Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner.LowZones

Trojaner.LowZones


Plagegeister aller Art und deren Bekämpfung: Trojaner.LowZones

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 27.10.2008, 15:29   #16
Silent sharK
 
Trojaner.LowZones - Standard

Trojaner.LowZones


Hm,
und das ist im Safe Mode dasselbe?
Naja, legen wir das mal beiseite.
Ein Rootkitscan kann evtl. auch Aufklärung bringen:

Blacklight scannen lassen
  • Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem Link.
  • Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen.
  • Klick "I accept the agreement", "next", "Scan".
  • Wenn der Scan fertig ist beende Blacklight mit "Close".
  • Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern.


Sophos scannen lassen
  • Gehe zu Sophos und lade dir ihren Rootkitescanner herunter. Du bekommst eine Installationsdatei sarsfx.exe.
  • Starte diese, akzeptiere die Lizenz und lass das Programm installieren, ändere den Pfad C:\SOPHTEMP nicht.
  • Gehe mit dem Explorer in diesen Ordner und starte sargui.exe, schließe danach alle anderen Programme.
  • Lass unter Area alles angehalt und starte den Scan mit "Start scan". Der Scan dauert einige Zeit, wenn er fertig ist poppt ein Fenster auf mit einer Zusammenfassung, klicke dort "Ok". Beende den Sophos Rootkitscanner, dieser Scan dient nur der Analyse.
  • Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche), dort gibt es eine Datei sarscan.log, deren Inhalt bitte posten.


Gmer scannen lassen

Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
  • Starte gmer.exe und gehe zum Tab Rootkit. Alle anderen Programme sollen geschlossen sein.
  • Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist
  • (Wichtig: "Show all" darf nicht angehakt sein)
  • Starte den Durchlauf mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird GMER beendet.
  • Füge das Log aus der Zwischenablage in deine Antwort hier ein.
__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.

Alt 27.10.2008, 15:54   #17
Scara
 
Trojaner.LowZones - Standard

Trojaner.LowZones


hab nun GMER scannen lassen, ich kops in mehreren antworten da es sonst zu lange ist.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-27 15:50:34
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8D355D50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8D356B38]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8D35617C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0x8D355346]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0x8D355964]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0x8D3550A8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0x8D3557D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8D355F36]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0x8D354C78]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0x8D354B2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0x8D3567D8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0x8D355B74]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0x8D35484A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0x8D35567A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0x8D3549D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8D3551BE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0x8D3565B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0x8D356978]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0x8D355508]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0x8D35556E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0x8D354F72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0x8D354E40]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThreadEx [0x8D356282]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateUserProcess [0x8D356D82]

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!KeInsertQueue + 309 820B7900 4 Bytes [ 50, 5D, 35, 8D ]
.text ntoskrnl.exe!KeInsertQueue + 32D 820B7924 8 Bytes [ 38, 6B, 35, 8D, 7C, 61, 35, ... ]
.text ntoskrnl.exe!KeInsertQueue + 3B1 820B79A8 4 Bytes [ 46, 53, 35, 8D ]
.text ntoskrnl.exe!KeInsertQueue + 3C9 820B79C0 4 Bytes [ 64, 59, 35, 8D ]
.text ntoskrnl.exe!KeInsertQueue + 3F5 820B79EC 4 Bytes [ A8, 50, 35, 8D ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 003D4F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 003D5060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] USER32.dll!mouse_event 75A81305 5 Bytes JMP 003D16D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 003D4C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 003D1550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 003D1860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 003D1230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 003D13C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 003D4AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 003D4960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 00644F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 00645060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 00641860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 00641230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 006413C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] USER32.dll!mouse_event 75A81305 5 Bytes JMP 006416D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 00644C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 00641550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 00644AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 00644960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.
__________________
Alt 27.10.2008, 15:55   #18
Scara
 
Trojaner.LowZones - Standard

Trojaner.LowZones


text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!
__________________
Alt 27.10.2008, 15:56   #19
Scara
 
Trojaner.LowZones - Standard

Trojaner.LowZones


CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] ntdll.dll!NtClose 771F7F48 5 Bytes JMP

Alt 27.10.2008, 15:58   #20
Silent sharK
 
Trojaner.LowZones - Standard

Trojaner.LowZones


Wenn du einen Router hast, kannst du die Comodo Firewall runterhauen, die brauchst du nicht.
Windows Defender reicht auch so vollkommen aus.

