| |
| |||||||
Log-Analyse und Auswertung: email-acc mit 12-stelligem Pw gehackt - keylogger?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.08.2009, 22:41
| #1 |
| |  email-acc mit 12-stelligem Pw gehackt - keylogger? Hallo Forengemeinde! Diesmal lese ich mich nicht nur durch dieses Board, sondern diesmal scheint es meinen Cousin erwischt zu haben! Vor zwei Tagen wurde wohl sein email-Account bei web.de geknackt und er hatte keine andere Wahl mehr als diesen sperren zu lassen. Als ihm ein neuer Acc zugeteilt wurde, wollte er auf Nummer sicher gehen und hat ein 12-stelliges Passwort vergeben (NEIN, nicht "ichliebedich"). Heute war es ihm wieder nicht mehr möglich auf sein Konto zu zugreifen. Daher befürchte ich fast, er hat sich "irgendwie" einen Keylogger eingefangen.  Da ich auch nicht bei ihm vor Ort bin, wird das ganze nun per Fernwartung versucht; daher habe ich bisher auch nichts anderes als seine Infos und das nachfolgende LogFile. Ich möchte die Spezialisten unter euch trotzdem bitten mal über das nachfolgende Logfile zu lesen. Vielen Dank im Voraus! Ach ja, die einzig mir auffällige Datei über die nicht einmal google etwas weiß ist die "imepo3d.dll". Vielleicht ein Hinweis?! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:57:10, on 17.08.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\vVX1000.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe C:\Programme\Teamspeak2_RC2\TeamSpeak.exe C:\Programme\ICQ6.5\ICQ.exe C:\Programme\Anti-keylogger\akl_svc.exe C:\Programme\Anti-keylogger\Anti-keylogger.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare\BearShareIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Anti-keylogger] C:\Programme\Anti-keylogger\Anti-keylogger.exe /autorun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O21 - SSODL: Pnpadcrt - {5D9F1164-9292-4803-8696-20761DEFB39F} - C:\WINDOWS\system32\imepo3d.dll O23 - Service: Anti-keylogger Service (akl_svc) - Unknown owner - C:\Programme\Anti-keylogger\akl_svc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6944 bytes |
|
17.08.2009, 22:50
| #2 |
  | email-acc mit 12-stelligem Pw gehackt - keylogger? Hallo und
__________________ 1.) Starte HJT => Do a system scan only => Markiere: Code:
ATTFilter O21 - SSODL: Pnpadcrt - {5D9F1164-9292-4803-8696-20761DEFB39F} - C:\WINDOWS\system32\imepo3d.dll
2.) Lade die Datei Code:
ATTFilter C:\WINDOWS\system32\imepo3d.dll
Markiere den Text in der Box, kopiere ihn und füge ihn im Uploadchannel in der ersten weißen Box ein. 3.) Deinstalliere das Bearshare-Gelumpe. 4.) Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab. ciao, andreas
__________________ |
|
20.08.2009, 16:30
| #3 |
| | email-acc mit 12-stelligem Pw gehackt - keylogger? Hallo Andreas!
