Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   F-Secure findet: backdoor.Win32.Rukap.gen, kann aber nicht entfernen? (https://www.trojaner-board.de/40412-f-secure-findet-backdoor-win32-rukap-gen-entfernen.html)

Arwo_5 28.06.2007 19:00
F-Secure findet: backdoor.Win32.Rukap.gen, kann aber nicht entfernen?
 
Bitte um Hilfe! F-Secure kann damit nichts anfangen, was kann ich tun? Ich habe gerade ein Logfile mit HiJackThis erstellt, vielleicht hilft es. Danke voraus:
Logfile of HijackThis v1.99.1
Scan saved at 19:31:58, on 28.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programme\F-Secure Internet Security\Common\FCH32.EXE
C:\Programme\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programme\F-Secure Internet Security\FSPC\fspc.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\MicroStar\WLANUtility\WlanUtility.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programme\MicroStar\WLANUtility\WLAN_Service.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\F-Secure Internet Security\FSGUI\fsavgui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

h**p://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

ftp=127.0.0.1:8080;h**p=127.0.0.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} -

C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet

Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EstEID AIP switch] C:\Programme\IT Arendus\ID-kaart\\aipswitch 1
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Desktop Manager.lnk = C:\Programme\Research In

Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: WlanUtility.lnk = C:\Programme\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\F-Secure Internet

Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} -

C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure

Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} -

C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -

C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -

C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} -

C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\f-secure internet

security\fsps\program\fslsp.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {096DCF31-53FA-4BA6-A729-D85D29FC0D70} (Detect Class) -

h**ps://installer.id.ee/IDInstaller.cab
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programme\AutoCAD

2002 Deu\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) -

file://C:\Programme\AutoCAD 2002 Deu\AcDcToday.ocx
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -

file://E:\ols\connect\fscax.cab
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD

2002 Deu\InstBanr.ocx
O16 - DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} (esteidTool Class) -

h**p://w*w.sk.ee/id-kontroll/20070223.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) -

file://C:\Programme\AutoCAD 2002 Deu\AcPreview.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation -

C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation -

C:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation -

C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\F-Secure Internet

Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSI_WLAN_Service - Unknown owner -

C:\Programme\MicroStar\WLANUtility\WLAN_Service.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

cosinus 28.06.2007 21:42
Wo wird der Schädling gefunden (Pfadangabe) ?
Bitte poste das HJT-Logfile normal, so wie es jetzt ist, ist es sehr unübersichtlich mit den vielen Zeilenumbrüchen.
Poste dann auch bitte gleich ein Logfile von Silent Runners

Arwo_5 29.06.2007 10:24
C:\WINDOWS\system32\directx.0xe

cosinus 30.06.2007 19:47
Wahrscheinlich ist dein System komrpomittiert. Die Datei sieht nicht nach einer Systemdatei aus. Werte die Datei

C:\WINDOWS\system32\directx.0xe

doch mal bei Virustotal oder Jotti aus und poste sämtliche Ergebnisse inkl. Angaben zu Dateigröße und Prüfsummen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19