Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: explorer.exe NICHT im task Manager !VIRUS!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.07.2006, 15:46   #1
PSPumpgun
 
explorer.exe NICHT im task Manager !VIRUS! - Icon21

Win32.Backdoor.Ciadoor und Backdoor.Prorat16



Bitte Bitte ich brauch Hilfe.
Mein Problem ist:
Die Explorer.exe ist NICHT in meinem Task Manager.
Das bedeutet, dass irgendein Virus meinen "Browser" emuliert oda so.
Bin auf Win XP Proffessional SP2
Hier das Hijack This Logfile
Code:
ATTFilter
Logfile of HijackThis v1.99.1
Scan saved at 16:36:46, on 24.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\WINDOWS\services.exe
G:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
F:\Program Files\RSSoft\RSEDNClient.exe
E:\Steam Clienten\Steam\Steam.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Trend Micro\Tmas\Tmas.exe
F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
F:\Program Files\internet explorer\iexplore.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\taskmgr.exe
G:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\WinRAR\WinRAR.exe
F:\Documents and Settings\Ph31!kZ\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\system32\fservice.exe
F3 - REG:win.ini: load=F:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=F:\WINDOWS\system32\scvhost.exe
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Generic Host Process] F:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [Out] F:\WINDOWS\ziplogs\csrss.exe
O4 - HKLM\..\Run: [Out32] F:\WINDOWS\ziplogs\services.exe
O4 - HKLM\..\Run: [openglx] F:\WINDOWS\nortonsk.exe
O4 - HKLM\..\Run: [] \csrss.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Red Swoosh EDN Client] F:\Program Files\RSSoft\RSEDNClient.exe
O4 - HKCU\..\Run: [Steam] "E:\Steam Clienten\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [openglx] F:\WINDOWS\nortonsk.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: reico.bat
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = F:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: ZDWLan Utility.lnk = F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Alles mit FlashGet laden - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
         

Geändert von PSPumpgun (24.07.2006 um 15:57 Uhr)

Alt 24.07.2006, 15:47   #2
PSPumpgun
 
explorer.exe NICHT im task Manager !VIRUS! - Standard

explorer.exe NICHT im task Manager !VIRUS!



Teil2:
Und jetzt noch das Ad-Aware Log File, da da was von explorer.exe steht:
Code:
ATTFilter
Ad-Aware SE Build 1.06r1
Logfile Created on:Montag, 24. Juli 2006 16:42:50
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R116 24.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ABetterInternet.Nail(TAC index:5):1 total references
Backdoor.Prorat.16(TAC index:8):19 total references
MRU List(TAC index:0):5 total references
Win32.Backdoor.CiaDoor(TAC index:8):5 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


24.07.2006 16:42:50 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 844
    ThreadCreationTime : 24.07.2006 14:25:37
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\F:\WINDOWS\system32\
    ProcessID          : 1136
    ThreadCreationTime : 24.07.2006 14:25:42
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\F:\WINDOWS\system32\
    ProcessID          : 1176
    ThreadCreationTime : 24.07.2006 14:25:43
    BasePriority       : High


#:4 [services.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 1224
    ThreadCreationTime : 24.07.2006 14:25:43
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 1236
    ThreadCreationTime : 24.07.2006 14:25:43
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [svchost.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 1384
    ThreadCreationTime : 24.07.2006 14:25:44
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:7 [svchost.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 1440
    ThreadCreationTime : 24.07.2006 14:25:44
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : F:\WINDOWS\System32\
    ProcessID          : 1476
    ThreadCreationTime : 24.07.2006 14:25:44
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [svchost.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 1524
    ThreadCreationTime : 24.07.2006 14:25:44
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:10 [svchost.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 1572
    ThreadCreationTime : 24.07.2006 14:25:45
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:11 [explorer.exe]
    FilePath           : F:\WINDOWS\
    ProcessID          : 2016
    ThreadCreationTime : 24.07.2006 14:25:47
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : EXPLORER.EXE

