| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hostsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.09.2009, 13:57
| #1 |
| |  TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts Hey, Da ich sogut wie keine Ahnung habe brauche ich Hilfe und wäre für diese auch sehr dankbar. Beim chatten in MSN ist wohl, wie ich nachher Erfahren habe, an alle Personen in meiner Kontaktliste und natürlich an mir ein download-Link geschickt worden. Seit ich ihn angeklickt habe, bekomme ich alle 5 Sekunden eine AntiVir-Achtung Fund Meldung in C:\WINDOWS\system32\drivers\etc\hosts Ist das Trojanische Pferd TR/AntiHosts.Gen Ich habe direkt einen Freund kontaktiert der versucht hat den Virus manuell zu löschen. Dies funktioniert aber nicht da er sich immer wieder neu erstellt ... Wir/Er hat ein paar Sachen ausprobiert und hin und her gegoogelt, haben das Problem auch nicht wegbekommen. Ich weiß, dass es nicht viele Infos sind die ich geben kan, wenn mir jemand aber erklärt was genau ihr wissen müsstet um mir helfen zu können füge ich dies später natürlich hinzu. MfG |
|
12.09.2009, 14:22
| #2 |
  | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts Hallo und
__________________ Hast du noch den Link auf den du geklickt hast oder kannst du ihn besorgen? Dann schicke ihn mir bitte als Private Nachricht. Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab. ciao, andreas
__________________ |
|
12.09.2009, 17:41
| #3 |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts Okey mit CCleaner und RSIT hatte ich keine Probleme, jedoch konnte ich Malwarebytes nach der installation nicht öffnen vom icon aus. Trotzdem poste ich mal die info.txt und log.txt:
__________________info.txt logfile of random's system information tool 1.06 2009-09-12 15:59:21 ======Uninstall list====== -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 50 FREE MP3s +1 Free Audiobook!-->"C:\Programme\Winamp\eMusic\Uninst-eMusic-promotion.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} ANNO 1602 Königs-Edition-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{077A7810-A937-4465-AD08-ACED9807995F}\SETUP.exe" -l0x7 Assassin's Creed-->C:\Programme\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly Avira AntiVir PersonalEdition Classic-->C:\Programme\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE biohazard 4-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}\install.exe" -l0x9 -removeonly Call of Juarez - Bound in Blood-->C:\Programme\InstallShield Installation Information\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\setup.exe -runfromtemp -l0x0407 CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Counter-Strike: Source v17-->C:\Programme\Counter-Strike Source\Uninstal.exe Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5} DAEMON Tools Toolbar-->C:\Programme\DAEMON Tools Toolbar\uninst.exe DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN FEAR SP Demo-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}\setup.exe" -l0x9 -removeonly Free YouTube Download 2.3-->"C:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe" GUILD WARS-->"C:\Programme\GUILD WARS\Gw.exe" -uninstall GuildWars Visions v1.08-->"C:\Programme\Visions\unins000.exe" GW Team Builder 1.2.1-->"C:\Programme\GW Team Builder\setup\unins000.exe" Hamachi 1.0.3.0-->C:\Programme\Hamachi\uninstall.exe High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly IDT Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -l0x7 -remove -removeonly Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD} kikin Plugin (JDownloader Edition) 1.11-->C:\Programme\kikin\uninst.exe Left 4 Dead Dedicated Server-->"C:\Programme\Steam\steam.exe" steam://uninstall/510 Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x7 UNINSTALL -removeonly Logitech SetPoint-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2000 Professional-->MsiExec.exe /I{00010407-78E1-11D2-B60F-006097C998E7} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.14)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} NCsoft Launcher-->C:\Programme\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0007 -removeonly neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS\System32\nvuninst.exe UninstallGUI OpenAL-->"C:\Programme\OpenAL\oalinst.exe" /U Portal-->"C:\Programme\Steam\steam.exe" steam://uninstall/400 Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SweetIM for Messenger 2.7-->MsiExec.exe /X{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE} SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF} TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2} TmNationsForever-->"C:\Programme\TmNationsForever\unins000.exe" Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Winamp Remote-->"C:\Programme\Winamp Remote\uninstall.exe" Winamp Toolbar for Firefox-->"C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Mozilla\Firefox\Profiles\306yrprx.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe" Winamp Toolbar for Internet Explorer-->"C:\Programme\Winamp Toolbar\uninstall.exe" Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19} Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR-->C:\Programme\WinRAR\uninstall.exe XMedia Recode 2.1.1.1-->C:\Programme\XMedia Recode\uninst.exe Hosts File Missing ======Security center information====== AV: Avira AntiVir PersonalEdition (outdated) ======System event log====== Computer Name: ALEX-PC Event Code: 14 Message: Unknown error on CMDre 00000000 00000080 00000000 00000002 00000000 Record Number: 11514 Source Name: nv Time Written: 20090830140326.000000+120 Event Type: Fehler User: Computer Name: ALEX-PC Event Code: 14 Message: Unknown error on CMDre 00000000 00000868 03000400 00000002 00000000 Record Number: 11513 Source Name: nv Time Written: 20090830140326.000000+120 Event Type: Fehler User: Computer Name: ALEX-PC Event Code: 14 Message: Unknown error on CMDre 00000000 00000080 00000000 00000002 00000000 Record Number: 11512 Source Name: nv Time Written: 20090830140322.000000+120 Event Type: Fehler User: Computer Name: ALEX-PC Event Code: 14 Message: Unknown error on CMDre 00000000 00000868 04000500 00000002 00000000 Record Number: 11511 Source Name: nv Time Written: 20090830140322.000000+120 Event Type: Fehler User: Computer Name: ALEX-PC Event Code: 