Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   HiJack Log und mehr wegen Trojaner Warnung nach Antispyware2008 befall (https://www.trojaner-board.de/58991-hijack-log-mehr-wegen-trojaner-warnung-antispyware2008-befall.html)

Kinnaj 02.09.2008 18:10
HiJack Log und mehr wegen Trojaner Warnung nach Antispyware2008 befall
 
Ich hatte mir den antispyware2008 eingefangen und mit (suchfunktion sei dank) hilfe aus dem Forum entfernt. Nur spinnt jetzt SUPERantiSpywareprofessinal und AVZ spuckt auch komiche Sachen aus.

Also hier das log vom AVZ

Code:
AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 02.09.2008 18:06:04
Database loaded: signatures - 184416, NN profile(s) - 2, microprograms of healing - 56, signature database released 01.09.2008 22:46
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 73357
Heuristic analyzer mode: Maximum heuristics level
Healing mode: enabled
Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=08B520)
 Kernel ntoskrnl.exe found in memory at address 804D7000
  SDT = 80562520
  KiST = 804E48A0 (284)
Function NtCreateThread (35) intercepted (80586C43->F7A772AC), hook not defined
Function NtOpenProcess (7A) intercepted (8058170A->F7A77298), hook not defined
Function NtOpenThread (80) intercepted (805E1939->F7A7729D), hook not defined
Function NtTerminateProcess (101) intercepted (8058E695->B7ABEF20), hook C:\Programme\SUPERAntiSpyware\SASKUTIL.sys
Function NtWriteVirtualMemory (115) intercepted (805885C2->F7A772A2), hook not defined
Functions checked: 284, intercepted: 5, restored: 0
1.3 Checking IDT and SYSENTER
 Analysis for CPU 1
 Analysis for CPU 2
 Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
 Driver loaded successfully
1.5 Checking of IRP handlers
 Checking - complete
2. Scanning memory
 Number of processes found: 46
Analyzer: process under analysis is 1820 C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 2028 C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 1036 C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1744 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\binohgvq\pobcjadk.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1320 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 464 C:\WINDOWS\CTHELPER.EXE
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 1168 C:\Programme\Winamp\winampa.exe
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 1248 C:\Programme\Logitech\Gaming Software\LWEMon.exe
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2156 C:\Programme\Creative\Shared Files\CamTray.exe
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2216 C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
[ES]:Application has no visible windows
Analyzer: process under analysis is 2252 C:\Programme\ICQ6\ICQ.exe
[ES]:Contains network functionality
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 2360 C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
[ES]:Application has no visible windows
Analyzer: process under analysis is 2428 C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 2468 C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
[ES]:Application has no visible windows
Analyzer: process under analysis is 2520 C:\Programme\Google\Google Updater\GoogleUpdater.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 2572 C:\Programme\Logitech\SetPoint\SetPoint.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2732 C:\Programme\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2756 C:\Programme\Secunia\PSI (RC3)\psi.exe
[ES]:Contains network functionality
[ES]:Capable of sending mail ?!
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 3480 C:\Programme\Skype\Plugin Manager\skypePM.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1900 C:\Programme\Mozilla Firefox\firefox.exe
[ES]:Contains network functionality
[ES]:Loads RASAPI DLL - may use dialing ?
 Number of modules loaded: 470
Scanning memory - complete
3. Scanning disks
C:\Alte Programme\PowerQuest\PartitionMagic4\RESCUEME\RESCUE\Format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\Alte Programme\PowerQuest\PartitionMagic4\RESCUEME\RESCUE\Format.com)
Direct reading C:\Dokumente und Einstellungen\Jannik\Lokale Einstellungen\Temp\~DF430A.tmp
Direct reading C:\Dokumente und Einstellungen\Jannik\Lokale Einstellungen\Temp\~DF5B89.tmp