#:12 [spoolsv.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 2044
    ThreadCreationTime : 24.07.2006 14:25:47
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolsv.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : spoolsv.exe

#:13 [wdfmgr.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 452
    ThreadCreationTime : 24.07.2006 14:25:48
    BasePriority       : Normal
    FileVersion        : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion     : 5.2.3790.1230
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows User Mode Driver Manager
    InternalName       : WdfMgr
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : WdfMgr.exe

#:14 [services.exe]
    FilePath           : F:\WINDOWS\
    ProcessID          : 772
    ThreadCreationTime : 24.07.2006 14:25:50
    BasePriority       : Normal


#:15 [firefox.exe]
    FilePath           : G:\PROGRA~1\MOZILL~1\
    ProcessID          : 1020
    ThreadCreationTime : 24.07.2006 14:25:53
    BasePriority       : Normal


#:16 [rundll32.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 1048
    ThreadCreationTime : 24.07.2006 14:25:53
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Run a DLL as an App
    InternalName       : rundll
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : RUNDLL.EXE

#:17 [soundman.exe]
    FilePath           : F:\WINDOWS\
    ProcessID          : 1056
    ThreadCreationTime : 24.07.2006 14:25:53
    BasePriority       : Normal
    FileVersion        : 5, 1, 0, 45
    ProductVersion     : 5, 1, 0, 45
    ProductName        : Realtek Sound Manager
    CompanyName        : Realtek Semiconductor Corp.
    FileDescription    : Realtek Sound Manager
    InternalName       : ALSMTray
    LegalCopyright     : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
    OriginalFilename   : ALSMTray.exe
    Comments           : Realtek AC97 Audio Sound Manager

#:18 [daemon.exe]
    FilePath           : F:\Program Files\DAEMON Tools\
    ProcessID          : 1072
    ThreadCreationTime : 24.07.2006 14:25:54
    BasePriority       : Normal


#:19 [jusched.exe]
    FilePath           : F:\Program Files\Java\jre1.5.0_07\bin\
    ProcessID          : 1088
    ThreadCreationTime : 24.07.2006 14:25:54
    BasePriority       : Normal


#:20 [nmbgmonitor.exe]
    FilePath           : F:\Program Files\Common Files\Ahead\lib\
    ProcessID          : 1096
    ThreadCreationTime : 24.07.2006 14:25:54
    BasePriority       : Normal


#:21 [rsednclient.exe]
    FilePath           : F:\Program Files\RSSoft\
    ProcessID          : 1104
    ThreadCreationTime : 24.07.2006 14:25:54
    BasePriority       : Normal


#:22 [steam.exe]
    FilePath           : E:\Steam Clienten\Steam\
    ProcessID          : 1112
    ThreadCreationTime : 24.07.2006 14:25:54
    BasePriority       : Normal
    FileVersion        : 1.0.0.0
    ProductVersion     : 1.0.0.0
    ProductName        : Steam
    CompanyName        : Valve Corporation
    FileDescription    : Steam
    LegalCopyright     : © Copyright 2000-2003 Valve Corporation All rights reserved.
    OriginalFilename   : Steam.exe

#:23 [msmsgs.exe]
    FilePath           : F:\Program Files\Messenger\
    ProcessID          : 1124
    ThreadCreationTime : 24.07.2006 14:25:54
    BasePriority       : Normal
    FileVersion        : 4.7.3000
    ProductVersion     : Version 4.7.3000
    ProductName        : Messenger
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Messenger
    InternalName       : msmsgs
    LegalCopyright     : Copyright (c) Microsoft Corporation 2004
    LegalTrademarks    : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename   : msmsgs.exe

#:24 [tmas.exe]
    FilePath           : F:\Program Files\Trend Micro\Tmas\
    ProcessID          : 176
    ThreadCreationTime : 24.07.2006 14:25:54
    BasePriority       : Normal
    FileVersion        : 3, 0, 1, 23
    ProductVersion     : 3.11
    ProductName        : Trend Micro Anti-Spyware
    CompanyName        : Trend Micro Incorporated
    FileDescription    : Anti-Spyware Main Module
    InternalName       : tmas.exe
    LegalCopyright     : Copyright (c) 2003-2005 Trend Micro Incorporated. All rights reserved.
    OriginalFilename   : tmas.exe

