sCVhost anstatt svchost - Virus? |
||
---|---|---|
#0
| ||
27.04.2007, 19:27
...neu hier
Beiträge: 3 |
||
|
||
27.04.2007, 20:04
Member
Beiträge: 3716 |
#2
hi, öffne den arbeitsplatz,extras,ordneroptionen,ansicht dort einstellen:
dateinamenerweiterungen bei bekannten dateitypen ausblenden off inhalt von systemordnern einblenden on geschützte systemdateien ausblenden off und versteckte dateien alle einblenden on. nun benenne die hijackthis.exe in hjt.com um, da sich malware vor der hijackthis.exe verstecken kann, achte darauf, das die endung .exe weck ist. erstelle und poste ein neues log! lad dir combofix: http://virus-protect.org/artikel/tools/combofix.html poste log. lad filelist, auf dem desktop entpacken, filelist.bat öffnen und von jedem verzeichniss die jeweils letzten 30 tage posten! http://members.linzag.net/680262/filelist.zip mache all diese rootkitscans: http://www.hijackthis-forum.de/showthread.php?t=20219 bitte internetverbindung trennen. am besten kabel ziehen oder wlan aus. alle programme müssen abgeschalten sein! poste bitte alle rootkitlogs |
|
|
||
27.04.2007, 20:19
...neu hier
Themenstarter Beiträge: 3 |
#3
iOk hab jetzt alles gemacht
Hab aber kA ob da was faul is, für mich sah's aber schonmal gut aus weil wenig gefunden wurde bzw. keine scvhost dabei war Logfile of HijackThis v1.99.1 Scan saved at 20:28:30, on 27.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\mHotkey.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\DitExp.exe C:\Programme\avmwlanstick\FRITZWLANMini.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe C:\Dokumente und Einstellungen\Timo\Desktop\VundoFix.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Programme\Hijackthis\hjt.com Keine scvhost.exe hier, auch nicht mehr im Taskmanager sichtbar, seit ich diese gelöscht habe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D67B597547283DC2 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Programme\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo O4 - Startup: wkcalrem.LNK = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: phase6_17_erinnerung.lnk = C:\Programme\phase6\phase6_17\WinStart\WinStart.exe O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {82DEF876-14E4-4CE5-9CA4-DE79A2EE46D2} - http://www.medionshop.de/ (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1123.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Boonty Games - Unknown owner - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe ComboFix "Timo" - 07-04-27 20:37:27 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Dokumente und Einstellungen\Timo\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\services.exe ((((((((((((((((((((((((((((((( Files Created from 2007-03-27 to 2007-04-27 )))))))))))))))))))))))))))))))))) 2007-04-27 19:59 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-04-27 19:59 <DIR> d-------- C:\WINDOWS\LastGood 2007-04-27 19:45 <DIR> d-------- C:\VundoFix Backups 2007-04-27 18:44 <DIR> d-------- C:\DOKUME~1\Timo\DoctorWeb 2007-04-27 18:23 <DIR> d-------- C:\WINDOWS\pss DIESE DATEI MEINE ICH 2007-04-27 18:03 182,784 --a------ C:\WINDOWS\system\scvhost.exe 2007-04-11 16:03 152,833 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys 2007-04-09 20:50 <DIR> d-------- C:\Programme\Dungeon Lords 2007-04-04 14:36 <DIR> d-------- C:\Programme\FLVPlayer 2007-04-04 13:54 118,784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe 2007-04-04 13:53 118,784 --a------ C:\WINDOWS\GREUninstall.exe 2007-04-04 13:53 <DIR> d-------- C:\Programme\mozilla.org 2007-04-02 23:29 <DIR> d-------- C:\Programme\Tibia79 original 2007-03-31 18:59 <DIR> d-------- C:\Programme\PacificPoker (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-27 18:58 -------- d-------- C:\Programme\tibia7.9 2007-04-27 15:31 42384 --a------ C:\DOKUME~1\Timo\ANWEND~1\wklnhst.dat 2007-04-23 19:18 -------- d-------- C:\Programme\kopie von tibia7.9 2007-04-23 15:24 -------- d-------- C:\Programme\tibia78 2007-04-16 15:29 62578 --a------ C:\WINDOWS\system32\perfc007.dat 2007-04-16 15:29 386338 --a------ C:\WINDOWS\system32\perfh007.dat 2007-04-16 14:14 -------- d--h----- C:\Programme\installshield installation information 2007-04-13 22:28 -------- d-------- C:\DOKUME~1\Timo\ANWEND~1\skype 2007-04-13 20:39 -------- d-------- C:\Programme\no23 recorder 2007-04-04 13:54 10978 --a------ C:\WINDOWS\mozver.dat 2007-04-04 02:48 -------- d-------- C:\DOKUME~1\Timo\ANWEND~1\screenshot sender 2007-03-18 21:55 -------- d-------- C:\Programme\tibia76 2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 20:20 280 --a------ C:\WINDOWS\xxxx.bat 2007-03-08 18:31 -------- d-------- C:\Programme\finale 2003 2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-07 17:50 -------- d-------- C:\Programme\icqlite 2007-03-03 19:28 -------- d-------- C:\Programme\msn messenger 2007-03-01 20:28 -------- d-------- C:\Programme\messenger plus! live 2007-03-01 17:23 -------- d-------- C:\Programme\skype 2007-02-12 19:29 59232 --a------ C:\WINDOWS\system32\sourceplug.dll 2007-02-12 19:29 257376 --a------ C:\WINDOWS\system32\medialogic.dll 2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll 2007-01-30 17:32 82744 --a------ C:\DOKUME~1\Timo\ANWEND~1\gdipfontcachev1.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll [x] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {56F1D444-11BF-4879-A12B-79CF0177F038} c:\programme\zango\zangohook.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "Dit"="Dit.exe" "Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s" "CHotkey"="mHotkey.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "REGSHAVE"="C:\\Programme\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "zango"="\"c:\\programme\\zango\\zango.exe\"" "AVMWlanClient"="C:\\Programme\\avmwlanstick\\FRITZWLANMini.exe" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" "SeaMonkey Quick Launch"="\"C:\\Programme\\mozilla.org\\SeaMonkey\\SeaMonkey.exe\" -turbo" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLDial" "hkey"="HKLM" "command"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a470b456-25f6-11db-ad5d-487444737531}] Shell\AutoRun\command H:\pushinst.