| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: explorer.exe NICHT im task Manager !VIRUS!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
24.07.2006, 15:46
| #1 |
| |  Win32.Backdoor.Ciadoor und Backdoor.Prorat16 Bitte Bitte ich brauch Hilfe. Mein Problem ist: Die Explorer.exe ist NICHT in meinem Task Manager. Das bedeutet, dass irgendein Virus meinen "Browser" emuliert oda so. Bin auf Win XP Proffessional SP2 Hier das Hijack This Logfile Code:
ATTFilter Logfile of HijackThis v1.99.1 Scan saved at 16:36:46, on 24.07.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\csrss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\Explorer.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\wdfmgr.exe F:\WINDOWS\services.exe G:\PROGRA~1\MOZILL~1\FIREFOX.EXE F:\WINDOWS\system32\RUNDLL32.EXE F:\WINDOWS\SOUNDMAN.EXE F:\Program Files\DAEMON Tools\daemon.exe F:\Program Files\Java\jre1.5.0_07\bin\jusched.exe F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe F:\Program Files\RSSoft\RSEDNClient.exe E:\Steam Clienten\Steam\Steam.exe F:\Program Files\Messenger\msmsgs.exe F:\Program Files\Trend Micro\Tmas\Tmas.exe F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe F:\Program Files\internet explorer\iexplore.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\taskmgr.exe G:\Program Files\Mozilla Firefox\firefox.exe F:\Program Files\WinRAR\WinRAR.exe F:\Documents and Settings\Ph31!kZ\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\system32\fservice.exe F3 - REG:win.ini: load=F:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: run=F:\WINDOWS\system32\scvhost.exe O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Generic Host Process] F:\WINDOWS\system32\scvhost.exe O4 - HKLM\..\Run: [Out] F:\WINDOWS\ziplogs\csrss.exe O4 - HKLM\..\Run: [Out32] F:\WINDOWS\ziplogs\services.exe O4 - HKLM\..\Run: [openglx] F:\WINDOWS\nortonsk.exe O4 - HKLM\..\Run: [] \csrss.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Red Swoosh EDN Client] F:\Program Files\RSSoft\RSEDNClient.exe O4 - HKCU\..\Run: [Steam] "E:\Steam Clienten\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [openglx] F:\WINDOWS\nortonsk.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: reico.bat O4 - Global Startup: Trend Micro Anti-Spyware.lnk = F:\Program Files\Trend Micro\Tmas\Tmas.exe O4 - Global Startup: ZDWLan Utility.lnk = F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O8 - Extra context menu item: Alles mit FlashGet laden - F:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - F:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe Geändert von PSPumpgun (24.07.2006 um 15:57 Uhr) |
|
24.07.2006, 15:47
| #2 |
| |  explorer.exe NICHT im task Manager !VIRUS! Teil2:
__________________Und jetzt noch das Ad-Aware Log File, da da was von explorer.exe steht: Code:
ATTFilter Ad-Aware SE Build 1.06r1
Logfile Created on:Montag, 24. Juli 2006 16:42:50
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R116 24.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ABetterInternet.Nail(TAC index:5):1 total references
Backdoor.Prorat.16(TAC index:8):19 total references
MRU List(TAC index:0):5 total references
Win32.Backdoor.CiaDoor(TAC index:8):5 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
24.07.2006 16:42:50 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 844
ThreadCreationTime : 24.07.2006 14:25:37
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\F:\WINDOWS\system32\
ProcessID : 1136
ThreadCreationTime : 24.07.2006 14:25:42
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\F:\WINDOWS\system32\
ProcessID : 1176
ThreadCreationTime : 24.07.2006 14:25:43
BasePriority : High
#:4 [services.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1224
ThreadCreationTime : 24.07.2006 14:25:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1236
ThreadCreationTime : 24.07.2006 14:25:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1384
ThreadCreationTime : 24.07.2006 14:25:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1440
ThreadCreationTime : 24.07.2006 14:25:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 1476
ThreadCreationTime : 24.07.2006 14:25:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1524
ThreadCreationTime : 24.07.2006 14:25:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1572
ThreadCreationTime : 24.07.2006 14:25:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
FilePath : F:\WINDOWS\
ProcessID : 2016
ThreadCreationTime : 24.07.2006 14:25:47
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [spoolsv.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 2044
ThreadCreationTime : 24.07.2006 14:25:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [wdfmgr.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 24.07.2006 14:25:48