Ich muss auch noch was gestehen, mir fiel gerade ein, das Combofix/SDFix bei dir überhaupt nicht läuft.
Entschuldige bitte, war mein Fehler.

__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.

Alt 27.10.2008, 15:58   #21
Scara
 
Trojaner.LowZones - Standard

Trojaner.LowZones


10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 00224F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 00225060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] USER32.dll!mouse_event 75A81305 5 Bytes JMP 002216D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 00224C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 00221550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 00221860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 00221230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 002213C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 00224AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 00224960 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860

Alt 27.10.2008, 15:59   #22
Scara
 
Trojaner.LowZones - Standard

Trojaner.LowZones


C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP

Alt 27.10.2008, 16:01   #23
Scara
 
Trojaner.LowZones - Standard

Trojaner.LowZones


10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[740] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 002D0002
IAT C:\Windows\system32\services.exe[740] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 002D0000

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 KBFilter.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

Alt 27.10.2008, 16:06   #24
Scara
 
Trojaner.LowZones - Standard

Trojaner.LowZones


okay, comodo hab ich direkt mal deinstalliert
na ich bin regelrecht beruhigt, dass es nicht an meinem laptop liegt, dass die beiden Programme nicht funktionieren^^

Alt 27.10.2008, 16:09   #25
Silent sharK
 
Trojaner.LowZones - Standard

Trojaner.LowZones


War ja nicht deine Schuld, das nichts ging.

Findet MBAM noch etwas?
__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.

Alt 27.10.2008, 16:11   #26
Scara
 
Trojaner.LowZones - Standard

Trojaner.LowZones


ich kann MBAM nochmal drüberlaufen lassen, das wird allerdings wieder 1,5 std dauern..und defender zickt gelegentlich noch wegen trojan.vundo rum

Alt 27.10.2008, 16:17   #27
Silent sharK
 
Trojaner.LowZones - Standard

Trojaner.LowZones


Dieses Programm dürfte nicht schaden:

SUPERAntiSpyware:
  • Lade dir SUPERAntiSpyware und installiere es
  • Folge den Anweisungen und poste das entstandene Logfile

Kannst du noch ein frisches HijackThis Logfile posten?
__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.

Alt 27.10.2008, 16:19   #28
Scara
 
Trojaner.LowZones - Standard

Trojaner.LowZones


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:01, on 27.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\Windows\explorer.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C5342A05-B31C-4ACF-BCD7-323639F8955D} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Messenger Service] service.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnlKEwx.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: On Screen Display.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EE01584-06CF-402C-A5D4-0A941CF88137}: NameServer = 192.168.2.1
O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 6645 bytes



das andere Programm lad ich mal eben fix

Alt 27.10.2008, 16:25   #29
Silent sharK
 
Trojaner.LowZones - Standard

Trojaner.LowZones


Da ist noch was Böses:

Start => Systemsteuerung => Programme Deinstallieren => Ask Toolbar deinstallieren.

Mit HijackThis fixen:
  • Öffne HijackThis
  • Klicke auf "do a system scan only"
  • Setze ein Häkchen bei:
  • Code:
    ATTFilter
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnlKEwx.dll,#1
O2 - BHO: (no name) - {C5342A05-B31C-4ACF-BCD7-323639F8955D} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
  • Klicke auf "fix checked"
  • Starte den Rechner neu
    • __________________
    mfg, Patrick


    Technische Kompromittierung
    => Tatort Internet
    Keine Windows-CD? Selbst brennen.