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CO_MON Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1091262235.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-27 20:42:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-27 20:43:02 C:\ComboFix-quarantined-files.txt ... 07-04-27 20:43 Filelist Verzeichnis von C:\ 27.04.2007 20:47 43 filelist.txt 27.04.2007 20:43 6.983 ComboFix.txt 27.04.2007 20:43 318 ComboFix-quarantined-files.txt 27.04.2007 19:45 154 VundoFix.txt 27.04.2007 18:27 211 boot.ini 27.04.2007 18:25 536.399.872 hiberfil.sys 27.04.2007 18:25 805.306.368 pagefile.sys 17.04.2007 16:39 516 hpfr3420.xml 17.04.2007 16:39 82.982 hpfr3425.log Verzeichnis von C:\WINDOWS 27.04.2007 19:59 442.731 setupapi.log 27.04.2007 18:27 772 win.ini 27.04.2007 18:27 227 system.ini 27.04.2007 18:26 0 0.log 27.04.2007 18:26 159 wiadebug.log 27.04.2007 18:26 3.900 ModemLog_Creatix V.9X data fax modem.txt 27.04.2007 18:26 2.016.917 WindowsUpdate.log 27.04.2007 18:26 50 wiaservc.log 27.04.2007 18:25 2.048 bootstat.dat 27.04.2007 18:25 32.622 SchedLgU.Txt 27.04.2007 18:03 31 config0.ini 26.04.2007 20:58 135 NeroDigital.ini 26.04.2007 20:34 350 avmcowlan.log 21.04.2007 03:52 86.528 catchme.exe 13.04.2007 16:42 325.008 wmsetup.log 11.04.2007 08:20 156.478 iis6.log 11.04.2007 08:20 333.744 comsetup.log 11.04.2007 08:20 203.979 ntdtcsetup.log 11.04.2007 08:20 51.630 ocmsn.log 11.04.2007 08:20 388.515 tsoc.log 11.04.2007 08:20 1.374 imsins.log 11.04.2007 08:20 14.492 KB931784.log 11.04.2007 08:20 500.373 ocgen.log 11.04.2007 08:20 49.968 msgsocm.log 11.04.2007 08:20 995.217 FaxSetup.log 11.04.2007 08:19 1.374 imsins.BAK 11.04.2007 08:19 12.551 KB931261.log 11.04.2007 08:19 12.866 KB930178.log 11.04.2007 08:19 69.464 updspapi.log 11.04.2007 08:19 14.734 KB932168.log 09.04.2007 12:10 14.415 KB925902.log 04.04.2007 13:54 118.784 SeaMonkeyUninstall.exe 04.04.2007 13:54 10.978 mozver.dat 04.04.2007 13:53 118.784 GREUninstall.exe Verzeichnis von C:\WINDOWS\system -->27.04.2007 18:03 182.784 scvhost.exe<-- Verzeichnis von C:\WINDOWS\system32 27.04.2007 19:07 2.206 wpa.dbl 16.04.2007 15:29 51.814 perfc009.dat 16.04.2007 15:29 376.016 perfh009.dat 16.04.2007 15:29 386.338 perfh007.dat 16.04.2007 15:29 62.578 perfc007.dat 16.04.2007 15:29 886.928 PerfStringBackup.INI 09.04.2007 12:13 278.944 FNTCACHE.DAT 03.04.2007 22:48 13.511.640 MRT.exe 02.04.2007 14:21 428.032 swreg.exe Verzeichnis von C:\WINDOWS\Prefetch 27.04.2007 20:47 12.356 FIND.EXE-0EC32F1E.pf 27.04.2007 20:47 39.334 CMD.EXE-087B4001.pf 27.04.2007 20:43 84.080 NOTEPAD.EXE-336351A9.pf 27.04.2007 20:43 13.690 NIRCMD.CFEXE-19FF4781.pf 27.04.2007 20:43 132.224 FIREFOX.EXE-1D57670A.pf 27.04.2007 20:43 84.908 VFIND.CFEXE-2033727F.pf 27.04.2007 20:43 11.424 SORT.EXE-194AE83C.pf 