#:25 [zdwlan.exe]
    FilePath           : F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\
    ProcessID          : 1504
    ThreadCreationTime : 24.07.2006 14:25:55
    BasePriority       : Normal
    FileVersion        : 1, 0, 46, 9
    ProductVersion     : 1, 0, 46, 9
    ProductName        : IEEE 802.11b+g Wireless LAN Utility
    FileDescription    : IEEE 802.11b+g Wireless LAN Utility MFC Application
    InternalName       : IEEE 802.11b Wireless LAN Utility (Unicode)
    LegalCopyright     : Copyright (C) 2004
    OriginalFilename   : Wireless LAN Utility.EXE

#:26 [iexplore.exe]
    FilePath           : F:\Program Files\internet explorer\
    ProcessID          : 1788
    ThreadCreationTime : 24.07.2006 14:25:57
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Internet Explorer
    InternalName       : iexplore
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : IEXPLORE.EXE

#:27 [svchost.exe]
    FilePath           : F:\WINDOWS\System32\
    ProcessID          : 3232
    ThreadCreationTime : 24.07.2006 14:26:37
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:28 [taskmgr.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 868
    ThreadCreationTime : 24.07.2006 14:33:00
    BasePriority       : High
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows TaskManager
    InternalName       : taskmgr
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : taskmgr.exe

#:29 [firefox.exe]
    FilePath           : G:\Program Files\Mozilla Firefox\
    ProcessID          : 408
    ThreadCreationTime : 24.07.2006 14:33:20
    BasePriority       : Normal


#:30 [winrar.exe]
    FilePath           : F:\Program Files\WinRAR\
    ProcessID          : 3388
    ThreadCreationTime : 24.07.2006 14:36:23
    BasePriority       : Normal


#:31 [hijackthis.exe]
    FilePath           : F:\Documents and Settings\Ph31!kZ\Desktop\
    ProcessID          : 1868
    ThreadCreationTime : 24.07.2006 14:36:33
    BasePriority       : Normal
    FileVersion        : 1.99.0001
    ProductVersion     : 1.99.0001
    ProductName        : HijackThis
    CompanyName        : Soeperman Enterprises Ltd.
    FileDescription    : HijackThis
    InternalName       : HijackThis
    LegalCopyright     : Freeware
    OriginalFilename   : HijackThis.exe
    Comments           : Version history is in Help section

#:32 [notepad.exe]
    FilePath           : F:\WINDOWS\system32\
    ProcessID          : 3344
    ThreadCreationTime : 24.07.2006 14:36:47
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Notepad
    InternalName       : Notepad
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : NOTEPAD.EXE

#:33 [ad-aware.exe]
    FilePath           : G:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 1584
    ThreadCreationTime : 24.07.2006 14:40:33
    BasePriority       : Normal
    FileVersion        : 6.2.0.236
    ProductVersion     : SE 106
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft AB Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 Win32.Backdoor.CiaDoor Object Recognized!
    Type               : Regkey
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{e14dce67-8fb7-4721-8149-179baa4d792c}

 Win32.Backdoor.CiaDoor Object Recognized!
    Type               : Regkey
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{0958c4c9-77b0-4aa8-9364-7886bfca7e39}

 Win32.Backdoor.CiaDoor Object Recognized!
    Type               : Regkey
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{c9f1c5a0-f3d8-48e2-8b8c-3e86b4cac7e3}

 Backdoor.Prorat.16 Object Recognized!
    Type               : Regkey
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-be53-y67078979y}

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : "DirectX For Microsoft® Windows"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\policies\explorer\run
    Value              : DirectX For Microsoft® Windows

