Trojaner TR/Qhost.N.1 macht probleme

glenkinchie · 13.10.2006, 15:47

hallo zusammen

hatte gestern den trojaner TR/Qhost.N.1 auf meinem pc. nachdem das antivir total ausrastete (sprich immer wieder trojaner meldungen kamen), schaltete ich schnell die systemwiederherstellung aus und rebootete. so, nachdem antivir nochmals durch war, und einiges löschen konnte, fuhr ich mit dem AVG free edition weiter. danach kam ad-aware se personal, ewido anti-spyware, windows defender und spybot search & destroy an die reihe. zusätzlich liess ich mein system vom online virenscanner von symantec prüfen. nach diesen aktionen schien eingentlich klar: der/die trojaner sind weg.
danach liess ich noch die registry vom CCleaner und jv16 power tools bereinigen.
so weit so gut, doch von meiner internetconnection wird in idle die volle upload-bandbreite benutzt, was drauf schliessen lässt, das das was/wer am übertragen ist.

ich wäre sehr froh, wenn ihr mal mein hijack log anschaut und vielleicht sonst irgendwelche tipps/erfahrungen mit dem Qhost posted.

vielen dank!

p.s. virenscan sowohl im normal wie im safe mode, mit und ohne systemwiederherstellung

Code:

ATTFilter

Logfile of HijackThis v1.99.1
Scan saved at 16:12:20, on 13.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ProgrammeXP\Razer\Copperhead\razerhid.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\CTHELPER.EXE
C:\ProgrammeXP\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\ProgrammeXP\Motherboard Monitor 5\MBM5.EXE
C:\ProgrammeXP\DAEMON Tools\daemon.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\ProgrammeXP\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\ProgrammeXP\Razer\Copperhead\razertra.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\ProgrammeXP\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\ProgrammeXP\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\ProgrammeXP\Firefox\firefox.exe
C:\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.ch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.ch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ProgrammeXP\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [razer] C:\ProgrammeXP\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\ProgrammeXP\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\ProgrammeXP\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Copperhead] C:\ProgrammeXP\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\ProgrammeXP\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ProgrammeXP\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\ProgrammeXP\Tweak-XP Pro 4\autostart.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\ProgrammeXP\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~3\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ProgrammeXP\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ProgrammeXP\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ProgrammeXP\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151337772328
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151339990968
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

glenkinchie · 13.10.2006, 21:46

also hier noch die logs vom escan im safe-mode, scheint nix mehr gefunden zu haben:

LOG "Check Computer" Scan

Fr Okt 13 18:05:23 2006 => ******************************************************************
Fr Okt 13 18:05:23 2006 => eScan for Windows.
Fr Okt 13 18:05:23 2006 => Copyright © 2005-2006, MicroWorld Technologies Inc.
Fr Okt 13 18:05:23 2006 => Support: support@mwti.net
Fr Okt 13 18:05:23 2006 => Web: http://www.mwti.net
Fr Okt 13 18:05:23 2006 => ******************************************************************
Fr Okt 13 18:05:23 2006 => Version 8.0.671.1
Fr Okt 13 18:05:23 2006 => LogFile: C:\PROGRA~1\eScan\Log\13100001.log
Fr Okt 13 18:05:23 2006 =>
Fr Okt 13 18:05:23 2006 => Heuristics: On
Fr Okt 13 18:05:23 2006 => Packed files: On
Fr Okt 13 18:05:23 2006 => System areas: On
Fr Okt 13 18:05:23 2006 => Archived files: On
Fr Okt 13 18:05:23 2006 => Calculate Analysis: On
Fr Okt 13 18:05:23 2006 => Action specified in case of an infection: Automatic
Fri Oct 13 18:05:24 2006 => **********************************************************
Fri Oct 13 18:05:24 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Fri Oct 13 18:05:24 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Fri Oct 13 18:05:24 2006 => **********************************************************
Fri Oct 13 18:05:24 2006 => Version 8.5.1 (C:\Programme\eScan\mwavscan.com)
Fri Oct 13 18:05:24 2006 => Log File: C:\PROGRA~1\ESCAN\LOG\13100001.LOG
Fri Oct 13 18:05:24 2006 => Last Scan Date and Time: 13.10.2006 18:03:19
Fri Oct 13 18:05:24 2006 => MWAV Registered: TRUE.
Fri Oct 13 18:05:24 2006 => User Account: Administrator
Fri Oct 13 18:05:24 2006 => OS Type: Windows Workstation
Fri Oct 13 18:05:24 2006 => OS: Windows XP
Fri Oct 13 18:05:24 2006 => Ver: Service Pack 2 (Build 2600)
Fri Oct 13 18:05:24 2006 => Windows Root Folder: C:\WINDOWS
Fri Oct 13 18:05:24 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Fri Oct 13 18:05:24 2006 => Local Fixed Drives: c:\,d:\,f:\,g:\
Fri Oct 13 18:05:24 2006 => MWAV Mode: Scan and Clean files (for viruses, adware and spyware).
Fri Oct 13 18:05:24 2006 => Command Line Options Given: /MEM /REG /STARTUP /SER /SC /S /NS /Log=C:\PROGRA~1\eScan\Log\13100001.log
Fri Oct 13 18:05:24 2006 => Database Path in KL Key: C:\PROGRA~1\eScan.
Fri Oct 13 18:05:24 2006 => Latest Date of files in KL key: 13 Oct 2006 16:34:28.
Fri Oct 13 18:05:24 2006 => Latest Date of files inside MWAV: 13 Oct 2006 16:34:28.
Fri Oct 13 18:05:24 2006 => eScan Install Directory: C:\PROGRA~1\eScan\
Fri Oct 13 18:05:24 2006 => MailScan Install Directory: C:\PROGRA~1\eScan\
Fri Oct 13 18:05:24 2006 => Setting Database Path to C:\DOKUME~1\ADMINI~1.CHU\LOKALE~1\Temp\MWBASES
Fri Oct 13 18:05:25 2006 => AV Library Loaded...

Fr Okt 13 21:43:34 2006 => ***** Scanning Completed. *****
Fr Okt 13 21:43:34 2006 =>
Fr Okt 13 21:43:34 2006 => Total Number of Files Scanned: 181431
Fr Okt 13 21:43:34 2006 => Total Number of Files Infected: 0
Fr Okt 13 21:43:34 2006 => Total Number of Files Disinfected: 0
Fr Okt 13 21:43:34 2006 => Total Number of Files Renamed: 0
Fr Okt 13 21:43:34 2006 => Total Number of Files Deleted: 0
Fr Okt 13 21:43:34 2006 => Total Number of Errors: 0
Fr Okt 13 21:43:34 2006 => Time Elapsed:: 03:37:49

LOG "Check memory & registry" Scan:

Fri Oct 13 18:03:13 2006 => **********************************************************
Fri Oct 13 18:03:13 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Fri Oct 13 18:03:13 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Fri Oct 13 18:03:13 2006 => **********************************************************
Fri Oct 13 18:03:13 2006 => Version 8.5.1 (C:\Programme\eScan\mwavscan.com)
Fri Oct 13 18:03:13 2006 => Log File: C:\PROGRA~1\ESCAN\LOG\13100000.LOG
Fri Oct 13 18:03:13 2006 => Last Scan Date and Time: 13.10.2006 17:24:18
Fri Oct 13 18:03:13 2006 => MWAV Registered: TRUE.
Fri Oct 13 18:03:13 2006 => User Account: Administrator
Fri Oct 13 18:03:13 2006 => OS Type: Windows Workstation
Fri Oct 13 18:03:13 2006 => OS: Windows XP
Fri Oct 13 18:03:13 2006 => Ver: Service Pack 2 (Build 2600)
Fri Oct 13 18:03:13 2006 => Windows Root Folder: C:\WINDOWS
Fri Oct 13 18:03:13 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Fri Oct 13 18:03:13 2006 => Local Fixed Drives: c:\,d:\,f:\,g:\
Fri Oct 13 18:03:13 2006 => MWAV Mode: Scan and Clean files (for viruses, adware and spyware).
Fri Oct 13 18:03:13 2006 => Command Line Options Given: /MEM /REG /STARTUP /SER /SC /S /WaitToExit /Log=C:\PROGRA~1\eScan\Log\13100000.log
Fri Oct 13 18:03:13 2006 => Database Path in KL Key: C:\PROGRA~1\eScan.
Fri Oct 13 18:03:14 2006 => Latest Date of files in KL key: 13 Oct 2006 16:34:28.
Fri Oct 13 18:03:14 2006 => Latest Date of files inside MWAV: 13 Oct 2006 16:34:28.
Fri Oct 13 18:03:14 2006 => eScan Install Directory: C:\PROGRA~1\eScan\
Fri Oct 13 18:03:14 2006 => MailScan Install Directory: C:\PROGRA~1\eScan\
Fri Oct 13 18:03:16 2006 => Setting Database Path to C:\DOKUME~1\ADMINI~1.CHU\LOKALE~1\Temp\MWBASES
Fri Oct 13 18:03:18 2006 => AV Library Loaded...

Fri Oct 13 18:04:38 2006 => ***** Scanning complete. *****

Fri Oct 13 18:04:38 2006 => Total Objects Scanned: 18465
Fri Oct 13 18:04:38 2006 => Total Critical Objects: 0
Fri Oct 13 18:04:38 2006 => Total Disinfected Objects: 0
Fri Oct 13 18:04:38 2006 => Total Objects Renamed: 0
Fri Oct 13 18:04:38 2006 => Total Deleted Objects: 0
Fri Oct 13 18:04:38 2006 => Total Errors: 0
Fri Oct 13 18:04:38 2006 => Time Elapsed: 00:01:19
Fri Oct 13 18:04:38 2006 => Virus Database Date: 10/13/2006
Fri Oct 13 18:04:38 2006 => Virus Database Count: 231440

Fri Oct 13 18:04:38 2006 => Scan Completed.

