Hilfe sehr gefährlicher trojaner

chakki23 · 08.04.2009, 23:47

hi leute, habe folgendes problem: Habe heut ein Anti virus programm durchlaufen lassen und er hat mir einen trojaner angezeigt den er nicht entfernen kann!!!! Vlt. seht ihr ja was in meinem HijackThis log.
Jedenfalls ist mein rechner langsamer geworden vorhin auch schon!
Bitte um antwort

HTML-Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:38:42, on 09.04.2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
C:\Users\Standard\AppData\Local\Temp\3322305171.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\mobsync.exe
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo818] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20090312
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [] C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\Users\Standard\AppData\Local\Temp\3322305171.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7146D02C-F1C5-45A1-AB71-618D063DC3B8}: NameServer = 217.237.151.142 217.237.150.188
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7709 bytes

grandnic11 · 09.04.2009, 11:46

Hallo und

Lass bitte folgende Dateien hier http://www.kaspersky.com/de/virusscanner unter File scanner prüfen:

Zitat:

C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
C:\Users\Standard\AppData\Local\Temp\3322305171.exe

Poste dann bitte alle Ergebnisse

chakki23 · 09.04.2009, 17:05

1.datei

Bekannte Viren: 2028492 Updated: 09-04-2009
Größe der Datei (Kb): 15 Viren-Korpus: 0
Datei: 1 Warnungen: 0
Archive: 0 Verdächtigt: 0

2.datei
Bekannte Viren: 2028492 Updated: 09-04-2009
Größe der Datei (Kb): 23 Viren-Korpus: 0
Datei: 1 Warnungen: 0
Archive: 0 Verdächtigt: 0

hi hab nun die dateien da reingeladen aber er findet nix oder sehe ich das anderst??

chakki23 · 09.04.2009, 20:44

weiß keiner mehr bescheid?

Außerdem öffnet seit gestern immer eine Seite mit Werbung .. O.o SEHR oft !!!
Und in meinem task Manager ist die datei d333g7rfz.exe <--- 2mal!!!!!!!!!!!!
Die war vorher noch nie dadrin!!! und wenn ich sie beenden will kommt sie immer wieder o.O

Mfg Bittee antwortet

**Sunny** · 09.04.2009, 21:21

Hallo und

Bitte zuerst die Anleitung für neue User abarbeiten -> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Erst dann wird sich jemand deinem Problem annehmen!

chakki23 · 10.04.2009, 10:23

Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1961
Windows 6.0.6000

10.04.2009 11:22:20
mbam-log-2009-04-10 (11-22-20).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 63732
Laufzeit: 3 minute(s), 49 second(s)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows resurections (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Standard\Favorites\Free Porn Movies, Clips and DVDs - Kostenlose Pornos auf PornFish.net - PornFish - Kostenlose Pornos.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Standard\AppData\Local\Temp\winlognn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Standard\AppData\Local\Temp\949018872.exe (Trojan.Downloader) -> Delete on reboot.

chakki23 · 11.04.2009, 15:15

hi habe nun den log von anti malware!!
Bitte helft mir, Ich glaube der trojaner ist noch da. Könnt ihr bitte nachgucken?

HTML-Code:

Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1961
Windows 6.0.6000 

11.04.2009 16:13:39
mbam-log-2009-04-11 (16-13-39).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 172422
Laufzeit: 1 hour(s), 24 minute(s), 42 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

chakki23 · 11.04.2009, 21:53

HIER der neue HijackThis LOG !!!!!

HTML-Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:38:42, on 09.04.2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
C:\Users\Standard\AppData\Local\Temp\3322305171.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\mobsync.exe
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo818] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20090312
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [] C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\Users\Standard\AppData\Local\Temp\d333g7rfz.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\Users\Standard\AppData\Local\Temp\3322305171.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7146D02C-F1C5-45A1-AB71-618D063DC3B8}: NameServer = 217.237.151.142 217.237.150.188
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7709 bytes

bitte schaut euch das an!

john.doe · 11.04.2009, 21:59

ZHPDiag von Nicolas Coolman

Klicke auf Téléchargement de ZHPDiag
Klicke auf der Seite auf FTP Zebulon.fr N°1.
Entpacke die geladene Datei auf den Desktop und starte ZHPDiag.exe mit Doppelklick.
Klicke auf All
Klicke auf General Analysis
Klicke auf Paste Clipboard
Wechsel zum Forum, klicke auf Antworten, klicke in den großen weißen Kasten
Drücke [Strg]v, [Strg]a
Klicke auf #

ciao, andreas

chakki23 · 12.04.2009, 10:22

Code:

ATTFilter

Rapport de ZHPDiag v1.17 par Nicolas Coolman
Enregistré le 12.04.2009 11:16:29
Platform : Windows Vista (TM) Home Premium
MSIE: Internet Explorer v7.0.6000.16809
MFIE: Mozilla Firefox (3.0.8)

