| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Agent.1328655Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.04.2008, 18:23
| #1 |
| |  TR/Agent.1328655 Hallo zusammen, ich bin neu hier, daher hoffe ich, dass ich alles richtig poste. Also, ich habe folgendes Problem: Vor ein paar Tagen hat der Antivir Guard einen sehr hartnäckigen Trojaner bei mir entdeckt, der immer wieder auftauchte und den ich immer wieder gelöscht habe. Code:
ATTFilter In der Datei 'C:\WINDOWS\system32\msconfig.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.1328655' [TR/Agent.1328655] gefunden.
Ausgeführte Aktion: Datei löschen
Die Datei 'C:\System Volume Information\_restore{75AAE52F-9F73-44D9-BD6B-C1E8B271F298}\RP502\A0073122.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.1328655' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
 Bevor ich mich jetzt aber an dieses Problem mache, will ich erstmal sichergehen, dass das Ding auch wirklich von meinem Rechner und dem meiner Freundin (Heimnetzwerk) runter ist. Habe erstmal das Netzwerkkabel von meinem Rechner getrennt und einen Antivir-Durchlauf von einer Boot-CD gemacht, sowie einen Registry-Fix mit ccleaner. Dann wie von euch beschrieben einen Scan mit escan durchgeführt, leider funktionierte die find.bat nicht, könnte an meiner englischen xp-Version liegen. Habe deshalb jetzt nur mal das Virus-Log, das in escan selbst angezeigt wird, kopiert: Code:
ATTFilter Object "NULLBYTE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "sounddrv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "softomate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "elite toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "elite toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "softomate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "softomate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "sounddrv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\ActivePG.Sdk" refers to invalid object "{F5624AF8-C085-11D4-9492-8702C380F5CE}". Action Taken: No Action Taken.
Entry "HKCR\ActivePG.Sdk.1" refers to invalid object "{F5624AF8-C085-11D4-9492-8702C380F5CE}". Action Taken: No Action Taken.
Entry "HKCR\AlphaMatrix.Alpha" refers to invalid object "{4B1B5116-CB78-42E5-8398-77111C96EADD}". Action Taken: No Action Taken.
Entry "HKCR\Cab.CabIn" refers to invalid object "{D8B4A55C-FA70-4181-B340-B92451E4DA62}". Action Taken: No Action Taken.
Entry "HKCR\Cab.CabIn.1" refers to invalid object "{D8B4A55C-FA70-4181-B340-B92451E4DA62}". Action Taken: No Action Taken.
Entry "HKCR\dzstactxctrl.dzstactxctrl.1" refers to invalid object "{6C5FD78F-9ED8-11D1-87C0-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\dzstactxPPG1.dzstactxPPG1.1" refers to invalid object "{8F70FCA1-A12A-11D1-87C0-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\EN10.ResearchService" refers to invalid object "{F406D071-95BC-42E9-A9D4-6520EAC120EB}". Action Taken: No Action Taken.
Entry "HKCR\Energy_Software_DLL.eneSoftwareLic" refers to invalid object "{9683C443-F7C7-4711-A9BA-F8F84A74C14C}". Action Taken: No Action Taken.
Entry "HKCR\ENResearchService.Actions" refers to invalid object "{6FDB090D-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\ENResearchService.Actions.1" refers to invalid object "{6FDB090D-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\FlashProp.FlashProp.1" refers to invalid object "{1171A62F-05D2-11D1-83FC-00A0C9089C5A}". Action Taken: No Action Taken.
Entry "HKCR\helix.duration" refers to invalid object "{80F6E410-210B-454C-B523-97D7C2541FF3}". Action Taken: No Action Taken.
Entry "HKCR\helix.duration.1" refers to invalid object "{80F6E410-210B-454C-B523-97D7C2541FF3}". Action Taken: No Action Taken.
Entry "HKCR\helix.producer" refers to invalid object "{66F8592D-33E8-11D7-8A24-00045A785B71}". Action Taken: No Action Taken.