Fri Oct 13 18:05:18 2006 => Total Objects Scanned: 18465
Fri Oct 13 18:05:18 2006 => Total Critical Objects: 0
Fri Oct 13 18:05:18 2006 => Total Disinfected Objects: 0
Fri Oct 13 18:05:18 2006 => Total Objects Renamed: 0
Fri Oct 13 18:05:18 2006 => Total Deleted Objects: 0
Fri Oct 13 18:05:18 2006 => Total Errors: 0
Fri Oct 13 18:05:18 2006 => Time Elapsed: 00:01:19
Fri Oct 13 18:05:19 2006 => AV Library Unloaded (3)...

felix1 · 13.10.2006, 21:46

Wären vielleicht schon ein paar Leute bereit, das HJT-Log auszuwerten, wenn Du es posten würdest, wie alle anderen auch.

glenkinchie · 13.10.2006, 22:39

ah sorry, habe wahrscheinlich das hjt-log fälschlich im code-style geposted.

hier das aktuellste log:

Logfile of HijackThis v1.99.1
Scan saved at 23:19:08, on 13.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\eScan\avpm.exe
C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\Explorer.EXE
C:\ProgrammeXP\Razer\Copperhead\razerhid.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\CTHELPER.EXE
C:\ProgrammeXP\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\ProgrammeXP\Motherboard Monitor 5\MBM5.EXE
C:\ProgrammeXP\DAEMON Tools\daemon.exe
C:\ProgrammeXP\Razer\Copperhead\razertra.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\ProgrammeXP\Razer\Copperhead\razerofa.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\ProgrammeXP\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\ProgrammeXP\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Temp\TcpView\Tcpview.exe
C:\ProgrammeXP\Firefox\firefox.exe
C:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ProgrammeXP\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [razer] C:\ProgrammeXP\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\ProgrammeXP\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\ProgrammeXP\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Copperhead] C:\ProgrammeXP\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\ProgrammeXP\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Programme\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ProgrammeXP\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\ProgrammeXP\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\ProgrammeXP\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~3\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ProgrammeXP\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ProgrammeXP\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ProgrammeXP\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151337772328
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151339990968
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

also das problem des vollausgelasteten uploads trotz idle besteht weiterhin. habe mit tcpview den tcp/udp traffic analysiert, doch erstens werden keine unüblichen aktiven verbindungen angezeigt und zweites wird kein konstanter outbound traffic (den man ja mit traffic-monitors messen kann, läuft auf maximaler leistung) im tcpview registriert. schon irgendwie komisch. bekomm das problem einfach nicht in den griff und die ganzen tests ergaben bis anhin auch nichts.
also beim hjt-log fällt mir bis auf [O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll] nix besonderes auf , kenne aber natürlich nicht alle einträge. wäre froh wenn ihr mal einen blick darauf werfen könntet.

danke schonmal

MightyMarc · 14.10.2006, 01:55

Erstelle bitte ein Rootkitrevealerlog sowie ein Blacklightlog. Poste die Logs bitte hier zusammen mit den Ausgaben von

tasklist /V
tasklist /M
netstat -aon

glenkinchie · 14.10.2006, 10:14

sodele, nun hab ich glaub alle von dir verlangten daten gesammelt:

[tasklist /v]

C:\Dokumente und Einstellungen\admin>tasklist /v

Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung Status Benutzername
-Zeit Fenstertitel
========================= ===== ================ ========== =============== =============== =====================================
===== ========================================================================
System Idle Process 0 Console 0 16 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
52:58 Nicht verfügbar
System 4 Console 0 240 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
01:31 Nicht verfügbar
smss.exe 684 Console 0 420 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
csrss.exe 748 Console 0 2'760 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:17 Nicht verfügbar
winlogon.exe 776 Console 0 4'944 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:01 Nicht verfügbar
services.exe 832 Console 0 20'052 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
lsass.exe 844 Console 0 1'216 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:01 Nicht verfügbar
ati2evxx.exe 1000 Console 0 2'656 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 ATI video bios poller
svchost.exe 1012 Console 0 4'712 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
svchost.exe 1112 Console 0 4'420 K Wird ausgeführt NT-AUTORITÄT\NETZWERKDIENST
00:00 Nicht verfügbar
MsMpEng.exe 1204 Console 0 14'516 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:06 Nicht verfügbar
svchost.exe 1248 Console 0 22'512 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:08 Nicht verfügbar
svchost.exe 1304 Console 0 4'020 K Wird ausgeführt NT-AUTORITÄT\NETZWERKDIENST
00:06 Nicht verfügbar
ati2evxx.exe 1408 Console 0 2'868 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 ATI video bios poller client
svchost.exe 1448 Console 0 4'548 K Wird ausgeführt NT-AUTORITÄT\LOKALER DIENST
00:00 Nicht verfügbar
spoolsv.exe 1808 Console 0 6'900 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
sched.exe 1940 Console 0 3'332 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:01 Nicht verfügbar
avguard.exe 1952 Console 0 4'040 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
09:41 Nicht verfügbar
btwdins.exe 1972 Console 0 3'204 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
TRAYSSER.EXE 2008 Console 0 1'248 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
guard.exe 204 Console 0 5'068 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:13 Nicht verfügbar
avpM.exe 248 Console 0 11'584 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
23:11 Nicht verfügbar
MA_CMIDI_Inst.exe 284 Console 0 2'460 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
MDM.EXE 328 Console 0 2'860 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
MWASER.EXE 380 Console 0 2'380 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Mwaser
oodag.exe 592 Console 0 5'380 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:35 Nicht verfügbar
MWAGENT.EXE 628 Console 0 3'184 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
wdfmgr.exe 704 Console 0 1'620 K Wird ausgeführt NT-AUTORITÄT\LOKALER DIENST
00:00 Nicht verfügbar
explorer.exe 2340 Console 0 12'484 K Wird ausgeführt ***\admin
01:07 Nicht verfügbar
razerhid.exe 2440 Console 0 4'084 K Wird ausgeführt ***\admin
00:00 CopperheadHid
avgnt.exe 2448 Console 0 436 K Wird ausgeführt ***\admin
00:00 AntiVir Guard
CTHELPER.EXE 2468 Console 0 5'876 K Wird ausgeführt ***\admin
00:00 CtHelper32
acrotray.exe 2476 Console 0 2'572 K Wird ausgeführt ***\admin
00:00 AcrobatTrayIcon
jusched.exe 2536 Console 0 1'664 K Wird ausgeführt ***\admin
00:00 OleMainThreadWndName
MBM5.exe 2564 Console 0 2'360 K Wird ausgeführt ***\admin
00:01 MBM 5 CORE
daemon.exe 2600 Console 0 2'932 K Wird ausgeführt ***\admin
00:00 Virtual DAEMON Manager V4.03HE
CLI.exe 2668 Console 0 9'432 K Wird ausgeführt ***\admin
00:02 .NET-BroadcastEventWindow.1.0.5000.0.4
MSASCui.exe 2672 Console 0 8'520 K Wird ausgeführt ***\admin
00:00 Nicht verfügbar
TRAYICOS.EXE 2708 Console 0 6'704 K Wird ausgeführt ***\admin
00:00 Trayicos
avpMWrap.exe 2748 Console 0 2'852 K Wird ausgeführt ***\admin
00:00 Nicht verfügbar
razertra.exe 2760 Console 0 3'280 K Wird ausgeführt ***\admin
00:00 CopperheadTrayIcon
msnmsgr.exe 2780 Console 0 19'740 K Wird ausgeführt ***\admin
00:05 Nicht verfügbar
razerofa.exe 2800 Console 0 1'560 K Wird ausgeführt ***\admin
00:00 Copperhead On-the-Fly Sensitivity
MAILDISP.EXE 2812 Console 0 1'364 K Wird ausgeführt ***\admin
00:00 C:\PROGRA~1\eScan\MAILDISP.EXE
wcescomm.exe 2816 Console 0 3'836 K Wird ausgeführt ***\admin
00:00 DccMan
ctfmon.exe 2884 Console 0 3'580 K Wird ausgeführt ***\admin
00:00 Nicht verfügbar
MAILSCAN.EXE 3304 Console 0 3'116 K Wird ausgeführt ***\admin
00:00 Nicht verfügbar
SPOOLER.EXE 3316 Console 0 1'296 K Wird ausgeführt ***\admin
00:00 Nicht verfügbar
KAVSS.EXE 3532 Console 0 15'892 K Wird ausgeführt ***\admin
00:01 Nicht verfügbar
avpM.exe 3732 Console 0 3'468 K Wird ausgeführt ***\admin
00:00 Nicht verfügbar
BTTray.exe 4040 Console 0 5'704 K Wird ausgeführt ***\admin
00:00 BTTrayMainWindow
SetPoint.exe 4080 Console 0 6'588 K Wird ausgeführt ***\admin
00:00 Nicht verfügbar
BTSTAC~1.EXE 1624 Console 0 9'128 K Wird ausgeführt ***\admin
00:00 BTW Stack Server
KHALMNPR.EXE 1872 Console 0 4'416 K Wird ausgeführt ***\admin
00:00 KHALHPP_MainWindow
svchost.exe 3064 Console 0 3'580 K Wird ausgeführt NT-AUTORITÄT\SYSTEM
00:00 Nicht verfügbar
CLI.exe 3212 Console 0 6'136 K Wird ausgeführt ***\admin
00:01 .NET-BroadcastEventWindow.1.0.5000.0.e
CLI.exe 3236 Console 0 5'348 K Wird ausgeführt ***\admin
00:00 WindowsFormsParkingWindow
notepad.exe 3960 Console 0 968 K Wird ausgeführt ***\admin
00:03 trojanerdaten.txt - Editor
cmd.exe 1868 Console 0 1'212 K Wird ausgeführt ***\admin
00:00 C:\WINDOWS\system32\cmd.exe - tasklist /v
tasklist.exe 1292 Console 0 4'556 K Wird ausgeführt ***\admin
00:00 OleMainThreadWndName
wmiprvse.exe 2824 Console 0 5'440 K Wird ausgeführt NT-AUTORITÄT\NETZWERKDIENST
00:00 Nicht verfügbar

[NETSTAT -aon]