__________________Erstmal vielen Dank für die erste-Schritte-Anleitung. Leider wurde die "verdächtige" Datei durch das fixen mit HJT durch selbiges gelöscht, so dass ein upload nun nicht mehr möglich ist. Die Logs der weiteren Programme und ein erneutes, aktualisiertes HJT-Log anbei. Gibt es noch andere Wege einen Keylogger ausfindig zu machen? Im Voraus wieder mal  Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2551 Windows 5.1.2600 Service Pack 2 19.08.2009 00:21:46 mbam-log-2009-08-19 (00-21-46).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 183262 Laufzeit: 1 hour(s), 1 minute(s), 3 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:29:07, on 19.08.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Anti-keylogger\akl_svc.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\vVX1000.exe C:\Programme\Anti-keylogger\Anti-keylogger.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Anti-keylogger] C:\Programme\Anti-keylogger\Anti-keylogger.exe /autorun O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Anti-keylogger Service (akl_svc) - Unknown owner - C:\Programme\Anti-keylogger\akl_svc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6757 bytes |
|
20.08.2009, 16:32
| #4 |
| | email-acc mit 12-stelligem Pw gehackt - keylogger? Und den noch: Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2009-08-19 00:24:11 Microsoft Windows XP Professional Service Pack 2 System drive C: has 3 GB (4%) free of 78 GB Total RAM: 1023 MB (59% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:24:15, on 19.08.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Anti-keylogger\akl_svc.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\vVX1000.exe C:\Programme\Anti-keylogger\Anti-keylogger.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Anti-keylogger] C:\Programme\Anti-keylogger\Anti-keylogger.exe /autorun O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Anti-keylogger Service (akl_svc) - Unknown owner - C:\Programme\Anti-keylogger\akl_svc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6781 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] HelperObject Class - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll [2004-10-01 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll [2004-10-01 131072] {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll [2009-05-04 529848] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776] "nwiz"=nwiz.exe /install [] "ISUSPM Startup"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856] "ISUSScheduler"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-08-11 81920] "avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-08-01 266497] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-01-05 180269] "SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "VX1000"=C:\WINDOWS\vVX1000.exe [2007-04-10 709992] "LifeCam"=C:\Programme\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912] "Anti-keylogger"=C:\Programme\Anti-keylogger\Anti-keylogger.exe [2009-04-21 395776] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-11-11 15360] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2008-02-01 21898024] "MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe [2006-10-24 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Metin2_Germany\metin2.bin"="C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2" "C:\Programme\Steam\SteamApps\ng_tank\counter-strike source\hl2.exe"="C:\Programme\Steam\SteamApps\ng_tank\counter-strike source\hl2.exe:*  isabled:hl2""C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen" "C:\Programme\Sierra Entertainment\TimeShift\bin\TimeShift.Exe"="C:\Programme\Sierra Entertainment\TimeShift\bin\TimeShift.Exe:*:Enabled:TimeShift" "C:\Programme\Steam\SteamApps\ng_tank\counter-strike\hl.exe"="C:\Programme\Steam\SteamApps\ng_tank\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "C:\Programme\Metin2.us\metin2.bin"="C:\Programme\Metin2.us\metin2.bin:*:Enabled:metin2" "C:\Programme\Microsoft LifeCam\LifeExp.exe"="C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\TravianManager\TravianManager-Client.exe"="C:\Programme\TravianManager\TravianManager-Client.exe:*:Enabled:TravianManager" "C:\Programme\Microsoft LifeCam\LifeCam.exe"="C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\3DO\Army Men RTS\amrts.exe"="C:\Programme\3DO\Army Men RTS\amrts.exe:*:Enabled:Army Men RTS" "C:\Programme\Steam\SteamApps\ng_tank\half-life 2 deathmatch\hl2.exe"="C:\Programme\Steam\SteamApps\ng_tank\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2" "C:\Programme\BearShare Applications\BearShare\BearShare.exe"="C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2009-08-19 00:24:11 ----D---- C:\rsit 2009-08-18 23:18:46 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes 2009-08-18 23:18:39 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-08-18 23:18:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-18 23:07:05 ----D---- C:\Programme\CCleaner 2009-08-17 21:21:35 ----D---- C:\Programme\Anti-keylogger 2009-08-13 03:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-13 03:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-13 03:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-13 03:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-13 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-08-13 03:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-13 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-13 03:03:19 ----D---- C:\WINDOWS\ServicePackFiles 2009-08-13 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2009-08-13 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-13 03:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$ 2009-08-08 16:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-08 16:54:18 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$ 2009-08-07 03:09:12 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-07 03:08:47 ----D---- C:\Programme\MSBuild 2009-08-07 03:08:38 ----D---- C:\WINDOWS\system32\en-US 2009-08-07 03:07:49 ----D---- C:\Programme\Reference Assemblies 2009-08-07 03:06:43 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-07 03:06:42 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-07 03:06:42 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-07 03:01:28 ----HDC---- C:\WINDOWS\$NtUninstallWIC$ 2009-08-07 03:01:21 ----D---- C:\Programme\MSXML 6.0 2009-08-01 01:01:25 ----D---- C:\Programme\BearShare Applications 2009-07-30 06:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$ ======List of files/folders modified in the last 1 months====== 2009-08-19 00:23:08 ----D---- C:\WINDOWS\Prefetch 2009-08-18 23:18:42 ----D---- C:\WINDOWS\system32\drivers 2009-08-18 23:18:39 ----RD---- C:\Programme 2009-08-18 23:15:41 ----D---- C:\Programme\Mozilla Firefox 2009-08-18 23:12:04 ----D---- C:\WINDOWS\Temp 2009-08-18 23:12:04 ----D---- C:\WINDOWS\Minidump 2009-08-18 23:12:04 ----D---- C:\WINDOWS\Debug 2009-08-18 23:12:04 ----D---- C:\WINDOWS 2009-08-18 23:00:06 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype 2009-08-18 22:59:24 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-18 22:58:12 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-08-18 12:16:29 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM 2009-08-17 23:14:36 ----D---- C:\Programme\Metin2_Germany 2009-08-17 21:21:40 ----SHD---- C:\WINDOWS\Installer 2009-08-17 21:21:40 ----SHD---- C:\Config.Msi 2009-08-17 18:14:14 ----D---- C:\Programme\Steam 2009-08-16 16:16:15 ----HD---- C:\WINDOWS\inf 2009-08-13 14:57:25 ----D---- C:\WINDOWS\system32\Setup 2009-08-13 14:57:25 ----D---- C:\WINDOWS\system32 2009-08-13 03:04:55 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-13 03:04:24 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-13 03:03:49 ----D---- C:\Programme\Outlook Express 2009-08-08 16:57:12 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-07 04:30:40 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-07 04:30:39 ----RSD---- C:\WINDOWS\assembly 2009-08-07 03:16:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-07 03:16:04 ----D---- C:\WINDOWS\WinSxS 2009-08-07 03:08:32 ----RSD---- C:\WINDOWS\Fonts 2009-08-07 03:07:02 ----D---- C:\WINDOWS\system32\spool 2009-08-05 11:05:18 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-30 06:22:02 ----D---- C:\Programme\Internet Explorer 2009-07-22 23:30:34 ----SHD---- C:\WINDOWS\CSC 2009-07-21 17:17:36 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\teamspeak2 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-28 75096] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-11-11 40192] R1 krnl_akl;Anti-keylogger Kernel Service; \??