Entry "HKCR\helix.producer.1" refers to invalid object "{66F8592D-33E8-11D7-8A24-00045A785B71}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.GlossaryPane" refers to invalid object "{959F94FD-DD1E-11D2-B559-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.GlossaryPane.1" refers to invalid object "{959F94FD-DD1E-11D2-B559-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.HHComponentActivator" refers to invalid object "{399CB6C4-7312-11D2-B4D9-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.HHComponentActivator.1" refers to invalid object "{399CB6C4-7312-11D2-B4D9-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\LAUNCH.LaunchCtrl.1" refers to invalid object "{A6616B31-4860-41E2-98E3-CA7649AF172F}". Action Taken: No Action Taken.
Entry "HKCR\LicenceProtector24.lpLicprotector24" refers to invalid object "{31A87D3A-CDB1-403F-9CD6-4DCCF7E036A8}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.ClassBreaksRenderer" refers to invalid object "{755CF0AD-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.DotDensityRenderer" refers to invalid object "{755CF0AF-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Ellipse" refers to invalid object "{755CF0B4-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.GroupRenderer" refers to invalid object "{755CF0BF-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.ImageLayer" refers to invalid object "{045ED51A-6095-11D3-9F67-000000000000}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.LabelPlacer" refers to invalid object "{755CF0C1-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.LabelRenderer" refers to invalid object "{755CF0B1-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.MapLayer" refers to invalid object "{ABC866D9-7C46-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Point" refers to invalid object "{ABC866DF-7C46-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Rectangle" refers to invalid object "{ABC866DB-7C46-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Strings" refers to invalid object "{755CF0A9-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Symbol" refers to invalid object "{755CF0A5-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.TextSymbol" refers to invalid object "{755CF0B6-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.ValueMapRenderer" refers to invalid object "{755CF0A7-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\OrbTVBuffer.MiTVSink" refers to invalid object "{EEB09DE1-1892-43B5-9730-B3FA8361B13A}". Action Taken: No Action Taken.
Entry "HKCR\OrbTVBuffer.MiTVSink.1" refers to invalid object "{EEB09DE1-1892-43B5-9730-B3FA8361B13A}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.Command" refers to invalid object "{05CE1055-7D42-4E26-8028-64B275164A9F}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.Init" refers to invalid object "{FA2EAF76-E91B-493A-9079-BCCA2921F7E2}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.Line3D" refers to invalid object "{0CBE3BB0-B13E-4D5D-A297-8E3BB290993A}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.roLabel" refers to invalid object "{5047A010-E5A0-4969-8715-C6C61468FC9A}". Action Taken: No Action Taken.
Entry "HKCR\sevTab.Init" refers to invalid object "{DB5C442D-C8D8-4F6D-915D-1730F4AFC1F3}". Action Taken: No Action Taken.
Entry "HKCR\sevTab.sevTabStrip" refers to invalid object "{83A12419-CB96-4C57-84A9-B039FAA0253B}". Action Taken: No Action Taken.
Entry "HKCR\sevTextBox.Init" refers to invalid object "{22B1F8A4-46AD-4CB3-995B-1CD86A4FE91E}". Action Taken: No Action Taken.
Entry "HKCR\sevTextBox.sevMonthView" refers to invalid object "{FDA12C93-391F-4DA4-8DE1-321F125E6757}". Action Taken: No Action Taken.