Aktive Verbindungen

Proto Lokale Adresse Remoteadresse Status PID
TCP 0.0.0.0:135 0.0.0.0:0 ABHÖREN 1112
TCP 0.0.0.0:445 0.0.0.0:0 ABHÖREN 4
TCP 0.0.0.0:2222 0.0.0.0:0 ABHÖREN 628
TCP 0.0.0.0:18350 0.0.0.0:0 ABHÖREN 1952
TCP 0.0.0.0:50300 0.0.0.0:0 ABHÖREN 592
TCP 127.0.0.1:1045 127.0.0.1:18350 HERGESTELLT 2448
TCP 127.0.0.1:1056 0.0.0.0:0 ABHÖREN 2668
TCP 127.0.0.1:1079 0.0.0.0:0 ABHÖREN 3212
TCP 127.0.0.1:1081 0.0.0.0:0 ABHÖREN 3236
TCP 127.0.0.1:1103 127.0.0.1:1102 WARTEND 0
TCP 127.0.0.1:5679 0.0.0.0:0 ABHÖREN 2816
TCP 127.0.0.1:18350 127.0.0.1:1045 HERGESTELLT 1952
TCP 192.168.2.136:139 0.0.0.0:0 ABHÖREN 4
TCP 192.168.2.136:1065 207.46.107.61:1863 HERGESTELLT 2780
TCP 192.168.2.136:4445 207.68.178.61:80 SCHLIESSEN_WARTEN 2780
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:1025 *:* 1304
UDP 0.0.0.0:1059 *:* 2780
UDP 0.0.0.0:1071 *:* 2780
UDP 0.0.0.0:1072 *:* 1304
UDP 0.0.0.0:1073 *:* 1304
UDP 0.0.0.0:1120 *:* 1304
UDP 0.0.0.0:1134 *:* 1304
UDP 0.0.0.0:1135 *:* 1304
UDP 0.0.0.0:1136 *:* 1304
UDP 0.0.0.0:1137 *:* 1304
UDP 0.0.0.0:1138 *:* 1304
UDP 0.0.0.0:1139 *:* 1304
UDP 127.0.0.1:1062 *:* 2780
UDP 127.0.0.1:1900 *:* 1448
UDP 192.168.2.136:9 *:* 2780
UDP 192.168.2.136:137 *:* 4
UDP 192.168.2.136:138 *:* 4
UDP 192.168.2.136:1900 *:* 1448
UDP 192.168.2.136:5256 *:* 2780
UDP 192.168.2.136:8952 *:* 2780
UDP 192.168.2.136:33827 *:* 2780

C:\Dokumente und Einstellungen\admin>

[BLACKLIGHT-LOG]

10/14/06 10:29:05 [Info]: BlackLight Engine 1.0.47 initialized
10/14/06 10:29:05 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/14/06 10:29:05 [Note]: 7019 4
10/14/06 10:29:05 [Note]: 7005 0
10/14/06 10:29:10 [Note]: 7006 0
10/14/06 10:29:10 [Note]: 7011 2340
10/14/06 10:29:11 [Note]: 7026 0
10/14/06 10:29:11 [Note]: 7026 0
10/14/06 10:29:26 [Note]: FSRAW library version 1.7.1020
10/14/06 10:37:50 [Note]: 7007 0

[RootkitRevealer-LOG]

HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 29.06.2006 20:26 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 29.06.2006 21:08 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 29.06.2006 20:15 0 bytes Access is denied.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 21.09.2006 12:36 252.00 KB

Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 21.09.2006 12:36 111.50 KB

Visible in Windows API, but not in MFT or directory index.