27.04.2007 20:43 83.560 20385.CFEXE-308F69DD.pf 27.04.2007 20:42 17.066 FINDSTR.EXE-0CA6274B.pf 27.04.2007 20:41 5.736 CHCP.COM-18156052.pf 27.04.2007 20:41 13.672 REGT.CFEXE-15DB5DAE.pf 27.04.2007 20:41 3.506 REGBINDUMP.CFEXE-28A4A438.pf 27.04.2007 20:41 10.712 SWREG.CFEXE-2BF4FFCD.pf 27.04.2007 20:41 12.132 ATTRIB.EXE-39EAFB02.pf 27.04.2007 20:41 7.120 SWSC.CFEXE-3B4FE4FE.pf 27.04.2007 20:41 6.084 DUMPHIVE.CFEXE-2ED3B134.pf 27.04.2007 20:38 6.588 SWXCACLS.CFEXE-365F7973.pf 27.04.2007 20:37 4.794 HANDLE.CFEXE-13427ED2.pf 27.04.2007 20:37 20.202 SETPATH.CFEXE-034E3D26.pf 27.04.2007 20:36 8.604 SWREG.EXE-3560BE42.pf 27.04.2007 20:36 47.850 COMBOFIX.EXE-1809FC5E.pf 27.04.2007 20:28 19.366 HJT.COM-247153AB.pf 27.04.2007 20:26 71.468 WMIPRVSE.EXE-28F301A9.pf 27.04.2007 20:22 23.262 VERCLSID.EXE-3667BD89.pf 27.04.2007 20:21 96.176 WINRAR.EXE-3588DFE8.pf 27.04.2007 20:00 62.290 WSOOPSCAN.EXE-0597EA0F.pf 27.04.2007 19:55 111.326 IEXPLORE.EXE-2CA9778D.pf 27.04.2007 19:45 23.914 VUNDOFIX.EXE-32199871.pf 27.04.2007 19:36 23.580 TASKMGR.EXE-20256C55.pf 27.04.2007 19:30 18.360 HIJACKTHIS.EXE-1CB4CC24.pf 27.04.2007 19:26 42.794 TIBIA.EXE-00EBD6F1.pf 27.04.2007 19:26 90.252 TIBICAM.EXE-3AED4D0B.pf 27.04.2007 19:23 54.684 CUREIT.EXE-24B67E12.pf 27.04.2007 19:23 11.378 _START.EXE-1D0E6CC8.pf 27.04.2007 19:23 39.480 CUREIT.EXE-2BEBD67B.pf 27.04.2007 19:13 90.336 PSP.EXE-349851F5.pf 27.04.2007 19:11 31.714 PHOTOED.EXE-0635276A.pf 27.04.2007 19:08 105.554 WKSCAL.EXE-28DC9075.pf 27.04.2007 19:08 7.442 WKCALREM.EXE-21E976E2.pf 27.04.2007 19:08 94.244 SEAMONKEY.EXE-10ABC95D.pf 27.04.2007 19:08 22.038 ATIPTAXX.EXE-12B5048A.pf 27.04.2007 19:08 28.916 WINSTART.EXE-0965B79A.pf 27.04.2007 19:08 18.010 IMAPI.EXE-0BF740A4.pf 27.04.2007 19:08 30.438 DITEXP.EXE-205A659C.pf 27.04.2007 19:08 9.832 REALSCHED.EXE-0A2A7558.pf 27.04.2007 19:08 82.066 WKUFIND.EXE-18C07230.pf 27.04.2007 19:08 13.412 RUNDLL32.EXE-451FC2C0.pf 27.04.2007 19:08 69.240 REALMON.EXE-040CB3EE.pf 27.04.2007 19:08 15.834 MHOTKEY.EXE-28F476F7.pf 27.04.2007 19:08 14.292 DIT.EXE-08CE4330.pf 27.04.2007 19:08 90.720 EXPLORER.EXE-082F38A9.pf 27.04.2007 19:07 12.142 REGSHAVE.EXE-1B6F0123.pf 27.04.2007 19:07 6.498 NEROCHECK.EXE-092C6DFA.pf 27.04.2007 19:07 47.814 WGATRAY.EXE-0ED38BED.pf 27.04.2007 19:07 104.028 USERINIT.EXE-30B18140.pf 27.04.2007 19:07 33.516 LOGONUI.EXE-0AF22957.pf 27.04.2007 19:05 13.696 CLEANUP.EXE-3438663A.pf 27.04.2007 19:00 12.388 CLEANUP452.EXE-24E86342.pf 27.04.2007 18:42 111.388 WMPLAYER.EXE-09969333.pf 27.04.2007 18:27 103.240 WUAUCLT.EXE-399A8E72.pf 27.04.2007 18:27 33.854 MSCONFIG.EXE-35E4DAE9.pf 27.04.2007 18:27 15.102 CTFMON.EXE-0E17969B.pf 27.04.2007 18:27 15.206 SVCHOST.EXE-3530F672.pf 27.04.2007 18:27 17.134 RUNDLL32.EXE-18ACD379.pf 27.04.2007 18:27 845.018 NTOSBOOT-B00DFAAD.pf 27.04.2007 18:08 16.386 REGEDIT.EXE-1B606482.pf 27.04.2007 18:03 10.962 SCVHOST.EXE-04ABF901.pf 27.04.2007 18:03 33.636 FOTO.SCR-0DF12570.pf Sind diese Dateien auch gefährlich / zu löschen? 