Entry "HKCR\sevTextBox.sevText" refers to invalid object "{160A8C90-BF08-427D-9CB2-6AF9F37C3EE5}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.Init" refers to invalid object "{A38AE2A6-517D-48A0-85EB-EB56B80EE59F}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevCheck" refers to invalid object "{019994B8-B38D-4267-AC04-C6A55D482B22}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevFrame" refers to invalid object "{BAC553A4-5DEA-4F95-B272-8554C309B34F}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevImage" refers to invalid object "{057EFFC1-D96C-4179-9666-D47F4EA493F3}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevLabel" refers to invalid object "{A6B025D6-FFB8-41AC-AAA2-405A0922852F}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevMsgBox" refers to invalid object "{8A17BAA3-7DAE-40B6-AFAC-B708DDEF72A4}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevOption" refers to invalid object "{A769CE4F-0246-44D0-BC97-7B9C12C5C153}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevProgressBar" refers to invalid object "{463309E0-B871-492C-82AB-1B5D6A731BD7}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevWaitBar" refers to invalid object "{0B4D8257-FBC9-464D-9F79-6A48A6C895C8}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevXPForm" refers to invalid object "{D8F265E1-F446-408C-BECF-03823BBBEF19}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteAction" refers to invalid object "{6FDB090C-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteAction.1" refers to invalid object "{6FDB090C-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteRecognizer" refers to invalid object "{15FF99BC-4177-4E86-A751-60A1B0BE6BB1}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteRecognizer.1" refers to invalid object "{15FF99BC-4177-4E86-A751-60A1B0BE6BB1}". Action Taken: No Action Taken.
Entry "HKCR\USBSWITCHAX.USBswitchAXCtrl.1" refers to invalid object "{27C9039A-A892-44C8-AD6A-F946801C4968}". Action Taken: No Action Taken.
Entry "HKCR\ZKrypto.CCrypto" refers to invalid object "{1D43B8FA-6C42-442F-A3C2-7E200CB9BC91}". Action Taken: No Action Taken.
File C:\DOCUME~1\***\LOCALS~1\Temp\NERO14399\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\DOCUME~1\***\LOCALS~1\Temp\NERO14754\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\Documents and Settings\***\Local Settings\Temp\NERO14399\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\Documents and Settings\***\Local Settings\Temp\NERO14754\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\Program Files\Brockhaus Multimedia\Brockhaus multimedial\deskbar.dll tagged as "not-a-virus:AdWare.Win32.Mostofate.di". Action Taken: No Action Taken.
 Einen HijackThis Scan habe ich auch noch mal gemacht: |
|
01.04.2008, 18:24
| #2 |
| | TR/Agent.1328655Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:51:03, on 01.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\BOINC\boincmgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\BOINC\boinc.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\system32\NMSAccessU.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.daemonsearch.com/de/ý R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DRam prosessor] msconfig.exe O4 - HKLM\..\RunServices: [DRam prosessor] msconfig.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe -- End of file - 11773 bytes  danke schon mal für eure hilfe… |
|
02.04.2008, 08:23
| #3 |
| | TR/Agent.1328655 kleines update (sry wg. der ganzen doppelposts, aber durch die zeichenbegrenzung muss ich immer wieder neu posten)... habe die ominöse msconfig.exe mal mit killbox "delete on reboot" abgeschossen, seitdem keine "configuration setup utility" popups mehr beim systemstart. allerdings geht das Internet immer noch nicht:
__________________lan-verbindung wird als aktiv und problemfrei angezeigt ping localhost geht skype geht ping router geht nicht habe mal Anti-Malware laufen lassen, hier das log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.09
Datenbank Version: 567
Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 231175
Scan Dauer: 35 minute(s), 20 second(s)
Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)
Infizierte Speicher Module:
(Keine Malware Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)
Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)
Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)
Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)
Infizierte Dateien:
C:\Documents and Settings\***\Local Settings\Temp\GLK6F.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:59:18, on 02.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\BOINC\boincmgr.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\BOINC\boinc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/de/ý R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe -- End of file - 11968 bytes  |
|
| Themen zu TR/Agent.1328655 |
| antivir, antivir guard, backdoor, boot-cd, booten, browser, escan, fehler, file, hijack, hijackthis, immer wieder, ladefehler, neu, neustarten, object, popup, problem, programm, scan, seitenladefehler, software, system, system volume information, temp, trojaner, virus, wenig ahnung, windows |
Linear-Darstellung
