04:39 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-29 16:04:39 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-03-30 11:52:20 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 16:12:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-23 07:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2006-05-03 10:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 10:23:42,07 ===============


attach.zip als Anhang

Schonmal jetzt danke.

 

Themen zu JS\Hiloti.C.1 und HTML/Rce.Gen
acrobat update, adobe, antivir, asus, avira, bonjour, defender, desktop, device driver, dll, explorer, firefox, flash player, google, google earth, helper, home, internet, mozilla, nvidia, nvidia update, pdf, plug-in, rundll, scan, software, svchost.exe, sweetim, system, vista, windows, windows 7 home, windows 7 home premium


« Blackscreen mit Windows Sicherheitswarnung | Windows gesperrt suspicious cloud 50€ zahlen »


Ähnliche Themen: JS\Hiloti.C.1 und HTML/Rce.Gen


  1. Logfile Malwarebytes - Virus TR/Hiloti.D.1069 ?
    Log-Analyse und Auswertung - 14.08.2012 (12)
  2. Avira meldet 2x TR/Agent und 1x JS/Hiloti.C.1
    Log-Analyse und Auswertung - 14.03.2012 (8)
  3. JS/Hiloti.c.1 ... Was kann ich tun?
    Log-Analyse und Auswertung - 16.02.2012 (7)
  4. TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun?
    Log-Analyse und Auswertung - 14.09.2011 (5)
  5. Trojaner hiloti
    Log-Analyse und Auswertung - 19.07.2011 (1)
  6. Vista - Win32.Agent.fbx, Win32/Hiloti.grn!D, TR./Hiloti.D.2542
    Log-Analyse und Auswertung - 24.05.2011 (28)
  7. TR/Hiloti.D.2551 [trojan] auf meinem Rechner - benötige Hilfe - Danke
    Log-Analyse und Auswertung - 14.05.2011 (11)
  8. Vorgehen bei Tan-Trojaner (TR/Hiloti ?)
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (31)
  9. Trojaner TR/Hiloti.2385 sowie TR/TDSS.fgr
    Log-Analyse und Auswertung - 10.05.2011 (9)
  10. Trojan hiloti
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (5)
  11. Avira meldet TR/Hiloti.A.146, etc. - Rechner spinnt total
    Log-Analyse und Auswertung - 26.04.2011 (32)
  12. Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.
    Log-Analyse und Auswertung - 15.04.2011 (23)
  13. Nachsorge nach Trojanerbefall (Trojan.Hiloti.Gen)
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (2)
  14. Befall mit trojan.hiloti & co. C:\WINDOWS\msmcfy.dll (Trojan.Hiloti)
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (16)
  15. TR/Crypt.XPACK.Gen2, TR/Hiloti, und weitere Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 21.11.2010 (5)
  16. Trojan.Zbot/Hiloti auf dem rechner
    Plagegeister aller Art und deren Bekämpfung - 04.07.2010 (8)
  17. Trojan.Packed.Hiloti.gen.2-BitDefender-Keine Aktion möglich
    Plagegeister aller Art und deren Bekämpfung - 12.11.2009 (26)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema JS\Hiloti.C.1 und HTML/Rce.Gen - Hallo, gestern meldete Avira den Fund von JS\Hiloti.C.1. Ich habe die Datei mit Avira entfernt. Heute meldete Avira dann den Fund von HTML/Rce.Gen in C:\Users\Niklas Herrmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VX7ANWWW\3307[1].htm. Leider war - JS\Hiloti.C.1 und HTML/Rce.Gen...
Archiv
Du betrachtest: JS\Hiloti.C.1 und HTML/Rce.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130