\C:\WINDOWS\system32\drivers\krnl_akl.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2008-04-22 21248] R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R2 TVicHW32;TVicHW32; C:\WINDOWS\system32\drivers\TVicHW32.sys [2006-10-13 29536] R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-11-11 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184] R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-11-11 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-11-11 14848] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-11-11 31616] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 akl_svc;Anti-keylogger Service; C:\Programme\Anti-keylogger\akl_svc.exe [2009-04-21 59904] R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-11-11 14336] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 MSCamSvc;MSCamSvc; C:\Programme\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716] R2 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-10 3436536] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-11-11 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] -----------------EOF-----------------  |
|
20.08.2009, 16:42
| #5 | ||
| | email-acc mit 12-stelligem Pw gehackt - keylogger? Es fehlt noch die info.txt von RSIT. Start => Ausführen => c:\rsit\info.txt => OK Zitat:
Zitat:
ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer.  Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
20.08.2009, 20:36
| #6 |
| | email-acc mit 12-stelligem Pw gehackt - keylogger? Hier die Info.txt von RSIT - nächstes Log folgt... info.txt logfile of random's system information tool 1.06 2009-08-19 00:24:18 ======Uninstall list====== -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AbAlarm-->"C:\Programme\AbAlarm\unins000.exe" Acoolsoft PPT2YouTube 1.5.0.11 Trial-->"C:\Programme\Acoolsoft\PPT2YouTube\unins000.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001} Anti-keylogger-->MsiExec.exe /I{B8D1E182-53D7-491B-805E-007846100813} Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Black & White® 2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x7 -removeonly CABAL Online-->"C:\Programme\Games-Masters.com\CABAL Online (Europe)\unins000.exe" CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5} DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" HyperCam 2-->C:\Programme\HyCam2\UnHyCam2.exe ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" MediaBar 2.0-->C:\Programme\BearShare Applications\BearShare MediaBar\Uninstall.exe Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft LifeCam-->MsiExec.exe /X{726DBFE3-BE2B-4FFA-9787-D6495765CFD2} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Mozilla Firefox (2.0.0.20)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE} RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x7 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SnagIt 7-->C:\Programme\TechSmith\SnagIt 7\SIUNINST.EXE Sony Ericsson PC Suite-->MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797} Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Stronghold Crusader-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe TimeShift-->C:\Programme\InstallShield Installation Information\{1367FA2F-2B3D-430F-872F-588B93420BFC}\setup.exe -runfromtemp -l0x0009 -removeonly TVicHW32 Version 1.0-->"C:\Programme\GIGABYTE\TVicHW32\unins000.exe" Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VGA Utility-->MsiExec.exe /I{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39} VideoLAN VLC media player 0.8.6d-->C:\Programme\VideoLAN\VLC\uninstall.exe Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220} Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP-Hotfix - KB885523-->C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe WinRAR-->C:\Programme\WinRAR\uninstall.exe =====HijackThis Backups===== O21 - SSODL: Pnpadcrt - {5D9F1164-9292-4803-8696-20761DEFB39F} - C:\WINDOWS\system32\imepo3d.dll [2009-08-18] ======Security center information====== AV: Avira AntiVir PersonalEdition ======System event log====== Computer Name: WINDOWSPC Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free. Record Number: 16166 Source Name: EventLog Time Written: 20090512064432.000000+120 Event Type: Informationen User: Computer Name: WINDOWSPC Event Code: 6006 Message: Der Ereignisprotokolldienst wurde beendet. Record Number: 16165 Source Name: EventLog Time Written: 20090512011803.000000+120 Event Type: Informationen User: Computer Name: WINDOWSPC Event Code: 7036 Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Beendet". Record Number: 16164 Source Name: Service Control Manager Time Written: 20090512011616.000000+120 Event Type: Informationen User: Computer Name: WINDOWSPC Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet. Record Number: 16163 Source Name: Service Control Manager Time Written: 20090512011615.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: WINDOWSPC Event Code: 7036 Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt". Record Number: 16162 Source Name: Service Control Manager Time Written: 20090512011615.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: WINDOWSPC Event Code: 1007 Message: Der Endbenutzer-Lizenzvertrag wurde zuvor abgelehnt. Record Number: 3288 Source Name: WgaSetup Time Written: 20090805062810.000000+120 Event Type: Informationen User: Computer Name: WINDOWSPC Event Code: 1003 Message: Setup fehlgeschlagen. Code = 0x800704c7, Fehler = Der Vorgang wurde durch den Benutzer abgebrochen. Record Number: 3287 Source Name: WgaSetup Time Written: 20090805062810.000000+120 Event Type: Informationen User: Computer Name: WINDOWSPC Event Code: 1005 Message: Der Benutzer hat den Endbenutzer-Lizenzvertrag abgelehnt. Record Number: 3286 Source Name: WgaSetup Time Written: 20090805062810.000000+120 Event Type: Informationen User: Computer Name: WINDOWSPC Event Code: 1004 Message: Der Benutzer hat den Endbenutzer-Lizenzvertrag akzeptiert. Record Number: 3285 Source Name: WgaSetup Time Written: 20090805062740.000000+120 Event Type: Informationen User: Computer Name: WINDOWSPC Event Code: 1002 Message: Starting interactive setup. Record Number: 3284 Source Name: WgaSetup Time Written: 20090805062739.000000+120 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel "PROCESSOR_REVISION"=0605 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- |
|
21.08.2009, 11:35
| #7 |
| | email-acc mit 12-stelligem Pw gehackt - keylogger? So, zu guter letzt auch noch dieses Log: GMER 1.0.15.15077 [8eor5gfg.exe] - http://www.gmer.net Rootkit scan 2009-08-21 00:23:32 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT F7ED6DFC ZwCreateThread SSDT F7ED6DE8 ZwOpenProcess SSDT F7ED6DED ZwOpenThread SSDT 8656F7F0 ZwProtectVirtualMemory SSDT 86516818 ZwRequestWaitReplyPort SSDT 866BE5C8 ZwTerminateProcess SSDT F7ED6DF2 ZwWriteVirtualMemory Code 85DE4B54 ZwCreateKey Code 8646AA54 ZwOpenKey Code 85DDEDC3 ExAcquireResourceExclusiveLite Code 85DBB0DB MmMapViewOfSection ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ExAcquireResourceExclusiveLite 804DA3A4 5 Bytes JMP 85DDEDC8 .text ntoskrnl.exe!ZwYieldExecution + 25E 804E4A98 4 Bytes CALL 9346380A PAGE ntoskrnl.exe!ZwOpenKey 80571CB4 5 Bytes JMP 8646AA58 PAGE ntoskrnl.exe!ZwCreateKey 8057722F 5 Bytes JMP 85DE4B58 PAGE ntoskrnl.exe!MmMapViewOfSection 8057E302 5 Bytes JMP 85DBB0E0 .text win32k.sys!EngStretchBltROP + 95FB BF8B9C9B 5 Bytes JMP 86322978 ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00372798 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00372848 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003722C8 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00372168 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00372008 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00372218 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003720B8 