---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\\ Internet Explorer Start Page (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

---\\ Auto loading programs from Registry (O4)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: inetcpl.cpl=no

---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ Extra protocols and protocol Hijackers (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ ActiveSetup Installed Components (040)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: .NET Framework - {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash10b.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Software installed (O42)
O42 - Logiciel: a-squared Anti-Malware 4.0
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: Big Fish Games Center (remove only)
O42 - Logiciel: Big Fish Games Sudoku (remove only)
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Cradle of Rome (remove only)
O42 - Logiciel: DAEMON Tools Toolbar
O42 - Logiciel: F-Secure Anti-Virus 2009
O42 - Logiciel: Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: ICQ Toolbar
O42 - Logiciel: Ulead PhotoImpact X3
O42 - Logiciel: IrfanView (remove only)
O42 - Logiciel: LimeWire 5.1.2
O42 - Logiciel: MAGIX Foto Manager 2007 4.2.0.79 (D)
O42 - Logiciel: MAGIX Media Suite 1.12.0.89 (D)
O42 - Logiciel: MAGIX Music Manager 2007 8.2.0.144 (D)
O42 - Logiciel: MAGIX Online Druck Service 2.3.2.0 (D)
O42 - Logiciel: MAGIX Ringtone Maker SE 3.1.0.4 (D)
O42 - Logiciel: Mahjong Towers Eternity EU (remove only)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Mozilla Firefox (3.0.8)
O42 - Logiciel: Mystery Case Files - Prime Suspects (remove only)
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: Poker Superstars II (remove only)
O42 - Logiciel: SlimBrowser (remove only)
O42 - Logiciel: BEWERBUNGS-MASTER
O42 - Logiciel: Virtual Villagers (remove only)
O42 - Logiciel: VLC media player 0.9.8a
O42 - Logiciel: VIA Rhine-Family Fast-Ethernet Adapter
O42 - Logiciel: GIMP 2.6.5
O42 - Logiciel: WinRAR
O42 - Logiciel: WordPerfect Office X3
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - deu
O42 - Logiciel: Java(TM) 6 Update 13
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Bewerbung Pro
O42 - Logiciel: DHTML Editing Component
O42 - Logiciel: Die Sims™ 2 Haustiere
O42 - Logiciel: ICQ6.5
O42 - Logiciel: Die Sims 2
O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK
O42 - Logiciel: Windows Live installer
O42 - Logiciel: Adobe Flash Player 9 ActiveX
O42 - Logiciel: Nero 7 Essentials
O42 - Logiciel: Windows Live Anmelde-Assistent
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: FirstSteps Diagnostics
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Adobe Reader 8.1.0 - Deutsch
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
O42 - Logiciel: NVIDIA PhysX
O42 - Logiciel: OLYMPUS Master 2
O42 - Logiciel: OLYMPUS Raw Codec
O42 - Logiciel: Realtek High Definition Audio Driver

---\\ Contents of the Common Files folders (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Ahead
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Corel
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Fujitsu Siemens Computers
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MAGIX
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MAGIX Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Ulead Systems
O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

---\\ Last modified or created files under System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\advpack.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\Apphlpdm.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\asferror.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\batt.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\cfgmgr32.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ci.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\clfs.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\connect.dll -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\davclnt.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->09.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dfshim.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dispci.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dnsapi.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dnscacheugc.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dnsrslvr.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dpinst.exe -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\dpx.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drvinst.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dxmasf.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dxtmsft.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dxtrans.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\EncDec.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\es.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\f3ahvoas.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\FwRemoteSvr.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\gameux.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\GameUXLegacyGDFs.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\gdi32.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\icardagt.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\icardie.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\icardres.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ie4uinit.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieapfltr.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iernonce.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iesetup.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieui.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\inetcomm.dll -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\inetcpl.cpl -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\INETRES.dll -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\infocardapi.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\infocardcpl.cpl -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\IPSECSVC.DLL -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->09.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->09.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->09.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\jupdate-1.6.0_13-b03.log -->25.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\kbd106n.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\kd1394.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\KGyGaAvL.sys -->01.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\LAPRXY.DLL -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\license.rtf -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\loadperf.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\lodctr.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\logagent.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mcmde.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\MediaMetadataHandler.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mf.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mferror.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mfpmp.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mfps.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\Mpeg2Data.ax -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mpg2splt.ax -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->25.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\mscoree.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mscorier.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mscories.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\MSDvbNP.ax -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msdxm.ocx -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtmled.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\MSNP.ax -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msxml3.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msxml3r.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msxml6.dll -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msxml6r.dll -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\netapi32.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\netcfg.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\netfxperf.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\netiougc.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\nshhttp.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ntkrnlpa.exe -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ntoskrnl.exe -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvapi.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvapps.xml -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvcod.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvcod140.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvcpl.cpl -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvcpl.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvcplui.exe -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvcpluir.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvcuda.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvcuvid.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvd3dum.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvdisp.nvu -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvdisps.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvdispsr.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvgames.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvgamesr.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvmccs.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvmccsrs.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvmccss.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvmccssr.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvmctray.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvmobls.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvmoblsr.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvoglv32.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\NvPVEnc.ax -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvsvc.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvsvcr.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvsvs.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvsvsr.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvudisp.exe -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\NVUNINST.EXE -->16.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvvitvs.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvvitvsr.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvvsvc.exe -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvwgf2um.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvwsapps.xml -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvwss.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\nvwssr.dll -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\oleaut32.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc007.dat -->12.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->12.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh007.dat -->12.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->12.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->12.04.2009