glenkinchie · 14.10.2006, 10:22

und hier noch tasklist /m

C:\Dokumente und Einstellungen\admin>tasklist /m

Abbildname PID Module
========================= ===== =============================================
System Idle Process 0 Nicht verfügbar
System 4 Nicht verfügbar
smss.exe 684 ntdll.dll
csrss.exe 748 ntdll.dll, CSRSRV.dll, basesrv.dll,
winsrv.dll, GDI32.dll, KERNEL32.dll,
USER32.dll, sxs.dll, ADVAPI32.dll,
RPCRT4.dll, WINSTA.dll, NETAPI32.dll,
msvcrt.dll, Apphelp.dll, VERSION.dll
winlogon.exe 776 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, AUTHZ.dll, msvcrt.dll,
CRYPT32.dll, USER32.dll, GDI32.dll,
MSASN1.dll, NDdeApi.dll, PROFMAP.dll,
NETAPI32.dll, USERENV.dll, PSAPI.DLL,
REGAPI.dll, Secur32.dll, SETUPAPI.dll,
VERSION.dll, WINSTA.dll, WINTRUST.dll,
IMAGEHLP.dll, WS2_32.dll, WS2HELP.dll,
MSGINA.dll, SHELL32.dll, SHLWAPI.dll,
COMCTL32.dll, ODBC32.dll, comdlg32.dll,
comctl32.dll, odbcint.dll, SHSVCS.dll,
sfc.dll, sfc_os.dll, ole32.dll, Apphelp.dll,
WINSCARD.DLL, WTSAPI32.dll, sxs.dll,
uxtheme.dll, WINMM.dll, Ati2evxx.dll,
rsaenh.dll, cscdll.dll, lbtserv.dll,
HID.DLL, MSIMG32.dll, WINSPOOL.DRV,
OLEAUT32.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, lbtintw.dll, BtCoreIf.dll,
MFC42.DLL, MFC42LOC.DLL, WlNotify.dll,
MPR.dll, WgaLogon.dll, CLBCATQ.DLL,
COMRes.dll, WINHTTP.dll, msv1_0.dll,
iphlpapi.dll, cscui.dll, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, ATL.DLL,
rtutils.dll, xpsp2res.dll, wdmaud.drv,
msacm32.drv, MSACM32.dll, midimap.dll
services.exe 832 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, USERENV.dll, SCESRV.dll,
AUTHZ.dll, umpnpmgr.dll, WINSTA.dll,
NETAPI32.dll, NCObjAPI.DLL, MSVCP60.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
UxTheme.dll, comctl32.dll, comctl32.dll,
secur32.dll, Apphelp.dll, eventlog.dll,
WS2_32.dll, WS2HELP.dll, PSAPI.DLL,
wtsapi32.dll, URLMON.DLL, IMAGEHLP.DLL,
cryptdll.dll, dnsapi.dll, mswsock.dll,
winrnr.dll, WLDAP32.dll, rasadhlp.dll,
mwtsp.dll, SPORDER.dll, hnetcfg.dll,
wshtcpip.dll, iphlpapi.dll
lsass.exe 844 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, LSASRV.dll, MPR.dll, USER32.dll,
GDI32.dll, MSASN1.dll, msvcrt.dll,
NETAPI32.dll, NTDSAPI.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, WLDAP32.dll,
Secur32.dll, SAMLIB.dll, SAMSRV.dll,
cryptdll.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, ole32.dll, OLEAUT32.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
comctl32.dll, comctl32.dll, msprivs.dll,
kerberos.dll, msv1_0.dll, iphlpapi.dll,
netlogon.dll, w32time.dll, MSVCP60.dll,
schannel.dll, CRYPT32.dll, wdigest.dll,
rsaenh.dll, setupapi.dll, scecli.dll,
pstorsvc.dll, psbase.dll, dssenh.dll
ati2evxx.exe 1000 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ole32.dll, ADVAPI32.dll,
RPCRT4.dll, msvcrt.dll, OLEAUT32.dll,
wtsapi32.dll, WINSTA.dll, NETAPI32.dll,
userenv.dll, powrprof.dll, psapi.dll,
Secur32.dll, msv1_0.dll, WS2_32.dll,
WS2HELP.dll, iphlpapi.dll, Ati2edxx.dll
svchost.exe 1012 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, rpcss.dll, Secur32.dll,
WS2_32.dll, WS2HELP.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll, termsrv.dll,
ICAAPI.dll, SETUPAPI.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, IMAGEHLP.dll,
AUTHZ.dll, mstlsapi.dll, ACTIVEDS.dll,
adsldpc.dll, NETAPI32.dll, ATL.DLL,
REGAPI.dll, rsaenh.dll, Apphelp.dll, msi.dll
svchost.exe 1112 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, rpcss.dll, Secur32.dll,
WS2_32.dll, WS2HELP.dll, xpsp2res.dll,
rsaenh.dll, mswsock.dll, mwtsp.dll,
SPORDER.dll, hnetcfg.dll, wshtcpip.dll,
DNSAPI.dll, iphlpapi.dll, winrnr.dll,
WLDAP32.dll, rasadhlp.dll, CLBCATQ.DLL,
COMRes.dll, msi.dll
MsMpEng.exe 1204 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
MpSvc.dll, MSVCP80.dll, VERSION.dll,
CRYPT32.dll, USER32.dll, GDI32.dll,
MSASN1.dll, WINTRUST.dll, IMAGEHLP.dll,
MpClient.dll, SHELL32.dll, SHLWAPI.dll,
ole32.dll, OLEAUT32.dll, USERENV.dll,
comctl32.dll, comctl32.dll, rsaenh.dll,
xpsp2res.dll, secur32.dll, netapi32.dll,
mpengine.dll, PSAPI.DLL, WS2_32.dll,
WS2HELP.dll, iphlpapi.dll, mprtplug.dll,
uxtheme.dll, CLBCATQ.DLL, COMRes.dll
svchost.exe 1248 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, xpsp2res.dll, shsvcs.dll,
WINSTA.dll, NETAPI32.dll, dhcpcsvc.dll,
DNSAPI.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, Secur32.dll, rsaenh.dll,
wzcsvc.dll, rtutils.dll, WMI.dll,
CRYPT32.dll, MSASN1.dll, WTSAPI32.dll,
ESENT.dll, ATL.DLL, mwtsp.dll, SPORDER.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
rastls.dll, CRYPTUI.dll, WINTRUST.dll,
IMAGEHLP.dll, WININET.dll, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, SETUPAPI.dll,
RASAPI32.dll, rasman.dll, TAPI32.dll,
SCHANNEL.dll, WinSCard.dll, raschap.dll,
msv1_0.dll, CLBCATQ.DLL, COMRes.dll,
schedsvc.dll, NTDSAPI.dll, MSIDLE.DLL,
audiosrv.dll, wkssvc.dll, cryptsvc.dll,
certcli.dll, dmserver.dll, es.dll,
hidserv.dll, HID.DLL, srvsvc.dll,
seclogon.dll, sens.dll, srsvc.dll,
POWRPROF.dll, trkwks.dll, wmisvc.dll,
VSSAPI.DLL, browser.dll, wuauserv.dll,
wuaueng.dll, ADVPACK.dll, SHFOLDER.dll,
WINSPOOL.DRV, WINHTTP.dll, Cabinet.dll,
mspatcha.dll, sfc.dll, sfc_os.dll,
wscsvc.dll, msi.dll, netshell.dll,
credui.dll, wbemcomn.dll, wbemcore.dll,
MSVCP60.dll, esscli.dll, FastProx.dll,
wbemsvc.dll, wmiutils.dll, repdrvfs.dll,
wmiprvsd.dll, NCObjAPI.DLL, SXS.DLL,
wbemess.dll, comsvcs.dll, colbact.DLL,
MTXCLU.DLL, WSOCK32.dll, CLUSAPI.DLL,
RESUTILS.DLL, ncprov.dll, Apphelp.dll,
netman.dll, WZCSAPI.DLL, upnp.dll,
SSDPAPI.dll, netcfgx.dll, rasmans.dll,
WINIPSEC.DLL, tapisrv.dll, PSAPI.DLL,
rastapi.dll, unimdm.tsp, uniplat.dll,
kmddsp.tsp, ndptsp.tsp, ipconf.tsp,
h323.tsp, hidphone.tsp, rasppp.dll,
ntlsapi.dll, kerberos.dll, cryptdll.dll,
rasadhlp.dll, RASDLG.dll, catsrvut.dll,
AUTHZ.dll, catsrv.dll, MfcSubs.dll, MPR.dll,
urlmon.dll
svchost.exe 1304 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, dnsrslvr.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, iphlpapi.dll,
mwtsp.dll, SPORDER.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll
ati2evxx.exe 1408 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ole32.dll, ADVAPI32.dll,
RPCRT4.dll, msvcrt.dll, OLEAUT32.dll,
wtsapi32.dll, WINSTA.dll, NETAPI32.dll,
userenv.dll, powrprof.dll, psapi.dll,
Secur32.dll, xpsp2res.dll, msv1_0.dll,
WS2_32.dll, WS2HELP.dll, iphlpapi.dll,
Ati2edxx.dll, ati2evxx.dll
svchost.exe 1448 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, xpsp2res.dll, lmhsvc.dll,
iphlpapi.dll, WS2_32.dll, WS2HELP.dll,
webclnt.dll, WININET.dll, CRYPT32.dll,
MSASN1.dll, Secur32.dll, wsock32.dll,
alrsvc.dll, NETAPI32.dll, regsvc.dll,
ssdpsrv.dll, hnetcfg.dll, CLBCATQ.DLL,
COMRes.dll, mwtsp.dll, SPORDER.dll,
mswsock.dll, wshtcpip.dll
spoolsv.exe 1808 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, GDI32.dll, USER32.dll,
msvcrt.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, ole32.dll, OLEAUT32.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
comctl32.dll, comctl32.dll, SPOOLSS.DLL,
WS2_32.dll, WS2HELP.dll, DNSAPI.dll,
rasadhlp.dll, localspl.dll, Secur32.dll,
sfc_os.dll, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, IMAGEHLP.dll, winspool.drv,
netapi32.dll, AdobePDF.dll, MSVCR71.dll,
adistres.dll, cnbjmon.dll, bthcrp.dll,
WidcommSdk.dll, wbtapi.dll, CFGMGR32.dll,
setupapi.dll, msi.dll, MFC42.DLL,
MSVCP60.dll, MFC42LOC.DLL, hpzlnt07.dll,
mdimon.dll, pjlmon.dll, tcpmon.dll,
usbmon.dll, mdippr.dll, mswsock.dll,
winrnr.dll, WLDAP32.dll, win32spl.dll,
NETRAP.dll, NTDSAPI.dll, CLBCATQ.DLL,
COMRes.dll, inetpp.dll, xpsp2res.dll
sched.exe 1940 ntdll.dll, kernel32.dll, RPCRT4.dll,
ADVAPI32.dll, VERSION.dll, USER32.dll,
GDI32.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSVCR71.dll, MSVCP71.dll,
schedr.dll, WTSAPI32.DLL, WINSTA.dll,
NETAPI32.dll, rasapi32.dll, rasman.dll,
WS2_32.dll, WS2HELP.dll, TAPI32.dll,
SHLWAPI.dll, rtutils.dll, WINMM.dll,
comctl32.dll, xpsp2res.dll, CLBCATQ.DLL,
COMRes.dll
avguard.exe 1952 ntdll.dll, kernel32.dll, VERSION.dll,
NETAPI32.dll, msvcrt.dll, ADVAPI32.dll,
RPCRT4.dll, WS2_32.dll, WS2HELP.dll,
USER32.dll, GDI32.dll, GUARDMSG.DLL,
MSVCR71.dll, AVPREF.DLL, SMTPLIB.DLL,
AVEWIN32.DLL, mwtsp.dll, SPORDER.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
FLTLIB.DLL
btwdins.exe 1972 ntdll.dll, kernel32.dll, WS2_32.dll,
msvcrt.dll, WS2HELP.dll, ADVAPI32.dll,
RPCRT4.dll, USER32.dll, GDI32.dll,
ole32.dll, OLEAUT32.dll, uxtheme.dll,
xpsp2res.dll, rsaenh.dll, SHELL32.dll,
SHLWAPI.dll, comctl32.dll, comctl32.dll,
CRYPT32.dll, MSASN1.dll, HID.DLL,
WINTRUST.dll, IMAGEHLP.dll, cfgmgr32.dll,
setupapi.dll, Secur32.dll
TRAYSSER.EXE 2008 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, USER32.dll, GDI32.dll,
Apphelp.dll
guard.exe 204 Nicht verfügbar
avpM.exe 248 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
SHELL32.dll, msvcrt.dll, SHLWAPI.dll,
ole32.dll, OLEAUT32.dll, comdlg32.dll,
COMCTL32.dll, VERSION.dll, comctl32.dll,
uxtheme.dll, avpMLoc.dll, IPC.dll,
CCClient.dll, CLBCATQ.DLL, COMRes.dll,
AvpMSrv.dll, WINMM.dll, MPR.dll,
prloader.dll, prkernel.ppl, PrString.ppl,
L_llio.ppl, avp_iont.dll, avlib.ppl,
avp1.ppl, avpgs.ppl, avpMgr.ppl, buffer.ppl,
deflate.ppl, DMAP.ppl, Explode.ppl,
HashContainer.ppl, HCCOMPARE.ppl,
ichecker.ppl, Inflate.ppl, MemModSc.ppl,
MemScan.ppl, nfio.ppl, NTFSstream.ppl,
passdmap.ppl, prseqio.ppl, PrUtil.ppl,
SFDB.ppl, stored.ppl, TempFile.ppl,
Unreduce.ppl, UNSHRINK.ppl, UnStored.ppl,
WinDiskIO.ppl, zcompare.ppl, zip.ppl
MA_CMIDI_Inst.exe 284 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
SETUPAPI.dll, msvcrt.dll, newdev.dll,
SHELL32.dll, SHLWAPI.dll, WININET.dll,
CRYPT32.dll, MSASN1.dll, OLEAUT32.dll,
ole32.dll, credui.dll, comctl32.dll,
comctl32.dll, WINTRUST.dll, IMAGEHLP.dll
MDM.EXE 328 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, msvcrt.dll, OLEAUT32.dll,
SHELL32.dll, SHLWAPI.dll, VERSION.dll,
comctl32.dll, comctl32.dll, psapi.dll,
xpsp2res.dll, CLBCATQ.DLL, COMRes.dll
MWASER.EXE 380 ntdll.dll, kernel32.dll, user32.dll,
GDI32.dll, advapi32.dll, RPCRT4.dll,
oleaut32.dll, msvcrt.dll, ole32.dll,
version.dll, comctl32.dll, uxtheme.dll
oodag.exe 592 ntdll.dll, kernel32.dll, GDI32.dll,
USER32.dll, WS2_32.dll, msvcrt.dll,
WS2HELP.dll, ADVAPI32.dll, RPCRT4.dll,
VERSION.dll, NETAPI32.dll, SHELL32.dll,
SHLWAPI.dll, comctl32.dll, comctl32.dll,
ole32.dll, OODAGRS.DLL, mwtsp.dll,
SPORDER.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll
MWAGENT.EXE 628 ntdll.dll, kernel32.dll, user32.dll,
GDI32.dll, advapi32.dll, RPCRT4.dll,
oleaut32.dll, msvcrt.dll, ole32.dll,
mpr.dll, version.dll, comctl32.dll,
uxtheme.dll, wsock32.dll, WS2_32.dll,
WS2HELP.dll, mwtsp.dll, SPORDER.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll
wdfmgr.exe 704 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, SETUPAPI.dll, Secur32.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
IMAGEHLP.dll
explorer.exe 2340 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, GDI32.dll,
USER32.dll, SHLWAPI.dll, SHELL32.dll,
ole32.dll, OLEAUT32.dll, BROWSEUI.dll,
SHDOCVW.dll, CRYPT32.dll, MSASN1.dll,
CRYPTUI.dll, WINTRUST.dll, IMAGEHLP.dll,
NETAPI32.dll, WININET.dll, WLDAP32.dll,
VERSION.dll, UxTheme.dll, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
USERENV.dll, comctl32.dll, comctl32.dll,
appHelp.dll, CLBCATQ.DLL, COMRes.dll,
cscui.dll, CSCDLL.dll, themeui.dll,
Secur32.dll, MSIMG32.dll, xpsp2res.dll,
MPR.dll, drprov.dll, ntlanman.dll,
NETUI0.dll, NETUI1.dll, NETRAP.dll,
SAMLIB.dll, davclnt.dll, MSGINA.dll,
WINSTA.dll, ODBC32.dll, comdlg32.dll,
odbcint.dll, SETUPAPI.dll, LINKINFO.dll,
ntshrui.dll, ATL.DLL, MSVCR80.dll,
rsaenh.dll, urlmon.dll, ctagent.dll,
webcheck.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, stobject.dll, BatMeter.dll,
POWRPROF.dll, WTSAPI32.dll, msi.dll,
wdmaud.drv, msacm32.drv, midimap.dll,
NETSHELL.dll, rtutils.dll, credui.dll,
iphlpapi.dll, MSCTF.dll, lgscroll.dll,
mslbui.dll, shdoclc.dll, browselc.dll,
SXS.DLL, MLANG.dll, PDFShell.dll,
RASAPI32.dll, rasman.dll, TAPI32.dll,
MSVCR71.dll, gdiplus.dll, mscms.dll,
WINSPOOL.DRV, MSVCP71.dll, MFC71DEU.DLL,
ContextMenu.dll, MFC71.DLL, ADIST32.dll,
WINHTTP.dll, jscript.dll, dfshim.dll,
mscoree.dll, msadp32.acm, Shfusion.dll,
Fusion.dll, culture.dll, ShFusRes.dll,
MpShHook.dll, MSVCP80.dll, shgina.dll,
Audiodev.dll, WMVCore.DLL, WMASF.DLL