C:\Programme\Nero\Nero 7\Nero Vision\VCDLib.dll >>> suspicion for Trojan-Downloader.Win32.Agent.ytu ( 08D09C58 00000000 0023A51B 002022DE 74752)
File quarantined succesfully (C:\Programme\Nero\Nero 7\Nero Vision\VCDLib.dll)
C:\System Volume Information\_restore{4491F64D-18F2-42B1-A8D0-62067D5211EC}\RP2\A0000048.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\System Volume Information\_restore{4491F64D-18F2-42B1-A8D0-62067D5211EC}\RP2\A0000048.com)
C:\WINDOWS\$NtServicePackUninstall$\format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\WINDOWS\$NtServicePackUninstall$\format.com)
C:\WINDOWS\$NtServicePackUninstall$\more.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\WINDOWS\$NtServicePackUninstall$\more.com)
C:\WINDOWS\$NtServicePackUninstall$\tree.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\WINDOWS\$NtServicePackUninstall$\tree.com)
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\WINDOWS\system32\nview.dll --> Suspicion for Keylogger or Trojan DLL
C:\WINDOWS\system32\nview.dll>>> Behavioural analysis
  1. Reacts to events: keyboard, all events
C:\WINDOWS\system32\nview.dll>>> Neural net: file with probability 0.22% like a typical keyboard/mouse events interceptor
File quarantined succesfully (C:\WINDOWS\system32\nview.dll)
C:\WINDOWS\system32\NVWRSDE.DLL --> Suspicion for Keylogger or Trojan DLL
C:\WINDOWS\system32\NVWRSDE.DLL>>> Behavioural analysis
 Behaviour typical for keyloggers not detected
File quarantined succesfully (C:\WINDOWS\system32\NVWRSDE.DLL)
C:\Programme\Logitech\SetPoint\lgscroll.dll --> Suspicion for Keylogger or Trojan DLL
C:\Programme\Logitech\SetPoint\lgscroll.dll>>> Behavioural analysis
  1. Reacts to events: keyboard, all events
C:\Programme\Logitech\SetPoint\lgscroll.dll>>> Neural net: file with probability 4.16% like a typical keyboard/mouse events interceptor
File quarantined succesfully (C:\Programme\Logitech\SetPoint\lgscroll.dll)
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll --> Suspicion for Keylogger or Trojan DLL
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll>>> Behavioural analysis
 Behaviour typical for keyloggers not detected
File quarantined succesfully (C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll)
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU --> Suspicion for Keylogger or Trojan DLL
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU>>> Behavioural analysis
 Behaviour typical for keyloggers not detected
File quarantined succesfully (C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU)
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
 Checking disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote-Registrierung)
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Security: automatic logon is enabled
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 115226, extracted from archives: 73540, malicious software found 0, suspicions - 1
Scanning finished at 02.09.2008 18:55:37
Time of scanning: 00:49:34
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
cvs datei
Code:
C:\Programme\SUPERAntiSpyware\SASKUTIL.sys;4;Kernel-mode hook
C:\Alte Programme\PowerQuest\PartitionMagic4\RESCUEME\RESCUE\Format.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\Programme\Nero\Nero 7\Nero Vision\VCDLib.dll;2;Suspicion for Trojan-Downloader.Win32.Agent.ytu ( 08D09C58 00000000 0023A51B 002022DE 74752)
C:\System Volume Information\_restore{4491F64D-18F2-42B1-A8D0-62067D5211EC}\RP2\A0000048.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\WINDOWS\$NtServicePackUninstall$\format.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\WINDOWS\$NtServicePackUninstall$\more.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\WINDOWS\$NtServicePackUninstall$\tree.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\WINDOWS\system32\nview.dll;5;Suspicion for Keylogger or Trojan DLL
C:\WINDOWS\system32\NVWRSDE.DLL;5;Suspicion for Keylogger or Trojan DLL
C:\Programme\Logitech\SetPoint\lgscroll.dll;5;Suspicion for Keylogger or Trojan DLL
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll;5;Suspicion for Keylogger or Trojan DLL
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU;5;Suspicion for Keylogger or Trojan DLL
und zur kompletierung auch nochmal Hijack