 ABetterInternet.Nail Object Recognized!
    Type               : RegData
    Data               : explorer.exe f:\windows\system32\fservice.exe
    TAC Rating         : 5
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows nt\currentversion\winlogon
    Value              : Shell
    Data               : explorer.exe f:\windows\system32\fservice.exe

 Windows Object Recognized!
    Type               : RegData
    Data               : explorer.exe f:\windows\system32\fservice.exe
    TAC Rating         : 3
    Category           : Vulnerability
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows nt\currentversion\winlogon
    Value              : Shell
    Data               : explorer.exe f:\windows\system32\fservice.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 7


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

Disk Scan Result for F:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

Disk Scan Result for F:\DOCUME~1\Ph31!kZ\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

 MRU List Object Recognized!
    Location:          : F:\Documents and Settings\Ph31!kZ\recent
    Description        : list of recently opened documents


 MRU List Object Recognized!
    Location:          : S-1-5-21-839522115-1060284298-725345543-1003\software\microsoft\search assistant\acmru
    Description        : list of recent search terms used with the search assistant


 MRU List Object Recognized!
    Location:          : S-1-5-21-839522115-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
    Description        : list of recent documents opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-839522115-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
    Description        : mru list for items opened in start | run


 MRU List Object Recognized!
    Location:          : S-1-5-21-839522115-1060284298-725345543-1003\software\winrar\dialogedithistory\extrpath
    Description        : winrar "extract-to" history



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 Win32.Backdoor.CiaDoor Object Recognized!
    Type               : Regkey
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : n.cs4

 Win32.Backdoor.CiaDoor Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt\currentversion\windows
    Value              : run

 Backdoor.Prorat.16 Object Recognized!
    Type               : Regkey
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : FW_KILL

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : XP_FW_Disable

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : XP_SYS_Recovery

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : ICQ_UIN

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : ICQ_UIN2

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : Kurban_Ismi
         
__________________


Alt 24.07.2006, 15:47   #3
PSPumpgun
 
explorer.exe NICHT im task Manager !VIRUS! - Standard

explorer.exe NICHT im task Manager !VIRUS!



Teil3:
Code:
ATTFilter
Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : Mail

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : Online_List

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : Port

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : Sifre

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : Hata

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : KSil

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : LanNotifie

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : Tport

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegValue
    Data               : 
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
    Value              : ServerVersionInt

 Backdoor.Prorat.16 Object Recognized!
    Type               : RegData
    Data               : explorer.exe f:\windows\system32\fservice.exe
    TAC Rating         : 8
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows nt\currentversion\winlogon
    Value              : Shell
    Data               : explorer.exe f:\windows\system32\fservice.exe

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 31

16:44:43 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:52.375
Objects scanned:82635
Objects identified:26
Objects ignored:0
New critical objects:26
         
Außerdem reagiert Windows mit komischen Fehlermeldung.
Posten kann ich leider keine Screenshots davon, da ich dann KEINE Anwendung mehr starten kann, im Explorer (<==Virus) nicht mehr browsen kann und Windows auch nicht runterfahren kann (Strom ausschalten nötig)

Ich hasse Viren
Danke schonmal.
Es lässt sich auch mit keinem Scanner entfernen bzw. ist dann wida da ~.~
__________________

Alt 24.07.2006, 15:56   #4
Mellosun
 
explorer.exe NICHT im task Manager !VIRUS! - Standard

explorer.exe NICHT im task Manager !VIRUS!



Mahlzeit,

also, System vom Netz nehmen. Einzige möglichkeit ist hier eine Neuinstallation! Befolge die Anleitung in meiner SIG!
Du hast ne schöne ansammlung von Trojaner, Würmer und Spyware auf Deinem Rechner!

Und Nein, es gibt keine andere möglichkeit!



Gruß Mellosun

Alt 24.07.2006, 15:58   #5
PSPumpgun
 
explorer.exe NICHT im task Manager !VIRUS! - Standard

explorer.exe NICHT im task Manager !VIRUS!