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00372428 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00372588 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00372638 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00372378 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00371F58 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003726E8 .text C:\Programme\Microsoft LifeCam\MSCamS32.exe[136] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003724D8 .text C:\WINDOWS\system32\nvsvc32.exe[188] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00362798 .text C:\WINDOWS\system32\nvsvc32.exe[188] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00362848 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003622C8 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00362168 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00362008 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00362218 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003620B8 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00362428 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00362588 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00362638 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00362378 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00361F58 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003626E8 .text C:\WINDOWS\system32\nvsvc32.exe[188] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003624D8 .text C:\WINDOWS\system32\svchost.exe[264] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 003F2798 .text C:\WINDOWS\system32\svchost.exe[264] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 003F2848 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003F22C8 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 003F2168 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 003F2008 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003F2218 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003F20B8 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003F2428 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003F2588 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 003F2638 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003F2378 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 003F1F58 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003F26E8 .text C:\WINDOWS\system32\svchost.exe[264] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003F24D8 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002A2798 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002A2848 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002A22C8 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002A2168 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!GetWindowTextW 77D1C9FD 3 Bytes JMP 002A2008 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!GetWindowTextW + 4 77D1CA01 3 Bytes [88, 90, 90] .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002A2218 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002A20B8 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002A2428 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002A2588 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002A2638 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002A2378 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002A1F58 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002A26E8 .text C:\Programme\Windows Media Player\WMPNetwk.exe[548] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002A24D8 .text C:\WINDOWS\System32\alg.exe[728] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002B2798 .text C:\WINDOWS\System32\alg.exe[728] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002B2848 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002B22C8 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002B2168 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002B2008 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002B2218 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002B20B8 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002B2428 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002B2588 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002B2638 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002B2378 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002B1F58 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002B26E8 .text C:\WINDOWS\System32\alg.exe[728] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002B24D8 -------------------------------------------------------------------------- Ende Teil 1 |
|
21.08.2009, 11:36
| #8 |
| | email-acc mit 12-stelligem Pw gehackt - keylogger? .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 003F2798 .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 003F2848 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003F22C8 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 003F2168 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 003F2008 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003F2218 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003F20B8 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003F2428 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003F2588 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 003F2638 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003F2378 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 003F1F58 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003F26E8 .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003F24D8 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 003F2798 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 003F2848 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003F22C8 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 003F2168 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 003F2008 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003F2218 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003F20B8 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003F2428 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003F2588 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 003F2638 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003F2378 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 003F1F58 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003F26E8 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003F24D8 .text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 003F2798 .text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 003F2848 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003F22C8 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 003F2168 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 003F2008 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003F2218 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003F20B8 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003F2428 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003F2588 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 003F2638 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003F2378 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 003F1F58 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003F26E8 .text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003F24D8 .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 003F2798 .text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 003F2848 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003F22C8 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 003F2168 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 003F2008 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003F2218 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003F20B8 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003F2428 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003F2588 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 003F2638 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003F2378 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 003F1F58 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003F26E8 .text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003F24D8 .