14 Message: Unknown error on CMDre 00000000 00000080 00000000 00000002 00000000 Record Number: 11510 Source Name: nv Time Written: 20090830135733.000000+120 Event Type: Fehler User: =====Application event log===== Computer Name: ALEX-PC Event Code: 1000 Message: Fehlgeschlagene Anwendung winamp.exe, Version 5.5.4.2165, fehlgeschlagenes Modul ml_bookmarks.dll, Version 0.0.0.0, Fehleradresse 0x0000125d. Record Number: 1362 Source Name: Application Error Time Written: 20090718024452.000000+120 Event Type: Fehler User: Computer Name: ALEX-PC Event Code: 1000 Message: Fehlgeschlagene Anwendung aion.bin, Version 1.9.601.1289, fehlgeschlagenes Modul , Version 0.0.0.0, Fehleradresse 0x00000000. Record Number: 1361 Source Name: Application Error Time Written: 20090718024325.000000+120 Event Type: Fehler User: Computer Name: ALEX-PC Event Code: 4097 Message: Die Anwendung "C:\Programme\Winamp\winamp.exe" hat einen Programmfehler verursacht. Datum und Zeit des Fehlers: 17.07.2009 um 13:43:12.093 Ausnahme: c0000005 an Adresse 1370125D (ml_bookmarks) Record Number: 1360 Source Name: DrWatson Time Written: 20090717134312.000000+120 Event Type: Informationen User: Computer Name: ALEX-PC Event Code: 1000 Message: Fehlgeschlagene Anwendung winamp.exe, Version 5.5.4.2165, fehlgeschlagenes Modul ml_bookmarks.dll, Version 0.0.0.0, Fehleradresse 0x0000125d. Record Number: 1359 Source Name: Application Error Time Written: 20090717134310.000000+120 Event Type: Fehler User: Computer Name: ALEX-PC Event Code: 1000 Message: Fehlgeschlagene Anwendung winamp.exe, Version 5.5.4.2165, fehlgeschlagenes Modul ml_bookmarks.dll, Version 0.0.0.0, Fehleradresse 0x0000125d. Record Number: 1358 Source Name: Application Error Time Written: 20090717133841.000000+120 Event Type: Fehler User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4b02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- |
|
12.09.2009, 17:43
| #4 |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts und die log.txt Teil 1 da er zu lang für einen Post ist. Logfile of random's system information tool 1.06 (written by random/random) Run by Alexander at 2009-09-12 15:59:13 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 45 GB (29%) free of 153 GB Total RAM: 1791 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:59:20, on 12.09.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\IDT\WDM\sttray.exe C:\Programme\Winamp\winampa.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\vsnpstd3.exe C:\Programme\Steam\Steam.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\ICQ6.5\ICQ.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Java\jre6\bin\jucheck.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Dokumente und Einstellungen\Alexander\Desktop\RSIT.exe C:\Programme\trend micro\Alexander.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [Steam] "C:\Programme\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ICQ] ~"C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: bw+0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O24 - Desktop Component 0: (no name) - http://www.guitarwar.com/teams/1000151.gif -- End of file - 19747 bytes |
|
12.09.2009, 17:44
| #5 |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts Jetzt der zweite Teil: ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] Winamp Toolbar Loader - C:\Programme\Winamp Toolbar\winamptb.dll [2008-07-16 1266992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-16 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}] kikin Plugin - C:\Programme\kikin\ie_kikin.dll [2009-05-20 429800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-16 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetIM Toolbar Helper - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Programme\Winamp Toolbar\winamptb.dll [2008-07-16 1266992] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2007-08-31 249896] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-03-19 13508608] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-03-19 86016] "SysTrayApp"=C:\Programme\IDT\WDM\sttray.exe [2007-12-14 413696] "WinampAgent"=C:\Programme\Winamp\winampa.exe [2008-08-04 36352] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-05-10 94208] ""= [] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-16 148888] "SweetIM"=C:\Programme\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Orb"=C:\Programme\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904] "Steam"=C:\Programme\Steam\Steam.exe [2009-06-11 1217784] "LDM"=C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-05-14 32768] "DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-06-02 24264488] "PlayNC Launcher"= [] "msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] "ICQ"=~C:\Programme\ICQ6.5\ICQ.exe silent [] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Reader Speed Launch.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe Logitech Desktop Messenger.lnk - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\World of Warcraft\WoW-1.12.x-to-2.0.1-deDE-patch-downloader.exe"="C:\Programme\World of Warcraft\WoW-1.12.x-to-2.0.1-deDE-patch-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\World of Warcraft\WoW-2.4.2-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-2.4.2-deDE-downloader.exe:*:Enabled:Blizzard Downloader" "D:\WoW-BurningCrusade-deDE-Installer-downloader.exe"="D:\WoW-BurningCrusade-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Programme\World of Warcraft\Launcher.exe"="C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Programme\Steam\SteamApps\markis123\counter-strike source\hl2.exe"="C:\Programme\Steam\SteamApps\markis123\counter-strike source\hl2.exe:*:Enabled:hl2" "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*  isabled:Logitech Desktop Messenger""C:\Dokumente und Einstellungen\Alexander\Desktop\World of Warcraft\Launcher.exe"="C:\Dokumente und Einstellungen\Alexander\Desktop\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Metin2_Germany\metin2.bin"="C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2" "C:\Programme\TmNationsForever\TmForever.exe"="C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Dokumente und Einstellungen\Alexander\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Dokumente und