Danke
geht net auch einfach ein update?
hab noch MCE 2005 zur Hand


Alt 24.07.2006, 17:06   #6
Darthshoot
 
explorer.exe NICHT im task Manager !VIRUS! - Standard

explorer.exe NICHT im task Manager !VIRUS!



Nein. Punkt aus finito.
__________________
--> explorer.exe NICHT im task Manager !VIRUS!

Alt 24.07.2006, 17:10   #7
Sunny
Administrator
> Competence Manager
 

explorer.exe NICHT im task Manager !VIRUS! - Standard

explorer.exe NICHT im task Manager !VIRUS!



Zitat:
Zitat von PSPumpgun
Danke
geht net auch einfach ein update?
hab noch MCE 2005 zur Hand
Was willst du denn mit der "Media-Center-Edition" machen?

Da hilft auch kein Update mehr, sondern nur noch die Neuinstallation!

Eine andere Meinung wirst du zu diesem Thema hier nicht mehr bekommen, versteh es endlich

Gruß
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Stulti est se ipsum sapientem putare.

Antwort

Themen zu explorer.exe NICHT im task Manager !VIRUS!
backdoor.prorat, bho, browser, desktop, dll, excel, explorer.exe, generic, generic host, generic host process, hijack, hijack this, hijackthis, internet, internet explorer, messenger, micro, microsoft, mozilla, mozilla firefox, problem, rundll, software, system, system32, trend micro, tuneup utilities, virus, win xp, windows, windows xp



Ähnliche Themen: explorer.exe NICHT im task Manager !VIRUS!


  1. Task-Manager defekt - Virus??
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (5)
  2. Win7: Avira meldet mehrere Funde und ich habe zwei mal explorer.exe im Task-Manager
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (12)
  3. Registry-Change Virus & Task-Manager Blocker
    Plagegeister aller Art und deren Bekämpfung - 07.03.2014 (3)
  4. GVU mit Webcam Virus, Task Manager blockiert usw.
    Log-Analyse und Auswertung - 27.07.2012 (20)
  5. Virus: Task-Manager vom Administrator deaktiviert
    Log-Analyse und Auswertung - 09.04.2012 (1)
  6. Virus blockiert Task-Manager und alles
    Log-Analyse und Auswertung - 06.04.2012 (11)
  7. Task-manager durch virus blockiert, Polizei-virus
    Log-Analyse und Auswertung - 02.04.2012 (1)
  8. Task-Manager öffnet nicht / PC langsam
    Log-Analyse und Auswertung - 06.10.2009 (3)
  9. System Explorer 1.5 vs Task-Manager
    Diskussionsforum - 28.08.2009 (4)
  10. Task-Manager funktioniert nicht mehr!
    Log-Analyse und Auswertung - 30.12.2008 (27)
  11. Virus Alert neben der Uhr und Task-Manager deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 23.10.2008 (1)
  12. Virus: Task-Manager deaktiviert, Explorer hijacked, permanente Virenwarnungen
    Log-Analyse und Auswertung - 10.10.2008 (1)
  13. Internet Explorer immer im Task Manager
    Log-Analyse und Auswertung - 03.10.2008 (2)
  14. Explorer und Task-Manager stürzen ab
    Alles rund um Windows - 09.01.2007 (6)
  15. Virus/Trojaner block Task-Manager!
    Mülltonne - 28.10.2005 (1)
  16. Ein Virus? Problem mit Task Manager
    Plagegeister aller Art und deren Bekämpfung - 01.06.2005 (1)
  17. Task Manager,Geräte Manager,regedit öffnen sich nicht!
    Log-Analyse und Auswertung - 11.04.2005 (1)

Zum Thema explorer.exe NICHT im task Manager !VIRUS! - Bitte Bitte ich brauch Hilfe. Mein Problem ist: Die Explorer.exe ist NICHT in meinem Task Manager. Das bedeutet, dass irgendein Virus meinen "Browser" emuliert oda so. Bin auf Win XP - explorer.exe NICHT im task Manager !VIRUS!...
Archiv
Du betrachtest: explorer.exe NICHT im task Manager !VIRUS! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.