glenkinchie · 14.10.2006, 10:24

2.Teil

razerhid.exe 2440 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, WINSPOOL.DRV, msvcrt.dll,
RPCRT4.dll, ADVAPI32.dll, SHELL32.dll,
SHLWAPI.dll, COMCTL32.dll, comctl32.dll,
wtsapi32.dll, WINSTA.dll, NETAPI32.dll,
download.dll, ISPdll.dll, SETUPAPI.dll,
ole32.dll, appHelp.dll, CLBCATQ.DLL,
COMRes.dll, OLEAUT32.dll, VERSION.dll,
rsaenh.dll, urlmon.dll, Secur32.dll,
lgscroll.dll, MSCTF.dll
avgnt.exe 2448 ntdll.dll, kernel32.dll, VERSION.dll,
WS2_32.dll, msvcrt.dll, WS2HELP.dll,
ADVAPI32.dll, RPCRT4.dll, COMCTL32.dll,
GDI32.dll, USER32.dll, SHLWAPI.dll,
MFC71U.DLL, MSVCR71.dll, SHELL32.dll,
OLEAUT32.dll, ole32.dll, MFC71DEU.DLL,
avgcmxp.dll, wtsapi32.dll, WINSTA.dll,
NETAPI32.dll, Secur32.dll, mwtsp.dll,
SPORDER.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, MSCTF.dll, lgscroll.dll
CTHELPER.EXE 2468 ntdll.dll, kernel32.dll, MFC42.DLL,
msvcrt.dll, GDI32.dll, USER32.dll,
ADVAPI32.dll, RPCRT4.dll, ole32.dll,
SETUPAPI.dll, MFC42LOC.DLL, COMCTL32.DLL,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
IMAGEHLP.dll, CLBCATQ.DLL, COMRes.dll,
OLEAUT32.dll, VERSION.dll, CTDCIFCE.DLL,
WINMM.dll, ctagent.dll, ctspkhlp.dll,
DSOUND.dll, wdmaud.drv, msacm32.drv,
MSACM32.dll, midimap.dll, KsUser.dll,
CTDC0001.DLL, ctosuser.dll, CTDPROXY.DLL,
NTMARTA.DLL, WLDAP32.dll, SAMLIB.dll,
PIAPROXY.DLL, CTDCRGER.DLL, CTDCRES.DLL,
SHLWAPI.dll, comctl32.dll, MSCTF.dll,
mslbui.dll, lgscroll.dll
acrotray.exe 2476 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, WINSPOOL.DRV, msvcrt.dll,
RPCRT4.dll, ADVAPI32.dll, SHELL32.dll,
SHLWAPI.dll, COMCTL32.dll, OLEACC.dll,
MSVCP60.dll, ole32.dll, OLEAUT32.dll,
comdlg32.dll, comctl32.dll, lgscroll.dll,
MSCTF.dll
jusched.exe 2536 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, WININET.dll, CRYPT32.dll,
msvcrt.dll, USER32.dll, GDI32.dll,
MSASN1.dll, OLEAUT32.dll, ole32.dll,
SHLWAPI.dll, comctl32.dll
MBM5.exe 2564 ntdll.dll, kernel32.dll, user32.dll,
GDI32.dll, advapi32.dll, RPCRT4.dll,
oleaut32.dll, msvcrt.dll, ole32.dll,
comctl32.dll, shell32.dll, SHLWAPI.dll,
mbm.dll, mbmio.dll, MFC42.DLL, wsock32.dll,
WS2_32.dll, WS2HELP.dll, winmm.dll,
comctl32.dll, MFC42LOC.DLL, ctagent.dll,
MSCTF.dll, lgscroll.dll
daemon.exe 2600 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Comctl32.dll, msvcrt.dll, SHLWAPI.dll,
NTMARTA.DLL, WLDAP32.dll, ole32.dll,
SAMLIB.dll, daemon.dll, CFGMGR32.dll,
setupapi.dll, PFCTOC.DLL, comdlg32.dll,
SHELL32.dll, WINSPOOL.DRV, bw5mount.dll,
ccdmount.dll, mdsmount.dll, nrgmount.dll,
pdimount.dll, lgscroll.dll, MSCTF.dll
CLI.exe 2668 ntdll.dll, mscoree.dll, KERNEL32.dll,
ADVAPI32.dll, RPCRT4.dll, SHLWAPI.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
mscorwks.dll, MSVCR71.dll, fusion.dll,
ole32.dll, SHELL32.dll, comctl32.dll,
comctl32.dll, mscorlib.dll, mscorlib.dll,
mscorsn.dll, rsaenh.dll, MSCTF.dll,
MSCORJIT.DLL, system.windows.forms.dll,
system.windows.forms.dll, xpsp2res.dll,
cli.implementation.dll, log.foundation.dll,
cli.foundation.dll,
log.foundation.service.dll,
log.foundation.shared.dll, system.dll,
system.dll, shfolder.dll,
cli.foundation.xmanifestation.dll,
system.xml.dll, system.xml.dll,
system.runtime.remoting.dll, ws2_32.dll,
WS2HELP.dll, mwtsp.dll, SPORDER.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
cli.component.runtime.dll, aticccom.dll,
aem.foundation.dll, system.drawing.dll,
system.drawing.dll, gdiplus.dll,
ctagent.dll, cli.caste.graphics.shared.dll,
cli.caste.graphics.runtime.dll,
cli.component.runtime.shared.dll,
dem.foundation.dll, dem.graphics.i0601.dll,
ace.graphics.displaysmanager.shared.dll,
DNSAPI.dll, winrnr.dll, WLDAP32.dll,
system.web.dll, atidemgr.dll,
system.management.dll, CLBCATQ.DLL,
COMRes.dll, OLEAUT32.dll, VERSION.dll,
WMINet_Utils.dll, wmiutils.dll,
wbemprox.dll, wbemcomn.dll, wbemsvc.dll,
fastprox.dll, MSVCP60.dll, NTDSAPI.dll,
NETAPI32.dll, Secur32.dll, perfcounter.dll,
NTMARTA.DLL, SAMLIB.dll, aspnet_perf.dll,
MSVCR80.dll, aspnet_isapi.dll, USERENV.dll,
ATL.DLL, mso.dll, perfproc.dll,
iphlpapi.dll, rasman.dll, msv1_0.dll,
tapi32.dll, rtutils.dll, WINMM.dll,
MPRAPI.dll, ACTIVEDS.dll, adsldpc.dll,
SETUPAPI.dll,
cli.aspect.multivpu3.graphics.runtime.dll,
cli.aspect.multivpu3.graphics.shared.dll,
cli.aspect.multivpu2.graphics.runtime.dll,
cli.aspect.multivpu2.graphics.shared.dll,
cli.aspect.multivpu.graphics.runtime.dll,
cli.aspect.multivpu.graphics.shared.dll,
cli.aspect.verylargedesktop.graphics.runtime.
dll,
cli.aspect.verylargedesktop.graphics.shared.d
ll,
cli.aspect.radeon3d.graphics.runtime.dll,
cli.aspect.radeon3dlegacy.graphics.runtime.dl
l,
cli.aspect.displayscolour2.graphics.runtime.d
ll,
cli.aspect.displayscolour2.graphics.shared.dl
l,
cli.aspect.displayscolour.graphics.runtime.dl
l,
cli.aspect.displayscolour.graphics.shared.dll
, cli.aspect.mmvideo.graphics.runtime.dll,
cli.aspect.mmvideo.graphics.shared.dll,
cli.aspect.videooverlay.graphics.runtime.dll,
cli.aspect.videooverlay.graphics.shared.dll,
ace.graphics.videooverlay.shared.dll,
cli.aspect.smartgart.graphics.runtime.dll,
cli.aspect.vpurecover.graphics.runtime.dll,
cli.aspect.vpurecover.graphics.shared.dll,
cli.aspect.workstationconfig.graphics.runtime
.dll,
cli.aspect.devicecrt.graphics.runtime.dll,
cli.aspect.devicecrt.graphics.shared.dll,
cli.aspect.devicecrt2.graphics.runtime.dll,
cli.aspect.devicecrt2.graphics.shared.dll,
cli.aspect.devicelcd.graphics.runtime.dll,
cli.aspect.devicelcd.graphics.shared.dll,
cli.aspect.devicelcd2.graphics.runtime.dll,
cli.aspect.devicelcd2.graphics.shared.dll,
cli.aspect.devicecv.graphics.runtime.dll,
cli.aspect.devicecv.graphics.shared.dll,
cli.aspect.customformats.graphics.shared.dll,
cli.aspect.devicecv2.graphics.runtime.dll,
cli.aspect.devicecv2.graphics.shared.dll,
cli.aspect.devicetv2.graphics.runtime.dll,
cli.aspect.devicetv.graphics.runtime.dll,
cli.aspect.devicedfp.graphics.runtime.dll,
cli.aspect.devicedfp.graphics.shared.dll,
cli.aspect.devicedfp2.graphics.runtime.dll,
cli.aspect.devicedfp2.graphics.shared.dll,
cli.aspect.overdrive3.graphics.runtime.dll,
cli.aspect.overdrive3.graphics.shared.dll,
cli.aspect.overdrive2.graphics.runtime.dll,
cli.aspect.powerplay3.graphics.runtime.dll,
cli.aspect.powerplay3.graphics.shared.dll,
cli.aspect.displaysoptions.graphics.runtime.d
ll,