27.04.2007 18:03 45.712 SHELLSCN.EXE-1F4C0C32.pf 27.04.2007 17:45 18.824 MSMSGS.EXE-32066BA5.pf 27.04.2007 17:45 6.540 ATIPRBXX.EXE-2EF3CAC1.pf 27.04.2007 15:17 74.740 WKDSTORE.EXE-31475208.pf 27.04.2007 15:17 124.204 WINWORD.EXE-259486DA.pf 27.04.2007 14:14 260.700 Layout.ini 27.04.2007 14:10 11.096 LOGON.SCR-151EFAEA.pf 27.04.2007 13:59 21.252 TEATIMER.EXE-38E505A8.pf 27.04.2007 09:59 75.488 USNSVC.EXE-1D8C2356.pf 27.04.2007 09:58 98.690 MSNMSGR.EXE-091111D0.pf 26.04.2007 21:23 50.424 WMPLAYER.EXE-09969339.pf 26.04.2007 20:52 61.558 INODIST.EXE-1EAB7ACC.pf 26.04.2007 20:47 73.200 MOVIEMK.EXE-26DF9BB8.pf 26.04.2007 20:41 75.460 FRITZWLANMINI.EXE-0EC17C3E.pf 26.04.2007 20:41 61.314 PUSHINST.EXE-2C9AD21D.pf 26.04.2007 20:41 14.172 PUSHINST.EXE-211A3D10.pf 26.04.2007 14:47 31.078 TIBIA.EXE-0101928C.pf 26.04.2007 14:46 18.274 IP-MASTER.EXE-0C7C9F83.pf 24.04.2007 19:37 18.340 DEFRAG.EXE-273F131E.pf 24.04.2007 19:35 68.194 DFRGNTFS.EXE-269967DF.pf 24.04.2007 16:18 21.382 II_NT86.EXE-3792F433.pf 24.04.2007 16:18 35.810 INOUPDATE.EXE-12C51D08.pf 23.04.2007 15:17 53.710 TIBIA.EXE-394A2992.pf 23.04.2007 13:49 24.656 RUNDLL32.EXE-121782E9.pf 22.04.2007 17:29 27.210 REALEVENT.EXE-08417BE7.pf 22.04.2007 17:28 44.548 REALPLAY.EXE-39F79CBD.pf 21.04.2007 23:54 91.030 WMPLAYER.EXE-09969337.pf 21.04.2007 20:19 16.092 RUNDLL32.EXE-44E8DE89.pf 21.04.2007 20:19 40.232 RUNDLL32.EXE-188DF14E.pf 21.04.2007 20:17 19.142 RUNDLL32.EXE-2113963F.pf 21.04.2007 19:04 79.728 NEROMEDIAPLAYER.EXE-2F6267EB.pf 21.04.2007 18:51 58.914 RUNDLL32.EXE-3AF9CD89.pf 21.04.2007 17:30 76.552 HYCAM2.EXE-206CAE09.pf 21.04.2007 12:44 8.502 RSVP.EXE-04E70CF3.pf 19.04.2007 21:17 5.350 WMPLAYER.EXE-0996933A.pf 17.04.2007 16:39 45.276 HPZSTC07.EXE-14965F81.pf 17.04.2007 16:39 38.270 HPZENG07.EXE-3732AEC1.pf 17.04.2007 16:38 57.228 MSWORKS.EXE-118DC2B4.pf 16.04.2007 18:19 84.292 HELPSVC.EXE-2878DDA2.pf 16.04.2007 15:29 74.020 WMIADAP.EXE-2DF425B2.pf 16.04.2007 15:23 43.064 RUNDLL32.EXE-4742C311.pf 16.04.2007 06:33 71.218 SETUP.EXE-016698FA.pf 15.04.2007 16:52 29.426 A~NSISU_.EXE-0EE31BB1.pf 15.04.2007 16:51 11.614 UNINST.EXE-117A29BB.pf 14.04.2007 19:05 102.124 GAMEMON.DES-29A5427F.pf 14.04.2007 19:05 110.312 GAMEGUARD.DES-2DF2ECC0.pf 14.04.2007 19:03 117.424 NEUZ.EXE-0F56B5B5.pf 14.04.2007 19:02 97.328 FLYFF.EXE-1BDFF509.pf 14.04.2007 12:36 54.552 ENCARTA.EXE-1F15D3C7.pf 13.04.2007 20:06 51.406 WMPLAYER.EXE-09969338.pf 13.04.2007 19:59 59.512 NO23RECORDER.EXE-035E062B.pf 13.04.2007 17:32 48.078 SKYPEPM.EXE-03F1BFBD.pf 13.04.2007 17:31 56.856 SKYPE.EXE-21F19BC8.pf 13.04.2007 16:42 26.700 SETUP_WM.EXE-19AC5A9B.pf 13.04.2007 16:40 76.350 ICQLITE.EXE-2AEFACA7.pf 13.04.2007 11:31 18.820 DRWTSN32.EXE-2B4B52AC.pf 13.04.2007 11:31 49.190 DWWIN.EXE-30875ADC.pf 12.04.2007 17:56 52.520 MRT.EXE-1B4A8D49.pf 12.04.2007 17:56 35.436 WINDOWS-KB890830-V1.28-DELTA.