    Alt 27.10.2008, 17:35   #30
    Scara
     
    Trojaner.LowZones - Standard

    Trojaner.LowZones


    Hier das Ergebnis von SUPERAntiSpyware:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/27/2008 at 05:30 PM

    Application Version : 4.21.1004

    Core Rules Database Version : 3609
    Trace Rules Database Version: 1595

    Scan type : Complete Scan
    Total Scan Time : 01:02:01

    Memory items scanned : 559
    Memory threats detected : 1
    Registry items scanned : 5096
    Registry threats detected : 5
    File items scanned : 99759
    File threats detected : 1

    Trojan.Vundo-Variant/Small-GEN
    C:\WINDOWS\SYSTEM32\OPNLKEWX.DLL
    C:\WINDOWS\SYSTEM32\OPNLKEWX.DLL

    Trojan.Vundo-Variant/NextGen
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{99C158B9-FA74-4E49-971E-708F37B235D7}
    HKCR\CLSID\{99C158B9-FA74-4E49-971E-708F37B235D7}
    HKCR\CLSID\{99C158B9-FA74-4E49-971E-708F37B235D7}\InprocServer32
    HKCR\CLSID\{99C158B9-FA74-4E49-971E-708F37B235D7}\InprocServer32#ThreadingModel

    Adware.Vundo Variant/Rel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Windows\system32\opnlKEwx.dl

    Antwort
    Seite 2 von 3 1 2 3

    Themen zu Trojaner.LowZones
    antivirus, ask toolbar, avast, avast!, bho, defender, dll, entfernen, explorer, firewall, hijack, hijackthis, internet, internet explorer, monitor, opera, registry, rundll, scan, security, security scan, software, spyware, system, tuneup.defrag, urlsearchhook, viren, vista, windows, windows defender, windows sidebar, wmp


    « Trojaner TR/Dropper.Gen entfernen | Rotes Kreuz - PC Infected... »


    Ähnliche Themen: Trojaner.LowZones


    1. TR/Lowzones.SG
      Mülltonne - 03.06.2008 (0)
    2. Trojan.LowZones
      Log-Analyse und Auswertung - 19.08.2006 (1)
    3. TR/WinREG.LowZones.F.2
      Log-Analyse und Auswertung - 29.06.2006 (6)
    4. TR/LowZones.AL
      Plagegeister aller Art und deren Bekämpfung - 08.09.2005 (6)
    5. TR/LowZones.FA
      Plagegeister aller Art und deren Bekämpfung - 31.08.2005 (4)
    6. Bitte Helfen! Lowzones A und Lowzones K 7 !
      Log-Analyse und Auswertung - 10.07.2005 (2)
    7. Lowzones .A und Lowzones K 7 Bitte helfen!
      Log-Analyse und Auswertung - 09.07.2005 (1)
    8. TR/LowZones.P.71
      Plagegeister aller Art und deren Bekämpfung - 09.07.2005 (1)
    9. Hiiiilfeeeee....TR / Lowzones.A
      Plagegeister aller Art und deren Bekämpfung - 22.05.2005 (1)
    10. TR/Lowzones.AP
      Plagegeister aller Art und deren Bekämpfung - 05.05.2005 (8)
    11. LowZones.reg
      Plagegeister aller Art und deren Bekämpfung - 05.04.2005 (1)
    12. lowzones trojaner
      Log-Analyse und Auswertung - 14.03.2005 (2)
    13. Trojaner TR/LowZones.ak
      Plagegeister aller Art und deren Bekämpfung - 28.02.2005 (1)
    14. TR/LowZones.Q ???
      Plagegeister aller Art und deren Bekämpfung - 18.02.2005 (1)
    15. TR/LowZones.D
      Plagegeister aller Art und deren Bekämpfung - 12.12.2004 (1)
    16. TR/LowZones.B
      Log-Analyse und Auswertung - 08.12.2004 (6)
    17. lowzones.a virus
      Log-Analyse und Auswertung - 27.11.2004 (1)
    Anleitungen und Tipps

    - Für alle Hilfesuchenden! Was beachten?

    - Anleitung: MyStartSearch.com entfernen

    - Anleitung: WebSearches löschen

    - Hilfe: iStartSurf entfernen – so gehts!

    - Anleitung: Omiga Plus richtig entfernen

    - Browser Viren entfernen


    Zum Thema Trojaner.LowZones - Hm, und das ist im Safe Mode dasselbe? Naja, legen wir das mal beiseite. Ein Rootkitscan kann evtl. auch Aufklärung bringen: Blacklight scannen lassen Lade F-Secure Blacklight runter in einen - Trojaner.LowZones...
    Archiv
    Du betrachtest: Trojaner.LowZones auf Trojaner-Board

    Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131