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 003F2798 .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 003F2848 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003F22C8 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 003F2168 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 003F2008 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003F2218 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003F20B8 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003F2428 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003F2588 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 003F2638 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003F2378 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 003F1F58 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003F26E8 .text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003F24D8 .text C:\WINDOWS\system32\spoolsv.exe[1512] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002B2798 .text C:\WINDOWS\system32\spoolsv.exe[1512] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002B2848 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002B22C8 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002B2168 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002B2008 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002B2218 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002B20B8 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002B2428 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002B2588 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002B2638 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002B2378 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002B1F58 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002B26E8 .text C:\WINDOWS\system32\spoolsv.exe[1512] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002B24D8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00362798 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00362848 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003622C8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00362168 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00362008 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00362218 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003620B8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00362428 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00362588 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00362638 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00362378 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00361F58 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003626E8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1568] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003624D8 .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 003F2798 .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 003F2848 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003F22C8 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 003F2168 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 003F2008 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003F2218 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003F20B8 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003F2428 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003F2588 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 003F2638 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003F2378 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 003F1F58 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003F26E8 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003F24D8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00362798 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00362848 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003622C8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00362168 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00362008 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00362218 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003620B8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00362428 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00362588 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00362638 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00362378 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00361F58 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003626E8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1824] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003624D8 .text C:\WINDOWS\System32\svchost.exe[1896] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 003F2798 .text C:\WINDOWS\System32\svchost.exe[1896] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 003F2848 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003F22C8 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 003F2168 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 003F2008 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003F2218 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003F20B8 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003F2428 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003F2588 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 003F2638 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003F2378 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 003F1F58 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003F26E8 .text C:\WINDOWS\System32\svchost.exe[1896] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003F24D8 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00362798 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00362848 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003622C8 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00362168 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00362008 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00362218 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003620B8 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00362428 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00362588 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00362638 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00362378 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00361F58 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003626E8 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[1988] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003624D8 ------------------------------------------ Ende Teil 2 |
|
21.08.2009, 11:38
| #9 |
| | email-acc mit 12-stelligem Pw gehackt - keylogger? .text C:\WINDOWS\Explorer.EXE[2072] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002B2798 .text C:\WINDOWS\Explorer.EXE[2072] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002B2848 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002B22C8 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002B2168 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002B2008 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002B2218 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002B20B8 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002B2428 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002B2588 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002B2638 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002B2378 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002B1F58 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002B26E8 .text C:\WINDOWS\Explorer.EXE[2072] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002B24D8 .text C:\WINDOWS\system32\wuauclt.exe[2120] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002C2798 .text C:\WINDOWS\system32\wuauclt.exe[2120] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002C2848 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002C22C8 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002C2168 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002C2008 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002C2218 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002C20B8 