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:14 [services.exe]
FilePath : F:\WINDOWS\
ProcessID : 772
ThreadCreationTime : 24.07.2006 14:25:50
BasePriority : Normal
#:15 [firefox.exe]
FilePath : G:\PROGRA~1\MOZILL~1\
ProcessID : 1020
ThreadCreationTime : 24.07.2006 14:25:53
BasePriority : Normal
#:16 [rundll32.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1048
ThreadCreationTime : 24.07.2006 14:25:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:17 [soundman.exe]
FilePath : F:\WINDOWS\
ProcessID : 1056
ThreadCreationTime : 24.07.2006 14:25:53
BasePriority : Normal
FileVersion : 5, 1, 0, 45
ProductVersion : 5, 1, 0, 45
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:18 [daemon.exe]
FilePath : F:\Program Files\DAEMON Tools\
ProcessID : 1072
ThreadCreationTime : 24.07.2006 14:25:54
BasePriority : Normal
#:19 [jusched.exe]
FilePath : F:\Program Files\Java\jre1.5.0_07\bin\
ProcessID : 1088
ThreadCreationTime : 24.07.2006 14:25:54
BasePriority : Normal
#:20 [nmbgmonitor.exe]
FilePath : F:\Program Files\Common Files\Ahead\lib\
ProcessID : 1096
ThreadCreationTime : 24.07.2006 14:25:54
BasePriority : Normal
#:21 [rsednclient.exe]
FilePath : F:\Program Files\RSSoft\
ProcessID : 1104
ThreadCreationTime : 24.07.2006 14:25:54
BasePriority : Normal
#:22 [steam.exe]
FilePath : E:\Steam Clienten\Steam\
ProcessID : 1112
ThreadCreationTime : 24.07.2006 14:25:54
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe
#:23 [msmsgs.exe]
FilePath : F:\Program Files\Messenger\
ProcessID : 1124
ThreadCreationTime : 24.07.2006 14:25:54
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:24 [tmas.exe]
FilePath : F:\Program Files\Trend Micro\Tmas\
ProcessID : 176
ThreadCreationTime : 24.07.2006 14:25:54
BasePriority : Normal
FileVersion : 3, 0, 1, 23
ProductVersion : 3.11
ProductName : Trend Micro Anti-Spyware
CompanyName : Trend Micro Incorporated
FileDescription : Anti-Spyware Main Module
InternalName : tmas.exe
LegalCopyright : Copyright (c) 2003-2005 Trend Micro Incorporated. All rights reserved.
OriginalFilename : tmas.exe
#:25 [zdwlan.exe]
FilePath : F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\
ProcessID : 1504
ThreadCreationTime : 24.07.2006 14:25:55
BasePriority : Normal
FileVersion : 1, 0, 46, 9
ProductVersion : 1, 0, 46, 9
ProductName : IEEE 802.11b+g Wireless LAN Utility
FileDescription : IEEE 802.11b+g Wireless LAN Utility MFC Application
InternalName : IEEE 802.11b Wireless LAN Utility (Unicode)
LegalCopyright : Copyright (C) 2004
OriginalFilename : Wireless LAN Utility.EXE
#:26 [iexplore.exe]
FilePath : F:\Program Files\internet explorer\
ProcessID : 1788
ThreadCreationTime : 24.07.2006 14:25:57
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:27 [svchost.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 3232
ThreadCreationTime : 24.07.2006 14:26:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:28 [taskmgr.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 24.07.2006 14:33:00
BasePriority : High
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows TaskManager
InternalName : taskmgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskmgr.exe
#:29 [firefox.exe]
FilePath : G:\Program Files\Mozilla Firefox\
ProcessID : 408
ThreadCreationTime : 24.07.2006 14:33:20
BasePriority : Normal
#:30 [winrar.exe]
FilePath : F:\Program Files\WinRAR\
ProcessID : 3388
ThreadCreationTime : 24.07.2006 14:36:23
BasePriority : Normal
#:31 [hijackthis.exe]
FilePath : F:\Documents and Settings\Ph31!kZ\Desktop\
ProcessID : 1868
ThreadCreationTime : 24.07.2006 14:36:33
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section
#:32 [notepad.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 3344
ThreadCreationTime : 24.07.2006 14:36:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE
#:33 [ad-aware.exe]
FilePath : G:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1584
ThreadCreationTime : 24.07.2006 14:40:33
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Backdoor.CiaDoor Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e14dce67-8fb7-4721-8149-179baa4d792c}
Win32.Backdoor.CiaDoor Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0958c4c9-77b0-4aa8-9364-7886bfca7e39}
Win32.Backdoor.CiaDoor Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c9f1c5a0-f3d8-48e2-8b8c-3e86b4cac7e3}
Backdoor.Prorat.16 Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-be53-y67078979y}
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "DirectX For Microsoft® Windows"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : DirectX For Microsoft® Windows
ABetterInternet.Nail Object Recognized!