Einstellungen\Alexander\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "C:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe"="C:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Steam\SteamApps\common\left 4 dead\srcds.exe"="C:\Programme\Steam\SteamApps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server" "C:\Programme\Warcraft III\Warcraft III.exe"="C:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III" "C:\Programme\Counter-Strike Source\hl2.exe"="C:\Programme\Counter-Strike Source\hl2.exe:*:Enabled:hl2" "C:\Dokumente und Einstellungen\Alexander\Lokale Einstellungen\Temp\RarSFX0\hl.exe"="C:\Dokumente und Einstellungen\Alexander\Lokale Einstellungen\Temp\RarSFX0\hl.exe:*:Enabled:Half-Life Launcher" "C:\WINDOWS\system32\avruncm.exe"="C:\WINDOWS\system32\avruncm.exe:*:Enabled:Windows Live" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\WINDOWS\system32\avruncm.exe"="C:\WINDOWS\system32\avruncm.exe:*:Enabled:Windows Live" ======List of files/folders created in the last 1 months====== 2009-09-12 15:59:13 ----D---- C:\rsit 2009-09-12 15:59:13 ----D---- C:\Programme\trend micro 2009-09-12 15:54:30 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Malwarebytes 2009-09-12 15:54:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-09-12 15:54:23 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-09-12 15:48:02 ----D---- C:\Programme\CCleaner 2009-09-11 23:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-11 23:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-11 23:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2009-09-11 22:44:45 ----D---- C:\WINDOWS\pss 2009-09-11 21:59:29 ----RSH---- C:\WINDOWS\system32\avruncm.exe 2009-09-11 16:08:37 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2009-09-11 16:08:37 ----D---- C:\Programme\DVDVideoSoft 2009-09-05 23:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-04 17:56:40 ----D---- C:\Programme\Counter-Strike Source 2009-09-04 15:50:57 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-09-04 13:53:53 ----A---- C:\WINDOWS\system32\irmon.dll 2009-09-04 13:53:53 ----A---- C:\WINDOWS\system32\irftp.exe 2009-09-04 13:53:52 ----A---- C:\WINDOWS\system32\wshirda.dll 2009-08-28 20:41:42 ----A---- C:\WINDOWS\War3Unin.exe 2009-08-28 20:38:42 ----D---- C:\Programme\Warcraft III 2009-08-26 15:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-24 16:22:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN6 2009-08-24 16:22:23 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\MSN6 2009-08-21 18:52:49 ----D---- C:\Programme\directx 2009-08-21 18:52:25 ----D---- C:\Programme\ANNO 1602 Königs-Edition 2009-08-21 18:24:45 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\AdobeUM 2009-08-20 22:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-20 13:22:23 ----D---- C:\Programme\SweetIM 2009-08-20 13:22:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM 2009-08-19 22:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-19 22:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-08-19 22:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$ 2009-08-19 22:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-19 22:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-19 22:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-19 22:12:58 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-19 22:12:55 ----D---- C:\Programme\MSBuild 2009-08-19 22:12:53 ----D---- C:\WINDOWS\system32\en-US 2009-08-19 22:12:47 ----D---- C:\Programme\Reference Assemblies 2009-08-19 22:12:28 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-19 22:12:28 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-19 22:12:28 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-19 22:12:28 ----D---- C:\c2926e47e2819c92cc3832 2009-08-19 22:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-19 22:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-19 22:09:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-19 22:09:24 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-08-19 22:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-19 22:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-19 19:43:00 ----A---- C:\WINDOWS\system32\muweb.dll 2009-08-19 19:43:00 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-08-19 19:43:00 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-08-18 16:33:04 ----D---- C:\Programme\Microsoft 2009-08-18 16:32:47 ----D---- C:\Programme\Windows Live SkyDrive 2009-08-18 16:32:25 ----D---- C:\Programme\Windows Live 2009-08-18 16:30:58 ----D---- C:\Programme\Gemeinsame Dateien\Windows Live ======List of files/folders modified in the last 1 months====== 2009-09-12 15:59:13 ----RD---- C:\Programme 2009-09-12 15:59:07 ----D---- C:\WINDOWS\Temp 2009-09-12 15:55:31 ----D---- C:\WINDOWS\system32\drivers 2009-09-12 15:54:13 ----D---- C:\WINDOWS\Prefetch 2009-09-12 15:50:31 ----D---- C:\Programme\Mozilla Firefox 2009-09-12 15:33:26 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Skype 2009-09-12 13:36:51 ----D---- C:\WINDOWS\system32 2009-09-12 13:36:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-12 13:33:13 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-12 13:33:02 ----D---- C:\Programme\Steam 2009-09-12 00:34:05 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-12 00:01:54 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\skypePM 2009-09-11 23:21:27 ----D---- C:\WINDOWS 2009-09-11 23:18:30 ----HD---- C:\WINDOWS\inf 2009-09-11 23:18:29 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-11 23:18:27 ----A---- C:\WINDOWS\imsins.BAK 2009-09-11 23:18:24 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-11 21:09:37 ----D---- C:\Programme\DivX 2009-09-11 21:09:05 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared 2009-09-11 21:09:03 ----SHD---- C:\WINDOWS\Installer 2009-09-11 16:08:37 ----D---- C:\Programme\Gemeinsame Dateien 2009-09-05 22:45:00 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Hamachi 2009-09-04 15:50:59 ----D---- C:\WINDOWS\twain_32 2009-09-04 13:53:48 ----D---- C:\WINDOWS\security 2009-09-03 12:40:53 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-28 23:38:20 ----A---- C:\WINDOWS\system32\MRT.exe 2009-08-21 18:52:25 ----HD---- C:\Programme\InstallShield Installation Information 2009-08-20 22:34:05 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-20 13:32:28 ----RSD---- C:\WINDOWS\assembly 2009-08-19 22:15:19 ----D---- C:\WINDOWS\WinSxS 2009-08-19 22:12:51 ----RSD---- C:\WINDOWS\Fonts 2009-08-19 22:12:34 ----D---- C:\WINDOWS\system32\spool 2009-08-19 22:11:11 ----D---- C:\Programme\Internet Explorer 2009-08-19 22:09:27 ----D---- C:\Programme\Outlook Express 2009-08-18 16:33:51 ----SD---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Microsoft 2009-08-18 16:32:52 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-08-18 16:32:52 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2009-08-13 17:15:57 ----A---- C:\WINDOWS\system32\jscript.