cli.aspect.integratedumaframebuffer.graphics.
runtime.dll,
cli.aspect.infocentre.graphics.runtime.dll,
cli.aspect.infocentre.graphics.shared.dll,
cli.aspect.hotkeyshandling.graphics.runtime.d
ll,
cli.aspect.hotkeyshandling.graphics.shared.dl
l, cli.aspect.radeon3d.graphics.shared.dll,
cli.aspect.radeon3dlegacy.graphics.shared.dll
, dem.graphics.i0600.dll,
cli.aspect.smartgart.graphics.shared.dll,
cli.aspect.workstationconfig.graphics.shared.
dll,
MSASCui.exe 2672 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, MSVCP80.dll, ADVAPI32.dll,
RPCRT4.dll, GDI32.dll, USER32.dll,
SHELL32.dll, SHLWAPI.dll, ole32.dll,
OLEAUT32.dll, MpClient.dll, USERENV.dll,
gdiplus.dll, COMCTL32.dll, OLEACC.dll,
MSVCP60.dll, MsMpRes.dll, MpRtMon.DLL,
WINHTTP.dll, urlmon.dll, VERSION.dll,
MSFTEDIT.DLL, UxTheme.dll, rsaenh.dll,
secur32.dll, CLBCATQ.DLL, COMRes.dll,
msxml3.dll, lgscroll.dll, MSCTF.dll
TRAYICOS.EXE 2708 ntdll.dll, kernel32.dll, user32.dll,
GDI32.dll, advapi32.dll, RPCRT4.dll,
oleaut32.dll, msvcrt.dll, ole32.dll,
mpr.dll, comctl32.dll, winspool.drv,
comdlg32.dll, SHLWAPI.dll, SHELL32.dll,
wsock32.dll, WS2_32.dll, WS2HELP.dll,
comctl32.dll, ctagent.dll, MSCTF.dll,
Apphelp.dll, mslbui.dll, CLBCATQ.DLL,
COMRes.dll, VERSION.dll, wbemprox.dll,
wbemcomn.dll, xpsp2res.dll, wbemsvc.dll,
fastprox.dll, MSVCP60.dll, NTDSAPI.dll,
DNSAPI.dll, WLDAP32.dll, NETAPI32.dll,
Secur32.dll, lgscroll.dll, mswsock.dll,
winrnr.dll, rasadhlp.dll, mwtsp.dll,
SPORDER.dll, hnetcfg.dll, wshtcpip.dll
avpMWrap.exe 2748 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, SHELL32.dll, GDI32.dll,
USER32.dll, msvcrt.dll, SHLWAPI.dll,
comctl32.dll, comctl32.dll, Apphelp.dll,
ole32.dll, SETUPAPI.dll, AvpMHook.DLL
razertra.exe 2760 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, WINSPOOL.DRV, msvcrt.dll,
RPCRT4.dll, ADVAPI32.dll, SHELL32.dll,
SHLWAPI.dll, COMCTL32.dll, comctl32.dll,
razerlan.dll, ole32.dll, SETUPAPI.dll,
appHelp.dll, CLBCATQ.DLL, COMRes.dll,
OLEAUT32.dll, VERSION.dll, lgscroll.dll,
MSCTF.dll
msnmsgr.exe 2780 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
GDI32.dll, USER32.dll, WSOCK32.dll,
WS2_32.dll, WS2HELP.dll, SHELL32.dll,
SHLWAPI.dll, ole32.dll, OLEAUT32.dll,
MSIMG32.dll, gdiplus.dll, MSNCore.dll,
urlmon.dll, VERSION.dll, COMCTL32.dll,
UxTheme.dll, IMM32.dll, SETUPAPI.dll,
CRYPT32.dll, MSASN1.dll, WINMM.dll,
WININET.dll, iphlpapi.dll, MSACM32.dll,
msidcrl40.dll, SensApi.dll, PSAPI.DLL,
WINTRUST.dll, IMAGEHLP.dll, ContactsUX.dll,
CRYPTNET.dll, WLDAP32.dll, WINHTTP.dll,
USERENV.dll, Secur32.dll, MsImg32.dll,
MsgPlusLive.dll, WTSAPI32.dll, WINSTA.dll,
NETAPI32.dll, Detoured.dll, MSCTF.dll,
rsaenh.dll, msgslang.dll, msgsres.dll,
Riched20.dll, Msftedit.dll, Comdlg32.dll,
CLBCATQ.DLL, COMRes.dll, msxml3.dll,
MsgPlusLiveRes.dll, ctagent.dll,
inetcomm.dll, MSOERT2.dll, inetres.dll,
custsat.dll, mlang.dll, es.dll,
xpsp2res.dll, lcapi.dll, DNSAPI.dll,
DSOUND.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, rtutils.dll, msdmo.dll,
lcres.dll, RTMPLTFM.dll, wdmaud.drv,
msacm32.drv, midimap.dll, quartz.dll,
DDRAW.dll, DCIMAN32.dll, D3DIM700.DLL,
dpnhupnp.dll, mwtsp.dll, SPORDER.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
mslbui.dll, schannel.dll, SXS.DLL,
MPScripts.dll, jscript.dll, lgscroll.dll,
winrnr.dll, rasadhlp.dll, lmcdata.dll,
contact.dll, msv1_0.dll, scrrun.dll,
MFC42.DLL, MFC42LOC.DLL, msi.dll,
dssenh.dll, MSGSWCAM.dll, sirenacm.dll,
dfsr.dll, MSVCP80.dll, ESENT.dll,
netshell.dll, credui.dll, ATL.DLL,
usnsvcps.dll, appHelp.dll, LINKINFO.dll,
ntshrui.dll, shdocvw.dll, CRYPTUI.dll,
USP10.dll, msls31.dll, abssm.dll,
shdoclc.dll, devenum.dll, wmvcore.dll,
WMASF.DLL, wmadmod.dll
razerofa.exe 2800 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
lgscroll.dll, MSCTF.dll, msvcrt.dll
MAILDISP.EXE 2812 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, USER32.dll, GDI32.dll,
Apphelp.dll
wcescomm.exe 2816 ntdll.dll, kernel32.dll, MSVCRT.dll,
SHELL32.dll, ADVAPI32.dll, RPCRT4.dll,
GDI32.dll, USER32.dll, SHLWAPI.dll,
WS2_32.dll, WS2HELP.dll, COMCTL32.dll,
VERSION.dll, ole32.dll, CEUTIL.dll,
RAPI.dll, comdlg32.dll, TCP2UDP.dll,
WSOCK32.dll, WINMM.dll, ShimEng.dll,
AcGenral.DLL, OLEAUT32.dll, MSACM32.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
mwtsp.dll, SPORDER.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, MSCTF.dll,
lgscroll.dll
ctfmon.exe 2884 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, MSCTF.dll, MSUTB.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
lgscroll.dll, ctagent.dll
MAILSCAN.EXE 3304 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, msvcrt.dll, OLEAUT32.dll,
WS2_32.dll, WS2HELP.dll, MSVCLNT.DLL,
ipcclnt.dll, kavssdi.dll, kavssd.dll,
kavssi.dll, ipc.dll, Apphelp.dll
SPOOLER.EXE 3316 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, MSVCRT.dll, USER32.dll,
GDI32.dll, WS2_32.dll, WS2HELP.dll
KAVSS.EXE 3532 ntdll.dll, kernel32.dll, kavss.dll,
USER32.dll, GDI32.dll, ADVAPI32.dll,
RPCRT4.dll, MSVCRT.dll, kavssi.dll,
ole32.dll, ipc.dll
avpM.exe 3732 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
SHELL32.dll, msvcrt.dll, SHLWAPI.dll,
ole32.dll, OLEAUT32.dll, comdlg32.dll,
COMCTL32.dll, VERSION.dll, comctl32.dll,
MSCTF.dll, avpMLoc.dll, IPC.dll,
AvpMHook.DLL, mslbui.dll, lgscroll.dll
BTTray.exe 4040 ntdll.dll, kernel32.dll, CFGMGR32.dll,
setupapi.dll, msvcrt.dll, ADVAPI32.dll,
RPCRT4.dll, GDI32.dll, USER32.dll,
wbtapi.dll, msi.dll, SHLWAPI.dll, MFC42.DLL,
ole32.dll, OLEAUT32.dll, VERSION.dll,
MSVCP60.dll, RASAPI32.dll, rasman.dll,
WS2_32.dll, WS2HELP.dll, NETAPI32.dll,
TAPI32.dll, rtutils.dll, WINMM.dll,
btosif.dll, BtBalloon.dll, SHELL32.dll,
comdlg32.dll, COMCTL32.dll, MFC42LOC.DLL,
btrez.dll, CSH.dll, MSCTF.dll, CLBCATQ.DLL,
COMRes.dll, xpsp2res.dll, lgscroll.dll,
SXS.DLL
SetPoint.exe 4080 ntdll.dll, kernel32.dll, VERSION.dll,
lgscroll.dll, USER32.dll, GDI32.dll,
KEMUI.dll, MSIMG32.dll, comdlg32.dll,
SHLWAPI.dll, ADVAPI32.dll, RPCRT4.dll,
msvcrt.dll, COMCTL32.dll, SHELL32.dll,
WINSPOOL.DRV, OLEAUT32.dll, ole32.dll,
gdiplus.dll, oledlg.dll, MSCTF.dll,
MacroBT.dll, WINMM.dll, KEMHook.dll,
MacroCore.dll, IMM32.dll, lbtserv.dll,
HID.DLL, SETUPAPI.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, lbtintw.dll,
BtCoreIf.dll, WS2_32.dll, WS2HELP.dll,
MFC42.DLL, MFC42LOC.DLL, KhalApi.dll