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002C2428 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002C2588 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002C2638 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002C2378 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002C1F58 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002C26E8 .text C:\WINDOWS\system32\wuauclt.exe[2120] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002C24D8 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00AA2798 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00AA2848 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 00AA22C8 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00AA2168 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00AA2008 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00AA2218 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 00AA20B8 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00AA2428 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00AA2588 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00AA2638 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00AA2378 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00AA1F58 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!keybd_event 77D66365 5 Bytes JMP 00AA26E8 .text C:\Dokumente und Einstellungen\Administrator\Desktop\8eor5gfg.exe[2156] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 00AA24D8 .text C:\WINDOWS\RTHDCPL.EXE[2232] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00362798 .text C:\WINDOWS\RTHDCPL.EXE[2232] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00362848 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003622C8 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00362168 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00362008 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00362218 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003620B8 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00362428 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00362588 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00362638 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00362378 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00361F58 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003626E8 .text C:\WINDOWS\RTHDCPL.EXE[2232] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003624D8 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00362798 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00362848 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003622C8 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00362168 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00362008 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00362218 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003620B8 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00362428 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00362588 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00362638 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00362378 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00361F58 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003626E8 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[2316] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003624D8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 003C2798 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 003C2848 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003C22C8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 003C2168 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 003C2008 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 003C2218 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003C20B8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 003C2428 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 003C2588 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 003C2638 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 003C2378 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 003C1F58 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003C26E8 .text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2332] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003C24D8 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00372798 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00372848 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003722C8 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00372168 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00372008 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00372218 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003720B8 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00372428 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00372588 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00372638 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00372378 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00371F58 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003726E8 .text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2348] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003724D8 -------------------------------------------------------------------------- Ende Teil 3 |
|
21.08.2009, 11:39
| #10 |
| | email-acc mit 12-stelligem Pw gehackt - keylogger? .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00372798 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00372848 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003722C8 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00372168 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00372008 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00372218 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003720B8 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00372428 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00372588 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00372638 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00372378 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00371F58 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003726E8 .text C:\Programme\Java\jre1.6.0_07\bin\jusched.exe[2372] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003724D8 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002B2798 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002B2848 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002B22C8 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002B2168 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002B2008 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002B2218 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002B20B8 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002B2428 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002B2588 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002B2638 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002B2378 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002B1F58 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002B26E8 .text C:\WINDOWS\system32\RUNDLL32.EXE[2408] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002B24D8 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00372798 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00372848 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003722C8 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00372168 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00372008 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00372218 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003720B8 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00372428 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00372588 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00372638 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00372378 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00371F58 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003726E8 .text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[2428] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003724D8 .text