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2007-08-09 40768] R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2007-09-07 62016] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712] R3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024] R3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120] R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-26 25280] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264] R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-03-19 7086240] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2008-01-29 54016] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2008-01-29 22016] R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312] R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136] R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544] R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-14 1270872] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152] S3 ajnwyuh1;ajnwyuh1; C:\WINDOWS\system32\drivers\ajnwyuh1.sys [] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2007-08-28 63016] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2007-09-11 214056] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-16 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-03-19 155716] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-02 2862428] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
12.09.2009, 17:53
| #6 | |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hostsZitat:
Start => Ausführen => notepad C:\WINDOWS\system32\drivers\etc\hosts => OK => [Strg]a => [Strg]c => beim trojaner-board dann [Strg]v ciao, andreas
__________________ --> TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts |
|
12.09.2009, 18:14
| #7 |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts # Copyright 2001-2010 Microsoft Corporation # # This is a sample HOSTS file used by TCP connections within Windows. # 127.0.0.1 msnfix.changelog.fr 127.0.0.1 www.incodesolutions.com 127.0.0.1 virusinfo.prevx.com 127.0.0.1 download.bleepingcomputer.com 127.0.0.1 www.dazhizhu.cn 127.0.0.1 foro.noticias3d.com 127.0.0.1 www.nabble.com 127.0.0.1 lurker.clamav.net 127.0.0.1 lexikon.ikarus.at 127.0.0.1 research.sunbelt-software.com 127.0.0.1 www.virusdoctor.jp 127.0.0.1 www.elitepvpers.de 127.0.0.1 guru.avg.com 127.0.0.1 www.superuser.co.kr 127.0.0.1 ntfaq.co.kr 127.0.0.1 v.dreamwiz.com 127.0.0.1 cit.kookmin.ac.kr 127.0.0.1 forums.whatthetech.com 127.0.0.1 forum.hijackthis.de 127.0.0.1 avg.vo.llnwd.net 127.0.0.1 www.huaifai.go.th 127.0.0.1 www.mostz.com 127.0.0.1 www.krupunmai.com 127.0.0.1 www.cddchiangmai.net 127.0.0.1 forum.malekal.com 127.0.0.1 tech.pantip.com 127.0.0.1 sapcupgrades.com 127.0.0.1 www.247fixes.com 127.0.0.1 forum.sysinternals.com 127.0.0.1 forum.telecharger.01net.com 127.0.0.1 sophos.com 127.0.0.1 foros.softonic.com 127.0.0.1 avast-home.uptodown.com 127.0.0.1 dr-web-cureit.softonic.com 127.0.0.1 www.f-secure.com 127.0.0.1 www.chkrootkit.org 127.0.0.1 diamondcs.com.au 127.0.0.1 www.rootkit.nl 127.0.0.1 www.sysinternals.com 127.0.0.1 z-oleg.com 127.0.0.1 espanol.dir.groups.yahoo.com 127.0.0.1 www.castlecrops.com 127.0.0.1 www.misec.net 127.0.0.1 safecomputing.umn.edu 127.0.0.1 www.antirootkit.com 127.0.0.1 www.greatis.com 127.0.0.1 ar.answers.yahoo.com 127.0.0.1 www.elhacker.org 127.0.0.1 www.rootkit.com 127.0.0.1 www.pctools.com 127.0.0.1 www.pcsupportadvisor.com 127.0.0.1 www.resplendence.com 127.0.0.1 www.personal.psu.edu 127.0.0.1 foro.ethek.com 127.0.0.1 foro.elhacker.net 127.0.0.1 vil.nail.com 127.0.0.1 search.mcafee.com 127.0.0.1 wwww.mcafee.com 127.0.0.1 download.nai.com 127.0.0.1 wwww.experts-exchange.com 127.0.0.1 www.bakunos.com 127.0.0.1 www.darkclockers.com 127.0.0.1 www.Merijn.org 127.0.0.1 www.spywareinfo.com 127.0.0.1 www.spybot.info 127.0.0.1 www.viruslist.com 127.0.0.1 www.hijackthis.de 127.0.0.1 www.f-secure.com 127.0.0.1 forum.kaspersky.com 127.0.0.1 majorgeeks.com 127.0.0.1 www.avp.com 127.0.0.1 www.virustotal.com 127.0.0.1 www.sophos.com 127.0.0.1 linhadefensiva.uol.com.br 127.0.0.1 cmmings.cn 127.0.0.1 www.sergiwa.com 127.0.0.1 www.el-hacker.com 127.0.0.1 www.avg-antivirus.net 127.0.0.1 www.kaspersky-labs.com 127.0.0.1 www.kaspersky.com 127.0.0.1 www.bleepingcomputer.com 127.0.0.1 www.free.grisoft.com 127.0.0.1 alerta-antivirus.inteco.es 127.0.0.1 securityresponse.symantec.com 127.0.0.1 www.analysis.seclab.tuwien.ac.at 127.0.0.1 www.symantec.com 127.0.0.1 www.kztechs.com 127.0.0.1 ad-aware-se.uptodown.com 127.0.0.1 stdio-labs.blogspot.com 127.0.0.1 liveupdate.symantecliveupdate.com 127.0.0.1 liveupdate.symantec.com 127.0.0.1 customer.symantec.com 127.0.0.1 update.symantec.com 127.0.0.1 www.box.net 127.0.0.1 foro.el-hacker.com 127.0.0.1 www.mcafee.com 127.0.0.1 www.free.avg.com 127.0.0.1 download.mcafee.com 127.0.0.1 mast.mcafee.com 127.0.0.1 www.tecno-soft.com 127.0.0.1 ladooscuro.es 127.0.0.1 ftp.drweb.com 127.0.0.1 download.microsoft.comguru0.grisoft.cz 127.0.0.1 guru1.grisoft.cz 127.0.0.1 guru2.grisoft.cz 127.0.0.1 guru3.grisoft.cz 127.0.0.1 download.bleepingcomputer.com 127.0.0.1 it.answers.yahoo.com 127.0.0.1 www.softonic.com 127.0.0.1 guru4.grisoft.cz 127.0.0.1 guru5.grisoft.cz 127.0.0.1 www.virusspy.com 127.0.0.1 www.download.f-secure.com 127.0.0.1 www.malwareremoval.com 127.0.0.1 forums.cnet.com 127.0.0.1 foros.softonic.com 127.0.0.1 hjt-data.trend-braintree.com 127.0.0.1 www.pantip.com 127.0.0.1 secubox.aldria.com 127.0.0.1 www.forospyware.com 127.0.0.1 www.manuelruvalcaba.com 127.0.0.1 www.zonavirus.com 127.0.0.1 www.leforo.com 127.0.0.1 www.siteadvisor.com 127.0.0.1 