Type : RegData
Data : explorer.exe f:\windows\system32\fservice.exe
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe f:\windows\system32\fservice.exe
Windows Object Recognized!
Type : RegData
Data : explorer.exe f:\windows\system32\fservice.exe
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe f:\windows\system32\fservice.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 7
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Disk Scan Result for F:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Disk Scan Result for F:\DOCUME~1\Ph31!kZ\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
MRU List Object Recognized!
Location: : F:\Documents and Settings\Ph31!kZ\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-839522115-1060284298-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-839522115-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-839522115-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-839522115-1060284298-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Backdoor.CiaDoor Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : n.cs4
Win32.Backdoor.CiaDoor Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt\currentversion\windows
Value : run
Backdoor.Prorat.16 Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : FW_KILL
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : XP_FW_Disable
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : XP_SYS_Recovery
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ICQ_UIN
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ICQ_UIN2
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Kurban_Ismi
|
|
24.07.2006, 15:47
| #3 |
| | explorer.exe NICHT im task Manager !VIRUS! Teil3:
__________________Code:
ATTFilter Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Mail
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Online_List
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Port
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Sifre
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Hata
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : KSil
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : LanNotifie
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Tport
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ServerVersionInt
Backdoor.Prorat.16 Object Recognized!
Type : RegData
Data : explorer.exe f:\windows\system32\fservice.exe
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe f:\windows\system32\fservice.exe
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 31
16:44:43 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:52.375
Objects scanned:82635
Objects identified:26
Objects ignored:0
New critical objects:26
Posten kann ich leider keine Screenshots davon, da ich dann KEINE Anwendung mehr starten kann, im Explorer (<==Virus) nicht mehr browsen kann und Windows auch nicht runterfahren kann (Strom ausschalten nötig) Ich hasse Viren     Danke schonmal. Es lässt sich auch mit keinem Scanner entfernen bzw. ist dann wida da ~.~ |
|
24.07.2006, 15:56
| #4 |
 | explorer.exe NICHT im task Manager !VIRUS! Mahlzeit, also, System vom Netz nehmen. Einzige möglichkeit ist hier eine Neuinstallation! Befolge die Anleitung in meiner SIG! Du hast ne schöne ansammlung von Trojaner, Würmer und Spyware auf Deinem Rechner! Und Nein, es gibt keine andere möglichkeit! Gruß Mellosun |
|
24.07.2006, 15:58
| #5 |
| | explorer.exe NICHT im task Manager !VIRUS! Danke geht net auch einfach ein update? hab noch MCE 2005 zur Hand |
|
24.07.2006, 17:06
| #6 |
 | explorer.exe NICHT im task Manager !VIRUS! Nein. Punkt aus finito.
__________________ --> explorer.exe NICHT im task Manager !VIRUS! |
|
24.07.2006, 17:10
| #7 | |
| Administrator > Competence Manager  | explorer.exe NICHT im task Manager !VIRUS!Zitat:
 Da hilft auch kein Update mehr, sondern nur noch die Neuinstallation! Eine andere Meinung wirst du zu diesem Thema hier nicht mehr bekommen, versteh es endlich  Gruß
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
|
| Themen zu explorer.exe NICHT im task Manager !VIRUS! |
| backdoor.prorat, bho, browser, desktop, dll, excel, explorer.exe, generic, generic host, generic host process, hijack, hijack this, hijackthis, internet, internet explorer, messenger, micro, microsoft, mozilla, mozilla firefox, problem, rundll, software, system, system32, trend micro, tuneup utilities, virus, win xp, windows, windows xp |
Hybrid-Darstellung