C:\WINDOWS\vVX1000.exe[2456] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00372798 .text C:\WINDOWS\vVX1000.exe[2456] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00372848 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003722C8 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00372168 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00372008 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00372218 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003720B8 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00372428 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00372588 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00372638 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00372378 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00371F58 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003726E8 .text C:\WINDOWS\vVX1000.exe[2456] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003724D8 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00372798 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00372848 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 003722C8 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 00372168 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 00372008 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 00372218 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 003720B8 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 00372428 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 00372588 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 00372638 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 00372378 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 00371F58 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!keybd_event 77D66365 5 Bytes JMP 003726E8 .text C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 003724D8 .text C:\WINDOWS\system32\ctfmon.exe[2644] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002C2798 .text C:\WINDOWS\system32\ctfmon.exe[2644] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002C2848 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002C22C8 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002C2168 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002C2008 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002C2218 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002C20B8 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002C2428 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002C2588 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002C2638 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002C2378 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002C1F58 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002C26E8 .text C:\WINDOWS\system32\ctfmon.exe[2644] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002C24D8 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002B2798 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002B2848 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002B22C8 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002B2168 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002B2008 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002B2218 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002B20B8 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002B2428 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002B2588 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002B2638 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002B2378 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002B1F58 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002B26E8 .text C:\Programme\Windows Media Player\WMPNSCFG.exe[2720] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002B24D8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002B2798 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002B2848 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002B22C8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002B2168 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002B2008 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002B2218 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002B20B8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002B2428 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002B2588 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002B2638 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002B2378 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002B1F58 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002B26E8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3448] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002B24D8 .text C:\WINDOWS\system32\wscntfy.exe[3636] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002B2798 .text C:\WINDOWS\system32\wscntfy.exe[3636] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002B2848 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002B22C8 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002B2168 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002B2008 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002B2218 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002B20B8 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002B2428 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002B2588 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002B2638 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002B2378 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002B1F58 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002B26E8 .text C:\WINDOWS\system32\wscntfy.exe[3636] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002B24D8 .text C:\WINDOWS\system32\wuauclt.exe[3944] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 002C2798 .text C:\WINDOWS\system32\wuauclt.exe[3944] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 002C2848 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!SendMessageW 77D1B762 5 Bytes JMP 002C22C8 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!CallWindowProcW 77D1C019 5 Bytes JMP 002C2168 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!GetWindowTextW 77D1C9FD 7 Bytes JMP 002C2008 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!SendMessageA 77D1E2AE 5 Bytes JMP 002C2218 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!CallWindowProcA 77D1E34B 5 Bytes JMP 002C20B8 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!SendMessageTimeoutW 77D1E71C 5 Bytes JMP 002C2428 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!SendMessageCallbackW 77D1EA4B 5 Bytes JMP 002C2588 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!GetKeyboardState 77D1EF35 5 Bytes JMP 002C2638 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!SendMessageTimeoutA 77D1FF21 5 Bytes JMP 002C2378 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!GetWindowTextA 77D3F82E 7 Bytes JMP 002C1F58 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!keybd_event 77D66365 5 Bytes JMP 002C26E8 .text C:\WINDOWS\system32\wuauclt.exe[3944] USER32.dll!SendMessageCallbackA 77D6ACD1 5 Bytes JMP 002C24D8 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Anti-keylogger\Anti-keylogger.exe[2552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] [00429A40] C:\Programme\Anti-keylogger\Anti-keylogger.exe ---- EOF - GMER 1.0.15 ---- -------------------------------------------------------------------------- FINE |
|
21.08.2009, 15:58
| #11 |
| | email-acc mit 12-stelligem Pw gehackt - keylogger? Gmer-Log ist sauber. Gmer kann gelöscht werden. Kontrolliere bitte, ob sich die Datei imepo3d.dll im Ordner Code:
ATTFilter C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis\backups
Falls ja, dann bitte hochladen. 1.) Deinstalliere:
Code:
ATTFilter Alle R0, R1, R3, O2, O3, O8, O9 und O16-Einträge
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
| Themen zu email-acc mit 12-stelligem Pw gehackt - keylogger? |
| administrator, adobe, antivir, avira, bho, desktop, einstellungen, excel, explorer, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, mozilla, nvidia, programme, rundll, skype.exe, software, system, teamspeak, web.de, windows, windows xp, wmp |
Linear-Darstellung