glenkinchie · 14.10.2006, 10:25

3. und letzter teil

BTSTAC~1.EXE 1624 ntdll.dll, kernel32.dll, btins.dll, msi.dll,
ADVAPI32.dll, RPCRT4.dll, GDI32.dll,
USER32.dll, msvcrt.dll, CFGMGR32.dll,
setupapi.dll, SHLWAPI.dll, TAPI32.dll,
rtutils.dll, WINMM.dll, MFC42.DLL,
SHELL32.dll, ole32.dll, VERSION.dll,
MSVCP60.dll, btosif.dll, WS2_32.dll,
WS2HELP.dll, OLEAUT32.dll, iphlpapi.dll,
BtAudioHelper.dll, comctl32.dll,
MFC42LOC.DLL, comctl32.dll, btrez.dll,
CSH.dll, comdlg32.dll, rsaenh.dll,
CRYPT32.dll, MSASN1.dll, CLBCATQ.DLL,
COMRes.dll, xpsp2res.dll, MSCTF.dll,
lgscroll.dll, Wtsapi32.dll, WINSTA.dll,
NETAPI32.dll, SXS.DLL, WINTRUST.dll,
IMAGEHLP.dll, wdmaud.drv, msacm32.drv,
MSACM32.dll, midimap.dll
KHALMNPR.EXE 1872 ntdll.dll, kernel32.dll, SETUPAPI.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
GDI32.dll, USER32.dll, KHALAPI.DLL,
MSCTF.dll, lgscroll.dll, wtsapi32.dll,
WINSTA.dll, NETAPI32.dll, lbtserv.dll,
HID.DLL, MSIMG32.dll, comdlg32.dll,
SHLWAPI.dll, COMCTL32.dll, SHELL32.dll,
WINSPOOL.DRV, OLEAUT32.dll, ole32.dll,
comctl32.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, lbtintw.dll, BtCoreIf.dll,
WS2_32.dll, WS2HELP.dll, MFC42.DLL,
MFC42LOC.DLL, cfgmgr32.dll, KHALITCH.DLL,
KHALMW.DLL, KHALHPP.DLL, WINMM.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
IMAGEHLP.dll
svchost.exe 3064 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, ShimEng.dll, AcGenral.DLL,
USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, usnsvc.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll, msi.dll,
usnsvcps.dll, rsaenh.dll
CLI.exe 3212 ntdll.dll, mscoree.dll, KERNEL32.dll,
ADVAPI32.dll, RPCRT4.dll, SHLWAPI.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
mscorwks.dll, MSVCR71.dll, fusion.dll,
ole32.dll, SHELL32.dll, comctl32.dll,
comctl32.dll, mscorlib.dll, mscorlib.dll,
mscorsn.dll, rsaenh.dll, MSCTF.dll,
lgscroll.dll, MSCORJIT.DLL,
system.windows.forms.dll,
system.windows.forms.dll, xpsp2res.dll,
cli.implementation.dll, log.foundation.dll,
cli.foundation.dll,
log.foundation.service.dll,
log.foundation.shared.dll, system.dll,
system.dll, shfolder.dll,
cli.foundation.xmanifestation.dll,
system.xml.dll, system.xml.dll,
system.runtime.remoting.dll, ws2_32.dll,
WS2HELP.dll, mwtsp.dll, SPORDER.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
cli.component.dashboard.dll,
cli.foundation.clients.dll,
cli.component.dashboard.shared.dll,
DNSAPI.dll, winrnr.dll, WLDAP32.dll,
cli.component.runtime.dll, aticccom.dll,
branding.dll, aem.foundation.dll,
cli.caste.graphics.shared.dll,
cli.caste.local.dashboard.dll,
cli.caste.graphics.dashboard.dll,
cli.caste.graphics.dashboard.shared.dll,
system.drawing.dll, system.drawing.dll,
ace.graphics.displaysmanager.shared.dll,
cli.aspect.welcome.local.dashboard.dll,
cli.aspect.infocentre.graphics.dashboard.dll,
cli.aspect.displaysmanager.graphics.dashboar
d.dll,
cli.aspect.verylargedesktop.graphics.dashboar
d.dll,
cli.aspect.displaysoptions.graphics.dashboard
.dll,
cli.aspect.devicecrt.graphics.dashboard.dll,
cli.aspect.devicecrt2.graphics.dashboard.dll,
cli.aspect.devicelcd.graphics.dashboard.dll,
cli.aspect.devicelcd2.graphics.dashboard.dll
,
cli.aspect.devicecv.graphics.dashboard.dll,
cli.aspect.devicecv2.graphics.dashboard.dll,
cli.aspect.devicetv2.graphics.dashboard.dll,
cli.aspect.devicetv.graphics.dashboard.dll,
cli.aspect.devicedfp.graphics.dashboard.dll,
cli.aspect.devicedfp2.graphics.dashboard.dll,
cli.aspect.radeon3d.graphics.dashboard.dll,
cli.aspect.radeon3dlegacy.graphics.dashboard.
dll,
cli.aspect.displayscolour2.graphics.dashboard
.dll,
cli.aspect.displayscolour.graphics.dashboard.
dll,
cli.aspect.mmvideo.graphics.dashboard.dll,
cli.aspect.videooverlay.graphics.dashboard.dl
l,
cli.aspect.powerplay3.graphics.dashboard.dll,
cli.aspect.smartgart.graphics.dashboard.dll,
cli.aspect.vpurecover.graphics.dashboard.dll
,
cli.aspect.workstationconfig.graphics.dashboa
rd.dll,
cli.aspect.overdrive3.graphics.dashboard.dll,
cli.aspect.overdrive2.graphics.dashboard.dll
,
cli.aspect.integratedumaframebuffer.graphics.
dashboard.dll,
cli.aspect.multivpu3.graphics.dashboard.dll,
cli.aspect.multivpu2.graphics.dashboard.dll,
cli.aspect.multivpu.graphics.dashboard.dll,
cli.aspect.infocentre.graphics.shared.dll,
cli.aspect.hotkeyshandling.graphics.shared.dl
l,
cli.aspect.verylargedesktop.graphics.shared.d
ll,
cli.aspect.displaysoptions.graphics.shared.dl
l, cli.aspect.devicecrt.graphics.shared.dll,
cli.aspect.deviceproperty.graphics.shared.dll
, cli.aspect.devicecrt2.graphics.shared.dll,
cli.aspect.deviceproperty2.graphics.shared.dl
l, cli.aspect.devicelcd.graphics.shared.dll,
cli.aspect.devicelcd2.graphics.shared.dll,
cli.aspect.devicecv.graphics.shared.dll,
cli.aspect.customformats.graphics.shared.dll,
gdiplus.dll,
cli.aspect.devicecv2.graphics.shared.dll,
cli.aspect.devicetv2.graphics.shared.dll,
cli.aspect.devicetv.graphics.shared.dll,
cli.aspect.devicedfp.graphics.shared.dll,
cli.aspect.devicedfp2.graphics.shared.dll,
cli.aspect.radeon3d.graphics.shared.dll,
cli.aspect.radeon3dlegacy.graphics.shared.dll
,
cli.aspect.displayscolour2.graphics.shared.dl
l,
cli.aspect.displayscolour.graphics.shared.dll
, cli.aspect.mmvideo.graphics.shared.dll,
cli.aspect.videooverlay.graphics.shared.dll,
cli.aspect.powerplay3.graphics.shared.dll,
cli.aspect.smartgart.graphics.shared.dll,
cli.aspect.vpurecover.graphics.shared.dll,
cli.aspect.workstationconfig.graphics.shared.
dll,
cli.aspect.overdrive3.graphics.shared.dll,
cli.aspect.overdrive2.graphics.shared.dll,
cli.aspect.integratedumaframebuffer.graphics.
shared.dll,
cli.aspect.multivpu3.graphics.shared.dll,
cli.aspect.multivpu2.graphics.shared.dll,
cli.aspect.multivpu.graphics.shared.dll,
system.web.dll, perfcounter.dll, NTMART
CLI.exe 3236 ntdll.dll, mscoree.dll, KERNEL32.dll,
ADVAPI32.dll, RPCRT4.dll, SHLWAPI.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
mscorwks.dll, MSVCR71.dll, fusion.dll,
ole32.dll, SHELL32.dll, comctl32.dll,
comctl32.dll, mscorlib.dll, mscorlib.dll,
mscorsn.dll, rsaenh.dll, MSCTF.dll,
lgscroll.dll, MSCORJIT.DLL,
system.windows.forms.dll,
system.windows.forms.dll, xpsp2res.dll,
cli.implementation.dll, log.foundation.dll,
cli.foundation.dll,
log.foundation.service.dll,
log.foundation.shared.dll, system.dll,
system.dll, shfolder.dll,
cli.foundation.xmanifestation.dll,
system.xml.dll, system.xml.dll,
system.runtime.remoting.dll, ws2_32.dll,
WS2HELP.dll, mwtsp.dll, SPORDER.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
cli.component.systemtray.dll,
cli.caste.graphics.shared.dll, DNSAPI.dll,
winrnr.dll, WLDAP32.dll,
cli.component.runtime.dll, aticccom.dll,
ace.graphics.displaysmanager.shared.dll,
aem.foundation.dll, apm.foundation.dll,
system.drawing.dll, system.drawing.dll,
gdiplus.dll,
cli.component.systemtray.resources.dll,
ctagent.dll, mslbui.dll, OLEAUT32.DLL,
system.web.dll, perfcounter.dll,
NTMARTA.DLL, SAMLIB.dll, aspnet_perf.dll,
MSVCR80.dll, aspnet_isapi.dll, USERENV.dll,
ATL.DLL, NETAPI32.dll, mso.dll,
perfproc.dll, iphlpapi.dll, rasman.dll,
secur32.dll, msv1_0.dll, tapi32.dll,
rtutils.dll, WINMM.dll, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, SETUPAPI.dll
notepad.exe 3960 ntdll.dll, kernel32.dll, comdlg32.dll,
SHLWAPI.dll, ADVAPI32.dll, RPCRT4.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
COMCTL32.dll, SHELL32.dll, WINSPOOL.DRV,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, USERENV.dll, UxTheme.dll,
MSCTF.dll, lgscroll.dll, ctagent.dll,
mslbui.dll, appHelp.dll, CLBCATQ.DLL,
COMRes.dll, SETUPAPI.dll, ntshrui.dll,
ATL.DLL, NETAPI32.dll, LINKINFO.dll,
MPR.dll, drprov.dll, ntlanman.dll,
NETUI0.dll, NETUI1.dll, NETRAP.dll,
SAMLIB.dll, davclnt.dll
cmd.exe 1868 ntdll.dll, kernel32.dll, msvcrt.dll,
USER32.dll, GDI32.dll, ShimEng.dll,
AcGenral.DLL, ADVAPI32.dll, RPCRT4.dll,
WINMM.dll, ole32.dll, OLEAUT32.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
comctl32.dll, comctl32.dll, Apphelp.dll,
MSCTF.dll, lgscroll.dll, mslbui.dll
wmiprvse.exe 2824 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, wbemcomn.dll, OLEAUT32.dll,
ole32.dll, FastProx.dll, MSVCP60.dll,
NTDSAPI.dll, DNSAPI.dll, WS2_32.dll,
WS2HELP.dll, WLDAP32.dll, NETAPI32.dll,
Secur32.dll, NCObjAPI.DLL, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, comctl32.dll,
comctl32.dll, xpsp2res.dll, CLBCATQ.DLL,
COMRes.dll, wbemprox.dll, wbemsvc.dll,
wmiutils.dll, cimwin32.dll, framedyn.dll,
SETUPAPI.dll, WTSAPI32.dll, WINSTA.dll,
CFGMGR32.DLL, WMI.DLL
tasklist.exe 732 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, MPR.dll, ole32.dll, OLEAUT32.dll,
Secur32.dll, WS2_32.dll, WS2HELP.dll,
framedyn.dll, NETAPI32.dll, DBGHELP.dll,
VERSION.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, MSACM32.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
comctl32.dll, comctl32.dll, MSCTF.dll,
lgscroll.dll, xpsp2res.dll, CLBCATQ.DLL,
COMRes.dll, wbemprox.dll, wbemcomn.dll,
Winsta.dll, wbemsvc.dll, fastprox.dll,
MSVCP60.dll, NTDSAPI.dll, DNSAPI.dll,
WLDAP32.dll