blog.threatfire.com 127.0.0.1 www.threatexpert.com 127.0.0.1 blog.hispasec.com 127.0.0.1 www.configurarequipos.com 127.0.0.1 sosvirus.changelog.fr 127.0.0.1 mailcenter.rising.com.cn 127.0.0.1 mailcenter.rising.com 127.0.0.1 www.rising.com.cn 127.0.0.1 www.rising.com 127.0.0.1 www.babooforum.com.br 127.0.0.1 www.runscanner.net 127.0.0.1 www.blogschapines.com 127.0.0.1 sosvirus.changelog.fr 127.0.0.1 upload.changelog.fr 127.0.0.1 www.raymond.cc 127.0.0.1 changelog.fr 127.0.0.1 www.pcentraide.com 127.0.0.1 atazita.blogspot.com 127.0.0.1 www.thinkpad.cn 127.0.0.1 www.final4ever.com 127.0.0.1 files.filefont.com 127.0.0.1 www.infos-du-net.com 127.0.0.1 www.trendsecure.com 127.0.0.1 forum.hardware.fr 127.0.0.1 www.utilidades-utiles.com 127.0.0.1 blogs.icerocket.com 127.0.0.1 www.spychecker.com 127.0.0.1 www.geekstogo.com 127.0.0.1 forums.maddoktor2.com 127.0.0.1 www.smokey-services.eu 127.0.0.1 www.clubic.com 127.0.0.1 www.linhadefensiva.org 127.0.0.1 www.rolandovera.com 127.0.0.1 download.sysinternals.com 127.0.0.1 www.pcguide.com 127.0.0.1 www.thetechguide.com 127.0.0.1 www.ozzu.com 127.0.0.1 www.changedetection.com 127.0.0.1 espanol.groups.yahoo.com 127.0.0.1 community.thaiware.com 127.0.0.1 www.avpclub.ddns.info 127.0.0.1 www.offensivecomputing.net 127.0.0.1 www.grisoft.com 127.0.0.1 boardreader.com 127.0.0.1 www.guiadohardware.net 127.0.0.1 www.msnvirusremoval.com 127.0.0.1 www.cisrt.org 127.0.0.1 fixmyim.com 127.0.0.1 samroeng.hi5.com 127.0.0.1 foro.elhacker.net 127.0.0.1 www.daboweb.com 127.0.0.1 service1.symantec.com 127.0.0.1 forums.techguy.org 127.0.0.1 www.incodesolutions.com 127.0.0.1 hijackthis.download3000.com 127.0.0.1 www.cybertechhelp.com 127.0.0.1 www.superdicas.com.br 127.0.0.1 www.51nb.com 127.0.0.1 downloads.andymanchesta.com 127.0.0.1 andymanchesta.com 127.0.0.1 info.prevx.com 127.0.0.1 aknow.prevx.com 127.0.0.1 www.zonavirus.com 127.0.0.1 securitywonks.net 127.0.0.1 www.yoreparo.com 127.0.0.1 www.lavasoft.com 127.0.0.1 www.virscan.org 127.0.0.1 www.eeload.com 127.0.0.1 down.www.kingsoft.com 127.0.0.1 www.file.net 127.0.0.1 onecare.live.com 127.0.0.1 mvps.org 127.0.0.1 www.laneros.com 127.0.0.1 www.housecall.trendmicro.com 127.0.0.1 www.avast.com 127.0.0.1 www.free.avg.com 127.0.0.1 www.onlinescan.avast.com 127.0.0.1 www.ewido.net 127.0.0.1 www.trucoswindows.net 127.0.0.1 www.futurenow.bitdefender.com 127.0.0.1 www.bitdefender.com 127.0.0.1 www.f-prot.com 127.0.0.1 www.trendsecure.com 127.0.0.1 security.symantec.com 127.0.0.1 oldtimer.geekstogo.com 127.0.0.1 www.avira.com 127.0.0.1 www.eset.com 127.0.0.1 www.free.avg.com 127.0.0.1 www.free-av.com 127.0.0.1 kr.ahnlab.com 127.0.0.1 www.eset.com 127.0.0.1 forospyware.com 127.0.0.1 thejokerx.blogspot.com 127.0.0.1 www.2-spyware.com 127.0.0.1 www.antivir.es 127.0.0.1 www.prevx.com 127.0.0.1 www.ikarus.net 127.0.0.1 bbs.s-sos.net 127.0.0.1 www.housecall.trendmicro.com 127.0.0.1 www.superdicas.com.br 127.0.0.1 www.forums.majorgeeks.com 127.0.0.1 www.castlecops.com 127.0.0.1 www.virusspy.com 127.0.0.1 andymanchesta.com 127.0.0.1 www.kaspersky.es 127.0.0.1 subs.geekstogo.com 127.0.0.1 www.forospanish.com 127.0.0.1 www.trendmicro.com 127.0.0.1 www.fortinet.com 127.0.0.1 www.safer-networking.org 127.0.0.1 www.fortiguardcenter.com 127.0.0.1 www.dougknox.com 127.0.0.1 www.vsantivirus.com 127.0.0.1 www.firewallguide.com 127.0.0.1 www.auditmypc.com 127.0.0.1 www.spywaredb.com 127.0.0.1 www.mxttchina.com 127.0.0.1 www.ziggamza.net 127.0.0.1 www.forospyware.es 127.0.0.1 pogonyuto.forospanish.com 127.0.0.1 www.antivirus.comodo.com 127.0.0.1 www.spywareterminator.com 127.0.0.1 www.eradicatespyware.net 127.0.0.1 www.freespywareremoval.info 127.0.0.1 www.personalfirewall.comodo.com 127.0.0.1 www.clamav.net 127.0.0.1 www.antivirus.about.com 127.0.0.1 www.pandasecurity.com 127.0.0.1 www.webphand.com 127.0.0.1 mx.answers.yahoo.com 127.0.0.1 www.securitywonks.net 127.0.0.1 www.sandboxie.com 127.0.0.1 www.clamwin.com 127.0.0.1 www.cwsandbox.org 127.0.0.1 www.ca.com 127.0.0.1 www.arswp.com 127.0.0.1 es.answers.yahoo.com 127.0.0.1 www.trucoswindows.es 127.0.0.1 www.networkworld.com 127.0.0.1 www.cddchiangmai.net 127.0.0.1 www.threatexpert.com 127.0.0.1 www.norman.com 127.0.0.1 espanol.answers.yahoo.com 127.0.0.1 www.tallemu.com 127.0.0.1 virscan.org 127.0.0.1 www.viruschief.com 127.0.0.1 scanner.virus.org 127.0.0.1 www.hijackthis.de 127.0.0.1 housecall65.trendmicro.com 127.0.0.1 www.guiadohardware.net 127.0.0.1 hjt.networktechs.com 127.0.0.1 www.techsupportforum.com 127.0.0.1 www.whatthetech.com 127.0.0.1 www.soccersuck.com 127.0.0.1 www.pcentraide.com 127.0.0.1 comunidad.wilkinsonpc.com.co 127.0.0.1 forum.piriform.com 127.0.0.1 www.tweaksforgeeks.com 127.0.0.1 www.daniweb.com 127.0.0.1 www.geekstogo.com 127.0.0.1 es.answers.yahoo.com 127.0.0.1 www.techsupportforum.com 127.0.0.1 www.pchell.com 127.0.0.1 www.spyany.com 127.0.0.1 forums.techguy.org 127.0.0.1 www.experts-exchange.com 127.0.0.1 www.wikio.es 127.0.0.1 www.pandasecurity.com 127.0.0.1 forums.devshed.com 127.0.0.1 forum.tweaks.com 127.0.0.1 www.wilderssecurity.com 127.0.0.1 www.techspot.com 127.0.0.1 www.thecomputerpitstop.com 127.0.0.1 es.wasalive.com 127.0.0.1 secunia.com 127.0.0.1 es.kioskea.net 127.0.0.1 www.taringa.net 127.0.0.1 www.cyberdefender.com 127.0.0.1 www.feedage.com 127.0.0.1 new.taringa.net 127.0.0.1 forum.zazana.com 127.0.0.1 forum.clubedohardware.com.br 127.0.0.1 www.computing.net 127.0.0.1 discussions.virtualdr.com 127.0.0.1 forum.securitycadets.com 127.0.0.1 www.techimo.com 127.0.0.1 13iii.com 127.0.0.1 www.dicasweb.com.br 127.0.0.1 www.infosecpodcast.com 127.0.0.1 www.usbcleaner.cn 127.0.0.1 www.net-security.org 127.0.0.1 www.bleedingthreats.net 127.0.0.1 acs.pandasoftware.com 127.0.0.1 www.funkytoad.com 127.0.0.1 www.360safe.cn 127.0.0.1 www.360safe.com 127.0.0.1 bbs.360safe.cn 127.0.0.1 bbs.360safe.com 127.0.0.1 codehard.wordpress.com 127.0.0.1 forum.clubedohardware.com.br 127.0.0.1 www.360.cn 127.0.0.1 www.360.com 127.0.0.1 bbs.360safe.cn 127.0.0.1 bbs.360safe.com 127.0.0.1 www.forospyware.es 127.0.0.1 p3dev.taringa.net 127.0.0.1 www.precisesecurity.com 127.0.0.1 baike.360.cn 127.0.0.1 baike.360.com 127.0.0.1 kaba.360.cn 127.0.0.1 kaba.360.com 127.0.0.1 deckard.geekstogo.com 127.0.0.1 www.taringa.net 127.0.0.1 forums.comodo.com 