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:06, on 02.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\binohgvq\pobcjadk.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\Shared Files\CamTray.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Programme\Secunia\PSI (RC3)\psi.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Jannik\Desktop\Cleaner Saver\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programme\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msgprocsh] C:\WINDOWS\system32\hcdgdevw.exe
O4 - HKLM\..\Policies\Explorer\Run: [djwMIyOGaQ] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\binohgvq\pobcjadk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI (RC3).lnk = C:\Programme\Secunia\PSI (RC3)\psi.exe
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: p6_19_erinnerung.lnk = D:\Programme\phase6\phase6_19\WinStart\p6erinnerung.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8555 bytes
Superantispyware nerft hiermit

Identification
Troja.Dropper/Gen.Process

Blocked Item
C:\WINDOWS\SYSTEM32\HCDGDEVW.EXE

Bin für Entwarnung oder Hilfe äusserst dankbar

Kinnaj 02.09.2008 18:20
Superantispyware
Identification
Trojan.Dropper/Gen.Process
Blocked Item
C:\WINDOWS\SYSTEM32\HCDGDEVW.EXE
habe diese Datei noch durch www.virscan.org gejagt
Code:
VirSCAN.org Scanned Report :
Scanned time  : 2008/09/02 19:13:28 (CEST)
Scanner results: 8% der Scanner (3/36) haben Malware gefunden!
File Name      : hcdgdevw.exe
File Size      : 86016 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 7dc84860b6d2aea2706494191c047c02
SHA1          : afb3c133a400704984e13bbd9ef38b77d238b1e4
Online report  : http://virscan.org/report/5e2bc31af2c052374c955356c16def38.html

Scanner        Engine Ver      Sig Ver          Sig Date    Time  Scan result
a-squared      3.5.0.22        2008.09.01        2008-09-01  3.17  -
AhnLab V3      2008.09.03.00  2008.09.03        2008-09-03  0.88  -
AntiVir        7.8.1.23        7.0.6.105        2008-09-02  2.29  -
Arcavir        1.0.5          200809011935      2008-09-01  1.19  -
AVAST!        3.0.1          080901-0          2008-09-01  0.01  -
AVG            7.5.52.442      270.6.14/1647    2008-09-02  1.56  -
BitDefender    7.60825.1699338 7.20781          2008-09-02  2.96  -
CA (VET)      9.0.0.143      31.6.6064        2008-09-02  4.09  -
ClamAV        0.93.3          8138              2008-09-02  0.03  -
Comodo        2.11            2.0.0.635        2008-09-02  0.42  -
CP Secure      1.1.0.715      2008.09.01        2008-09-01  6.54  -
Dr.Web        4.44.0.9170    2008.09.02        2008-09-02  3.29  -
ewido          4.0.0.2        2008.09.02        2008-09-02  2.93  -
F-Prot        4.4.4.56        20080901          2008-09-01  1.20  -
F-Secure      5.51.6100      2008.09.02.04    2008-09-02  0.08  -
Fortinet      2.81-3.11      9.505            2008-09-02  1.81  Suspicious
ViRobot        20080902        2008.09.02        2008-09-02  0.43  -
Ikarus        T3.1.01.34      2008.09.02.71382  2008-09-02  3.75  -
JiangMin      11.0.706        2008.09.02        2008-09-02  1.21  -
Kaspersky      5.5.10          2008.09.02        2008-09-02  0.04  -
KingSoft      2008.1.14.15    2008.9.2.20      2008-09-02  0.70  -
McAfee        5.3.00          5374              2008-09-01  1.74  -
Microsoft      1.3807          2008.09.02        2008-09-02  4.27  TrojanDownloader:Win32/FakeAlert.C
mks_vir        2.01            2008.08.25        2008-08-25  2.58  -
Norman        5.93.01        5.93.00          2008-09-02  4.96  -
Panda          9.05.01        2008.09.01        2008-09-01  1.98  -
Trend Micro    8.700-1004      5.518.02          2008-09-02  0.03  -
Quick Heal    9.50            2008.09.02        2008-09-02  1.78  -
Rising        20.0            20.60.11.00      2008-09-02  0.76  -
Sophos        2.78.0          4.33              2008-09-02  1.74  Mal/EncPk-DG
Sunbelt        3.1.1592.1      2210              2008-08-29  0.46  -
Symantec      1.3.0.24        20080901.003      2008-09-01  0.08  -
nProtect      2008-09-02.00  2039345          2008-09-02  3.64  -
The Hacker    6.3.0.6        v00069            2008-09-01  0.40  -
VBA32          3.12.8.4        20080902.0610    2008-09-02  1.21  -
VirusBuster    4.5.11.10      10.86.2/623319    2008-09-01  0.85  -

Kinnaj 03.09.2008 16:41
ich bräuchte jemand der mir sagt das nicht alles in ordnung ist...

sobald ich ein spiel starte geht die Kiste auf 100% CPU und pendelt dann um die 95% während des Spiels.
ca 60% stehen hinter System

Need help please.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:40 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129