-017E77B8.pf 12.04.2007 17:56 51.222 MRTSTUB.EXE-33F17B02.pf 12.04.2007 15:13 61.540 RUNDLL32.EXE-2576181F.pf 11.04.2007 20:05 51.832 DUMPREP.EXE-1B46F901.pf 130 Datei(en) 6.857.796 Bytes 0 Verzeichnis(se), 63.230.406.656 Bytes frei Verzeichnis von C:\DOKUME~1\Timo\LOKALE~1\Temp 27.04.2007 19:45 32.768 ~DF8ACB.tmp 1 Datei(en) 32.768 Bytes 0 Verzeichnis(se), 63.230.152.704 Bytes frei Ich habe mit sämtlichen Programmen nach Rootkits gecheckt und es wurde nichts gefunden (z.B. im Anhang) 04/27/07 21:11:25 [Info]: BlackLight Engine 1.0.61 initialized 04/27/07 21:11:25 [Info]: OS: 5.1 build 2600 (Service Pack 2) 04/27/07 21:11:25 [Note]: 7019 4 04/27/07 21:11:25 [Note]: 7005 0 04/27/07 21:11:30 [Note]: 7006 0 04/27/07 21:11:30 [Note]: 7011 976 04/27/07 21:11:30 [Note]: 7026 0 04/27/07 21:11:30 [Note]: 7026 0 04/27/07 21:11:35 [Note]: FSRAW library version 1.7.1021 04/27/07 21:22:08 [Note]: 2000 1012 04/27/07 21:22:08 [Note]: 2000 1012 04/27/07 21:22:08 [Note]: 2000 1012 04/27/07 21:22:45 [Note]: 7007 0 +---------------------------------------------------- | Trend Micro RootkitBuster 1.6 Beta. | Module version: 1.6.0.1052 +---------------------------------------------------- --== Dump Hidden File on C:\ ==-- No hidden files found. --== Dump Hidden Registry Value on HKLM ==-- No hidden registry entries found. --== Dump Hidden Process ==-- No hidden processes found. --== Dump Hidden Driver ==-- No hidden drivers found. Anhang: Panda Anti-Rootkit.jpg Dieser Beitrag wurde am 28.04.2007 um 08:51 Uhr von Timpa editiert.
|
|
|
Hab ich jetzt Glück gehabt und bin nochmal davongekommen oder ist da doch noch was faul?
Mfg
Timpa
Logfile of HijackThis v1.99.1
Scan saved at 19:30:24, on 27.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\Programme\avmwlanstick\FRITZWLANMini.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D67B597547283DC2 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Programme\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - Startup: wkcalrem.LNK = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: phase6_17_erinnerung.lnk = C:\Programme\phase6\phase6_17\WinStart\WinStart.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {82DEF876-14E4-4CE5-9CA4-DE79A2EE46D2} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1123.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Boonty Games - Unknown owner - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
PS: Dr. Web hat nix auf meinem Pc gefunden
Das einzige beunruhigende ist, dass zieml. viele svchost.exe im Taskmanager angezeigt werden
Zu der Datei, die ich geöffnet hab:
Scanned file: foto.scr - Infected
foto.scr - infected by Trojan-Spy.Win32.Delf.ty
Statistics:
Known viruses: 304177 Updated: 27-04-2007
File size (Kb): 384 Virus bodies: 1
Files: 1 Warnings: 0
Archives: 0 Suspicious: 0
(gescannt mit Kaspersky-Onlinescanner)
Außerdem
Zuletzt gefundene Malware war advyk1.jpg, gefunden von:
Scanner Name der Malware
A-Squared X
AntiVir X
ArcaVir X
Avast Win32elf-EIZ
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
VirusBuster X
VBA32 X
bei virusscan.jotti.org