127.0.0.1 www.mvps.org 127.0.0.1 down.360safe.cn 127.0.0.1 down.360safe.com 127.0.0.1 x.360safe.com 127.0.0.1 dl.360safe.com 127.0.0.1 ftp.drweb.com 127.0.0.1 www.hotshare.net 127.0.0.1 es.wasalive.com 127.0.0.1 free.antivirus.com 127.0.0.1 updatem.360safe.com 127.0.0.1 updatem.360safe.cn 127.0.0.1 update.360safe.cn 127.0.0.1 update.360safe.com 127.0.0.1 www.utilidades-utiles.com 127.0.0.1 forum.kaspersky.com 127.0.0.1 bbs.duba.net 127.0.0.1 www.duba.net 127.0.0.1 zhidao.baidu.com 127.0.0.1 hi.baidu.com 127.0.0.1 www.drweb.com.es 127.0.0.1 msncleaner.softonic.com 127.0.0.1 www.javacoolsoftware.com 127.0.0.1 file.ikaka.com 127.0.0.1 file.ikaka.cn 127.0.0.1 bbs.ikaka.com 127.0.0.1 zhidao.ikaka.com 127.0.0.1 www.eset-la.com 127.0.0.1 www.eset-la.com 127.0.0.1 software-files.download.com 127.0.0.1 www.ikaka.com 127.0.0.1 www.ikaka.cn 127.0.0.1 bbs.cfan.com.cn 127.0.0.1 www.cfan.com.cn 127.0.0.1 www.pandasecurity.com 127.0.0.1 es.mcafee.com 127.0.0.1 downloads.malwarebytes.org 127.0.0.1 bbs.kafan.cn 127.0.0.1 bbs.kafan.com 127.0.0.1 bbs.kpfans.com 127.0.0.1 bbs.taisha.org 127.0.0.1 www.manuelruvalcaba.com 127.0.0.1 support.f-secure.com 127.0.0.1 bbs.winzheng.com 127.0.0.1 alerta-antivirus.inteco.es 127.0.0.1 foros.zonavirus.com 127.0.0.1 alerta-antivirus.red.es 127.0.0.1 www.zonavirus.com 127.0.0.1 www.malwarebytes.org 127.0.0.1 www.commentcamarche.net 127.0.0.1 www.ewido.net 127.0.0.1 www.infospyware.com 127.0.0.1 www.bitdefender.es 127.0.0.1 housecall.trendmicro.com 127.0.0.1 foros.toxico-pc.com 127.0.0.1 www.emsisoft.de 127.0.0.1 www.securitynewsportal.com |
|
12.09.2009, 18:20
| #8 | ||
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts Da fehlt noch www.trojaner-board.de. Beantworte bitte meine Fragen: Zitat:
Zitat:
Führe Lop S&D.exe per Doppelklick aus. Wähle die Sprache deiner Wahl und anschließend die Option 2. Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen). ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer.  Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
12.09.2009, 18:37
| #9 |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts Hab gerade nochmal wo nachgeguckt im Chat-Log und es dürfte so gegen 21:55-22:00 gewesen sein, ich tippe um 21:59, genauer geht es aber leider nicht. €dit: Log vergessen: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ ) BIOS : Default System BIOS USER : Alexander ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 7.0.0.2 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:149 Go (Free:43 Go) D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 12.09.2009|19:24 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX Geloescht ! - C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\nsa26.tmp \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Ordner Verzeichnis unter ANWEND~1 [25.03.2009|09:17] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Adobe [21.08.2009|18:24] C:\DOKUME~1\ALEXAN~1\ANWEND~1\AdobeUM [29.06.2009|15:03] C:\DOKUME~1\ALEXAN~1\ANWEND~1\DAEMON Tools Lite [16.07.2009|22:40] C:\DOKUME~1\ALEXAN~1\ANWEND~1\DivX [03.07.2009|11:48] C:\DOKUME~1\ALEXAN~1\ANWEND~1\GetRightToGo [13.02.2009|19:09] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Google [08.05.2009|18:52] C:\DOKUME~1\ALEXAN~1\ANWEND~1\gtk-2.0 [05.09.2009|22:45] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Hamachi [29.05.2009|22:19] C:\DOKUME~1\ALEXAN~1\ANWEND~1\ICQ [13.02.2009|17:22] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Identities [13.02.2009|18:35] C:\DOKUME~1\ALEXAN~1\ANWEND~1\InstallShield [26.06.2009|18:29] C:\DOKUME~1\ALEXAN~1\ANWEND~1\kikin [14.05.2009|14:09] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Logitech [13.02.2009|18:40] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Macromedia [08.06.2009|15:47] C:\DOKUME~1\ALEXAN~1\ANWEND~1\MAGIX [12.09.2009|15:54] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Malwarebytes [18.08.2009|16:33] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Microsoft [13.02.2009|17:42] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Microsoft Web Folders [02.06.2009|17:06] C:\DOKUME~1\ALEXAN~1\ANWEND~1\MobMapUpdater [13.02.2009|19:16] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Mozilla [06.09.2009|20:03] C:\DOKUME~1\ALEXAN~1\ANWEND~1\MSN6 [30.06.2009|15:10] C:\DOKUME~1\ALEXAN~1\ANWEND~1\SecuROM [12.09.2009|15:33] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Skype [12.09.2009|16:03] C:\DOKUME~1\ALEXAN~1\ANWEND~1\skypePM [21.06.2009|01:47] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Sun [18.07.2009|20:07] C:\DOKUME~1\ALEXAN~1\ANWEND~1\teamspeak2 [29.06.2009|15:18] C:\DOKUME~1\ALEXAN~1\ANWEND~1\TeamViewer [13.02.2009|18:51] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Ubisoft [19.02.2009|22:18] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Winamp [06.03.2009|22:07] C:\DOKUME~1\ALEXAN~1\ANWEND~1\WinRAR [0|Datei(en)] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Bytes [32|Verzeichnis(se),] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Bytes frei [13.02.2009|18:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe [13.02.2009|17:37] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Avira [21.03.2009|17:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Blizzard [26.06.2009|18:22] C:\DOKUME~1\ALLUSE~1\ANWEND~1\DAEMON Tools Lite [10.07.2009|11:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google [29.05.2009|22:15] C:\DOKUME~1\ALLUSE~1\ANWEND~1\ICQ [10.07.2009|11:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\MAGIX [12.09.2009|15:54] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes [18.08.2009|16:32] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft [24.08.2009|16:22] C:\DOKUME~1\ALLUSE~1\ANWEND~1\MSN6 [30.05.2009|11:59] C:\DOKUME~1\ALLUSE~1\ANWEND~1\nView_Profiles [19.02.2009|22:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\OrbNetworks [30.06.2009|17:25] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype [20.08.2009|13:22] C:\DOKUME~1\ALLUSE~1\ANWEND~1\SweetIM [08.07.2009|14:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TrackMania [13.02.2009|18:47] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Ubisoft [19.02.2009|22:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Winamp Toolbar [0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes [19|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei [13.02.2009|17:18] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes [3|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei [11.09.2009|22:35] C:\DOKUME~1\LOCALS~1\ANWEND~1\Adobe [13.02.2009|17:21] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes [4|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei [13.02.2009|17:21] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes [3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei --------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks [12.09.2009 18:29][--ah-----] C:\WINDOWS\tasks\SA.DAT [02.04.2003 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Ordner Verzeichnis unter C:\Programme [13.02.2009|18:03] C:\Programme\Adobe [28.08.2009|17:29] C:\Programme\ANNO 1602 Königs-Edition [13.02.2009|17:37] C:\Programme\Avira [15.07.2009|00:50] C:\Programme\CAPCOM [12.09.2009|15:48] C:\Programme\CCleaner [13.02.2009|17:16] C:\Programme\ComPlus Applications [04.09.2009|18:23] C:\Programme\Counter-Strike Source [27.06.2009|09:06] C:\Programme\DAEMON Tools Lite [26.06.2009|18:22] C:\Programme\DAEMON Tools Toolbar [21.08.2009|18:52] C:\Programme\directx [11.09.2009|21:09] C:\Programme\DivX [11.09.2009|16:08] C:\Programme\DVDVideoSoft [11.09.2009|16:08] C:\Programme\Gemeinsame Dateien [10.07.2009|11:17] C:\Programme\Google [14.07.2009|20:43] C:\Programme\GUILD WARS [16.07.2009|01:17] C:\Programme\GW Team Builder [26.04.2009|20:04] C:\Programme\Hamachi [29.05.2009|22:17] C:\Programme\ICQ6.5 [29.05.2009|22:15] C:\Programme\ICQ6Toolbar [13.02.2009|17:54] C:\Programme\IDT [21.08.2009|18:52] C:\Programme\InstallShield Installation Information [19.08.2009|22:11] C:\Programme\Internet Explorer [16.07.2009|13:56] C:\Programme\Java [26.06.2009|19:43] C:\Programme\JDownloader 0.6.193 [26.06.2009|18:29] C:\Programme\kikin [14.05.2009|14:07] C:\Programme\Logitech [23.06.2009|00:21] C:\Programme\LÖSCHEN [10.07.2009|11:10] C:\Programme\MAGIX [12.09.2009|15:55] C:\Programme\Malwarebytes' Anti-Malware [15.02.2009|02:10] C:\Programme\Messenger [17.06.2009|17:45] C:\Programme\Metin2_Germany [18.08.2009|16:33] C:\Programme\Microsoft [13.02.2009|17:42] C:\Programme\microsoft frontpage [13.02.2009|17:42] C:\Programme\Microsoft Office [13.02.2009|18:51] C:\Programme\Movie Maker [12.09.2009|18:33] C:\Programme\Mozilla Firefox [19.08.2009|22:12] C:\Programme\MSBuild [13.02.2009|17:16] C:\Programme\MSN [13.02.2009|17:16] C:\Programme\MSN Gaming Zone [15.02.2009|02:08] C:\Programme\MSXML 4.0 [03.07.2009|12:31] C:\Programme\NCSoft [13.02.2009|18:50] C:\Programme\NetMeeting [13.02.2009|17:16] C:\Programme\Online Services [13.02.2009|17:17] C:\Programme\Online-Dienste [10.06.2009|21:32] C:\Programme\OpenAL [19.08.2009|22:09] C:\Programme\Outlook Express [19.08.2009|22:12] C:\Programme\Reference Assemblies [30.06.2009|15:08] C:\Programme\Sierra [30.06.2009|17:25] C:\Programme\Skype [09.07.2009|13:48] C:\Programme\Stardock [12.09.2009|18:30] C:\Programme\Steam [20.08.2009|13:22] C:\Programme\SweetIM [25.05.2009|17:56] C:\Programme\T4E [28.02.2009|18:40] C:\Programme\Teamspeak2_RC2 [09.07.2009|23:58] C:\Programme\thriXXX [10.06.2009|21:41] C:\Programme\TmNationsForever [12.09.2009|15:59] C:\Programme\trend micro [15.07.2009|23:08] C:\Programme\Ubisoft [13.02.2009|17:22] C:\Programme\Uninstall Information [09.06.2009|14:26] C:\Programme\Visions [06.09.2009|14:36] C:\Programme\Warcraft III [19.02.2009|22:18] C:\Programme\Winamp [19.02.2009|22:17] C:\Programme\Winamp Remote [19.02.2009|22:17] C:\Programme\Winamp Toolbar [18.08.2009|16:32] C:\Programme\Windows Live [18.08.2009|16:32] C:\Programme\Windows Live SkyDrive [15.07.2009|23:15] C:\Programme\Windows Media Player [13.02.2009|18:50] C:\Programme\Windows NT [13.02.2009|18:26] C:\Programme\WindowsUpdate [13.02.2009|17:40] C:\Programme\WinRAR [13.02.2009|17:18] C:\Programme\xerox [02.03.2009|09:16] C:\Programme\XMedia Recode [0|Datei(en)] C:\Programme\Bytes [74|Verzeichnis(se),] C:\Programme\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Programme\Gemeinsame Dateien [13.02.2009|18:03] C:\Programme\Gemeinsame Dateien\Adobe [23.06.2009|13:17] C:\Programme\Gemeinsame Dateien\Blizzard Entertainment [13.02.2009|17:44] C:\Programme\Gemeinsame Dateien\Designer [13.02.2009|17:17] C:\Programme\Gemeinsame Dateien\Dienste [11.09.2009|21:09] C:\Programme\Gemeinsame Dateien\DivX Shared [11.09.2009|16:08] C:\Programme\Gemeinsame Dateien\DVDVideoSoft [13.02.2009|17:52] C:\Programme\Gemeinsame Dateien\InstallShield [14.05.2009|14:06] C:\Programme\Gemeinsame Dateien\Logitech [18.08.2009|16:32] C:\Programme\Gemeinsame Dateien\Microsoft Shared [13.02.2009|17:17] C:\Programme\Gemeinsame Dateien\MSSoap [14.02.2009|00:13] C:\Programme\Gemeinsame Dateien\ODBC [30.06.2009|17:25] C:\Programme\Gemeinsame Dateien\Skype [14.02.2009|00:13] C:\Programme\Gemeinsame Dateien\SpeechEngines [13.02.2009|18:50] C:\Programme\Gemeinsame Dateien\System [18.08.2009|16:30] C:\Programme\Gemeinsame Dateien\Windows Live [0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes [17|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei --------------------\\ Process ( 42 Processes ) ... OK ! --------------------\\ Ueberpruefung mit S_Lop Kein Lop Ordner gefunden ! --------------------\\ Suche nach Lop Dateien - Ordnern Kein Lop Ordner gefunden ! --------------------\\ Suche innerhalb der Registry ..... OK ! --------------------\\ Ueberpruefung der Hosts Datei Hosts Datei SAUBER --------------------\\ Suche nach verborgenen Dateien mit Catchme --------------------\\ Suche nach anderen Infektionen [F:1516][D:86]-> C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp [F:65][D:0]-> C:\DOKUME~1\ALEXAN~1\Cookies [F:2316][D:5]-> C:\DOKUME~1\ALEXAN~1\LOKALE~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 12.09.2009|19:29 - Option : [2] --------------------\\ Scan beendet um 19:29:18 Geändert von eUnDoO (12.09.2009 um 19:14 Uhr) |
|
12.09.2009, 19:31
| #10 | |||
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hostsZitat:
Zitat:
http://www.trojaner-board.de/74908-a...t-scanner.html ciao, andreas Edit: Lade die Datei Zitat:
Markiere den Text in der Box, kopiere ihn und füge ihn im Uploadchannel ins erste weiße Feld ein.