glenkinchie · 14.10.2006, 12:43

ahja, wenn es zu unübersichtlich ist (was ich denke), können meine testergebnisse von "Tasklist /v /m, netstat -aon, Blacklight-Log und RootkitRevealer-Log" auch in der datei trojanerdaten.txt eingesehen werden.

danke im voraus

MightyMarc · 14.10.2006, 13:11

Moin,

suche mal bitte nach einer Datei namens guard.exe. Gehört sie zu einem der Scanner?

Du hattest mal Messenger Plus! installiert? Wenn ja, wie hast Du ihn deinstalliert (es sind noch DLLs davon geladen)?

Beide Dateien bitte mal bei Virustotal scannen lassen:

Zitat:

C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

Bitte einmal mit regdelnull aufräumen.

Edit:
Bitte nur einen Scanner verwenden.

glenkinchie · 14.10.2006, 13:56

Zitat:

suche mal bitte nach einer Datei namens guard.exe. Gehört sie zu einem der Scanner?

die datei guard.exe gehört zum C:\Programme\Grisoft\AVG Anti-Spyware 7.5

Zitat:

Du hattest mal Messenger Plus! installiert? Wenn ja, wie hast Du ihn deinstalliert (es sind noch DLLs davon geladen)?

also, seit dem ich winxp aufgesetzt habe, läuft nur windows live messenger. dazu ist das messenger plus! live version 4.01.0.240 installiert und läuft eigentlich ohne probleme. hab nie was deinstalliert bezgl. messenger

Zitat:

C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll

virustotal hat bei beiden dateien nix gefunden.

Zitat:

Bitte einmal mit regdelnull aufräumen.

ok, hab ich gemacht. als ich dann nochmals RootkitRevealer drüberlaufen liess, ist mein system abgeschmiert, sprich: direkt ins bios restarted... keine ahnung was das soll...

Zitat:

Edit:
Bitte nur einen Scanner verwenden.

hab normalerweise nur den avira antivir am laufen, jetzt halt noch zusätzlich den e-scan und avg-antispyware.

vielen dank für deine tipps und antworten!

MightyMarc · 14.10.2006, 14:13

Zitat:

Zitat von glenkinchie

also, seit dem ich winxp aufgesetzt habe, läuft nur windows live messenger. dazu ist das messenger plus! live version 4.01.0.240 installiert und läuft eigentlich ohne probleme.

Hinweis: In der Installation sind Spyware-Komponenten enthalten. Sie sollten in der Option "Sponsoren-Programm mitinstallieren" deaktiviert werden.

Zitat:

virustotal hat bei beiden dateien nix gefunden.

Poste bitte die vollständigen Berichte mit! Größen- und Hashangabe.

glenkinchie · 14.10.2006, 14:55

hallo

Zitat:

Hinweis: In der Installation sind Spyware-Komponenten enthalten. Sie sollten in der Option "Sponsoren-Programm mitinstallieren" deaktiviert werden.

so weit ich mich erinnern kann, habe ich genau das deaktiviert.

Zitat:

Poste bitte die vollständigen Berichte mit! Größen- und Hashangabe.

Complete scanning result of "System.EnterpriseServices.dll", received in VirusTotal at 10.14.2006, 15:45:08 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.14.2006 no virus found
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.13.2006 no virus found
AVG 386 10.13.2006 no virus found
BitDefender 7.2 10.14.2006 no virus found
CAT-QuickHeal 8.00 10.14.2006 no virus found
ClamAV devel-20060426 10.14.2006 no virus found
DrWeb 4.33 10.14.2006 no virus found
eTrust-InoculateIT 23.73.22 10.13.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.14.2006 no virus found
Fortinet 2.82.0.0 10.14.2006 no virus found
F-Prot 3.16f 10.13.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.14.2006 no virus found
McAfee 4873 10.13.2006 no virus found
Microsoft 1.1603 10.14.2006 no virus found
NOD32v2 1.1803 10.13.2006 no virus found
Norman 5.80.02 10.13.2006 no virus found
Panda 9.0.0.4 10.14.2006 no virus found
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.098 10.14.2006 no virus found
UNA 1.83 10.13.2006 no virus found
VBA32 3.11.1 10.13.2006 no virus found
VirusBuster 4.3.7:9 10.14.2006 no virus found

Aditional Information
File size: 258048 bytes
MD5: a78ecba0c7deff0aff8ae6ffa57c2a0a
SHA1: 1084e2e3f582932e57fbd0c2879fad407b070418

Complete scanning result of "System.EnterpriseServices.Wrapper", received in VirusTotal at 10.14.2006, 15:47:39 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.14.2006 no virus found
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.13.2006 no virus found
AVG 386 10.13.2006 no virus found
BitDefender 7.2 10.14.2006 no virus found
CAT-QuickHeal 8.00 10.14.2006 no virus found
ClamAV devel-20060426 10.14.2006 no virus found
eTrust-InoculateIT 23.73.22 10.13.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
DrWeb 4.33 10.14.2006 no virus found
Ewido 4.0 10.14.2006 no virus found
Fortinet 2.82.0.0 10.14.2006 no virus found
F-Prot 3.16f 10.13.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.14.2006 no virus found
McAfee 4873 10.13.2006 no virus found
Microsoft 1.1603 10.14.2006 no virus found
NOD32v2 1.1803 10.13.2006 no virus found
Norman 5.80.02 10.13.2006 no virus found
Panda 9.0.0.4 10.14.2006 no virus found
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.098 10.14.2006 no virus found
UNA 1.83 10.13.2006 no virus found
VBA32 3.11.1 10.13.2006 no virus found
VirusBuster 4.3.7:9 10.14.2006 no virus found

Aditional Information
File size: 114176 bytes
MD5: 396b76ec2329b07e08d79e7938b482f2
SHA1: bdc44451d923f439470fbfa10fd399cfa1e20383

noch zu einem neuen problem: nach dem fixen mit regdelnull ist der rootkitrevealer bei erneutem scan abgestürzt.
dasselbe ist nun mit jv16 power tools (registry cleaner) passiert. während dem scan finde ich mich plötzlich im bios wieder. mir scheint als stosse der scan auf einen key der komisch ist und ihn zum neustarten des pc bewegt. sehr, sehr komisch...

an marc: danke, dass du dich meines problems angenommen hast!

EDIT: jetz hat der registry scan von jv16 ohne absturz geklappt [hier das Log]. er findet wieder massig fehlerhafte einträge. bei letzten scan der abgeschlossen werden konnte, fand er nur so 2-3 fehlerhafte einträge. könnte dies die folge von regdelnull sein?

glenkinchie · 14.10.2006, 16:12

Zitat:

noch zu einem neuen problem: nach dem fixen mit regdelnull ist der rootkitrevealer bei erneutem scan abgestürzt.
dasselbe ist nun mit jv16 power tools (registry cleaner) passiert. während dem scan finde ich mich plötzlich im bios wieder. mir scheint als stosse der scan auf einen key der komisch ist und ihn zum neustarten des pc bewegt. sehr, sehr komisch...

jetzt hats auch mit dem rootkitrevealer geklappt, hier das ergebnis:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Usage\HandWritingFiles 14.10.2006 14:50 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 29.06.2006 20:15 0 bytes Access is denied.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\***\SharingMetadata\Working\database_7E14_C47B_14C4_3843\fsr0018A.log 14.10.2006 13:40 128.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\***\SharingMetadata\Working\database_7E14_C47B_14C4_3843\fsr0018B.log 14.10.2006 14:18 128.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\***\SharingMetadata\Working\database_7E14_C47B_14C4_3843\fsr0018C.log 14.10.2006 14:45 128.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\***\SharingMetadata\Working\database_7E14_C47B_14C4_3843\fsr0018D.log 14.10.2006 16:14 128.00 KB Hidden from Windows API.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\***\SharingMetadata\Working\database_7E14_C47B_14C4_3843\fsrtmp.log 14.10.2006 16:14 128.00 KB Hidden from Windows API.
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Temp\MessengerCache\x7lMCX1GDUnadTMmfASRCqmYLW8= 14.10.2006 16:23 388 bytes Hidden from Windows API.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 21.09.2006 12:36 252.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 21.09.2006 12:36 111.50 KB Visible in Windows API, but not in MFT or directory index.

13.10.2006, 21:46	#3
felix1 /// Helfer-Team	Trojaner TR/Qhost.N.1 macht probleme Wären vielleicht schon ein paar Leute bereit, das HJT-Log auszuwerten, wenn Du es posten würdest, wie alle anderen auch. __________________ __________________

Trojaner TR/Qhost.N.1 macht probleme

Log-Analyse und Auswertung: Trojaner TR/Qhost.N.1 macht probleme