chakki23 · 12.04.2009, 10:24

es hat leider net alles in einen gepasst

Hier ist der 2. TEIL !!

Code:

ATTFilter

O44 - LFC:Last File Created - C:\Windows\System32\PhotoMetadataHandler.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PhotoScreensaver.scr -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PhysXLoader.dll -->16.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\pngfilt.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\polstore.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PortableDeviceApi.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PortableDeviceClassExtension.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PortableDeviceTypes.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PresentationHost.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PresentationHostProxy.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PresentationNative_v0300.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\prflbmsg.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\printcom.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\psisdecd.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\psisrndr.ax -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\qmgr.dll -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\quartz.dll -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\rpcrt4.dll -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\rrinstaller.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\rstrui.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\sbunattend.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\schannel.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\schedsvc.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\setupapi.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\shell32.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\spwmp.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\srclient.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\srcore.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\srdelayed.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\sysmain.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\tcpipcfg.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\timedate.cpl -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\tzres.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\umpnpmgr.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\unlodctr.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\WebClnt.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\win32spl.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\WindowsCodecs.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\WindowsCodecsExt.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\winipsec.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\winload.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\winresume.exe -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wlan.tmf -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wlanapi.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wlanhlp.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wlanmsm.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wlansec.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wlansvc.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\WMASF.DLL -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\WMNetMgr.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wmp.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wmpeffects.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wmploc.DLL -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\WMVCORE.DLL -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wpd_ci.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wshrm.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wtsapi32.dll -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wuapi.dll -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wuapp.exe -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wuauclt.exe -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wuaueng.dll -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wucltux.dll -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wudriver.dll -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wups.dll -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wups2.dll -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wuwebv.dll -->12.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\acpi.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\atapi.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\ataport.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\avgntflt.sys -->13.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\avipbb.sys -->13.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\fsbts.sys -->09.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\i8042prt.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\kbdclass.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\kbdhid.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\monitor.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mouclass.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mouhid.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mrxdav.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mrxsmb.sys -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mrxsmb10.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mrxsmb20.sys -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\netio.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\ntfs.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\nvBridge.kmd -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\nvlddmkm.sys -->18.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\nwifi.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\pciidex.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\rmcast.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\sermouse.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\srv.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\srv2.sys -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\srvnet.sys -->15.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\ssmdrv.sys -->13.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\tcpip.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\viaide.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\volsnap.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\Wdf01000.sys -->16.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\WdfLdr.sys -->16.03.2009

---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages - 
O48 - LSA:Local Security Authority Notification Packages - 


End of the scan:

john.doe · 12.04.2009, 22:44

Lass noch SUPERAntiSpyware laufen (Punkt 1-3 der Anleitung).

Poste danach ein neues HJT-Log. Starte diesmal HJT mit der rechten Maustaste => Ausführen als Administrator.

ciao, andreas

chakki23 · 13.04.2009, 19:29

hi hab nun gescannt mit dem programm!
hier der neue HijackThis log

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:33, on 13.04.2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7146D02C-F1C5-45A1-AB71-618D063DC3B8}: NameServer = 217.237.151.142 217.237.150.188
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 3670 bytes

john.doe · 13.04.2009, 19:35

Zitat:

hi hab nun gescannt mit dem programm!

Schön.

Und wo ist das Log?

ciao, andreas

chakki23 · 13.04.2009, 20:02

habe ihn gepostet. wartet hier nochmal

HTML-Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:33, on 13.04.2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7146D02C-F1C5-45A1-AB71-618D063DC3B8}: NameServer = 217.237.151.142 217.237.150.188
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 3670 bytes

09.04.2009, 21:21	#5
Sunny Administrator > Competence Manager	Hilfe sehr gefährlicher trojaner Hallo und Bitte zuerst die Anleitung für neue User abarbeiten -> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Erst dann wird sich jemand deinem Problem annehmen! __________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare.

Hilfe sehr gefährlicher trojaner

Plagegeister aller Art und deren Bekämpfung: Hilfe sehr gefährlicher trojaner