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? Geändert von john.doe (12.09.2009 um 19:53 Uhr) |
|
12.09.2009, 22:10
| #11 |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts Hab C:\WINDOWS\system32\avruncm.exe hochgeladen sowie beschrieben und vorhin GMER durchlaufen lassen. Als er anscheinend fertig wurde öffnete sich ein Warnfenster mit folgendem Inhalt: "GMER found a system modification caused by ROOTKIT." Das ist das Log: GMER 1.0.15.15077 [0l1uwpio.exe] - http://www.gmer.net Rootkit scan 2009-09-12 22:59:46 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT spqy.sys ZwCreateKey [0xBA6A70E0] SSDT BAFF1F1C ZwCreateThread SSDT spqy.sys ZwEnumerateKey [0xBA6C5CA4] SSDT spqy.sys ZwEnumerateValueKey [0xBA6C6032] SSDT spqy.sys ZwOpenKey [0xBA6A70C0] SSDT BAFF1F08 ZwOpenProcess SSDT BAFF1F0D ZwOpenThread SSDT spqy.sys ZwQueryKey [0xBA6C610A] SSDT spqy.sys ZwQueryValueKey [0xBA6C5F8A] SSDT spqy.sys ZwSetValueKey [0xBA6C619C] SSDT BAFF1F17 ZwTerminateProcess SSDT BAFF1F12 ZwWriteVirtualMemory INT 0x62 ? 89BA1BF8 INT 0x94 ? 89B10BF8 INT 0xB4 ? 89BA1BF8 INT 0xB4 ? 89BA1BF8 INT 0xB4 ? 89B10BF8 INT 0xB4 ? 89B10BF8 INT 0xB4 ? 89BA1BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spqy.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload B9EEE8AC 5 Bytes JMP 89B101D8 .text a0vams5v.SYS B9670386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a0vams5v.SYS B96703AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a0vams5v.SYS B96703C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a0vams5v.SYS B96703C9 1 Byte [30] .text a0vams5v.SYS B96703C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Winamp Remote\bin\OrbTray.exe[664] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00413C70 C:\Programme\Winamp Remote\bin\OrbTray.exe (Orb/Orb Networks) .text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!ReadFile 7C801812 6 Bytes JMP 5F160F5A .text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01290001 .text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F130F5A .text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A .text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!GetFileSize 7C810B17 6 Bytes JMP 5F190F5A .text C:\Programme\ICQ6.5\ICQ.exe[1308] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5F040F5A .text C:\Programme\ICQ6.5\ICQ.exe[1308] USER32.dll!SetParent 7E37C7F9 3 Bytes [FF, 25, 1E] .text C:\Programme\ICQ6.5\ICQ.exe[1308] USER32.dll!SetParent + 4 7E37C7FD 2 Bytes [1D, 5F] .text C:\Programme\ICQ6.5\ICQ.exe[1308] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 5F0A0F5A .text C:\Programme\ICQ6.5\ICQ.exe[1308] ole32.dll!CoCreateInstance 774D057E 6 Bytes JMP 5F0D0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012C0001 .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F3B0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F290F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F2C0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F2F0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!FindResourceW 7C80BC6E 6 Bytes JMP 5F230F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!SizeofResource 7C80BD09 6 Bytes JMP 5F260F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 5F0D0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 5F0A0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 5F040F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 6 Bytes JMP 5F410F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegSetValueExA 77DAEAE7 6 Bytes JMP 5F3E0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5F200F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!DestroyWindow 7E37B19C 3 Bytes [FF, 25, 1E] .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!DestroyWindow + 4 7E37B1A0 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!SetWindowLongW 7E37C2BB 6 Bytes JMP 5F1A0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 5F170F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!HttpOpenRequestA 77192B01 6 Bytes JMP 5F4A0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!InternetCloseHandle 77194D94 6 Bytes JMP 5F570F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!HttpQueryInfoA 771979CA 6 Bytes JMP 5F4D0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!InternetReadFile 771982F2 6 Bytes JMP 5F540F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!GetUrlCacheEntryInfoExW 771A68A6 6 Bytes JMP 5F5A0F5A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A8042] spqy.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A813E] spqy.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A80C0] spqy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A8800] spqy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A86D6] spqy.sys IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89BA01F8 AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira Antivir File Filter Driver Manager/Avira GmbH) Device \Driver\sptd \Device\878103368 spqy.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{96BA77FC-F72C-4F5B-B010-BDAEB2AA2DF9} 896B9500 Device \Driver\usbohci \Device\USBPDO-0 899D21F8 Device \Driver\usbehci \Device\USBPDO-1 899D11F8 Device \Driver\usbohci \Device\USBPDO-2 899D21F8 Device \Driver\usbehci \Device\USBPDO-3 899D11F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 89C111F8 Device \Driver\Cdrom \Device\CdRom0 89A9D1F8 Device \Driver\Cdrom \Device\CdRom1 89A9D1F8 Device \Driver\PCI_PNP9618 \Device\0000003d spqy.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 896B9500 Device \Driver\NetBT \Device\NetbiosSmb 896B9500 Device \Driver\NetBT \Device\NetBT_Tcpip_{A0B28692-DC27-4E9E-A096-776C3E9BA8AC} 896B9500 Device \Driver\usbohci \Device\USBFDO-0 899D21F8 Device \Driver\usbehci \Device\USBFDO-1 899D11F8 Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{287FB9DD-DD13-4F92-942C-B026A5237C2A} 896B9500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896BA500 Device \Driver\usbohci \Device\USBFDO-2 899D21F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 896BA500 Device \Driver\usbehci \Device\USBFDO-3 899D11F8 Device \Driver\BTHUSB \Device\0000007c bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\Ftdisk \Device\FtControl 89C111F8 Device \Driver\a0vams5v \Device\Scsi\a0vams5v1Port4Path0Target0Lun0 898431F8 Device \Driver\a0vams5v \Device\Scsi\a0vams5v1 898431F8 Device \FileSystem\Cdfs \Cdfs 898881F8 ---- Processes - GMER 1.0.15 ---- Process C:\WINDOWS\system32\avruncm.exe (*** hidden *** ) 1232 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986000151 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986000151@001a7d521e83 0x99 0x1B 0x0D 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x15 0x5C 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x8A 0xD7 0x33 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0x29 0xDE 0x4B ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001986000151 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001986000151@001a7d521e83 0x99 0x1B 0x0D 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x15 0x5C 0x88 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x8A 0xD7 0x33 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0x29 0xDE 0x4B ... ---- EOF - GMER 1.0.15 ---- |
|
12.09.2009, 22:28
| #12 |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts Nur Kaspersky erkennt ihn bisher. Virustotal. MD5: 6cf0b27011fe242abcf989288869b2ec Heuristic.LooksLike.Win32.Trojan.B Trojan.Win32.Refroso.juq Trojan.Win32.Refroso.juq Code:
ATTFilter Datei avruncm.exe empfangen 2009.09.12 21:13:21 (UTC)
Status: Beendet
Ergebnis: 4/41 (9.76%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.09.12 -
AhnLab-V3 5.0.0.2 2009.09.12 -
AntiVir 7.9.1.14 2009.09.11 -
Antiy-AVL 2.0.3.7 2009.09.11 -
Authentium 5.1.2.4 2009.09.12 -
Avast 4.8.1351.0 2009.09.12 -
AVG 8.5.0.412 2009.09.12 -
BitDefender 7.2 2009.09.12 -
CAT-QuickHeal 10.00 2009.09.12 -
ClamAV 0.94.1 2009.09.12 -
Comodo 2296 2009.09.12 -
DrWeb 5.0.0.12182 2009.09.12 -
eSafe 7.0.17.0 2009.09.10 -
eTrust-Vet 31.6.6733 2009.09.11 -
F-Prot 4.5.1.85 2009.09.12 -
F-Secure 8.0.14470.0 2009.09.12 Trojan.Win32.Refroso.juq
Fortinet 3.120.0.0 2009.09.12 -
GData 19 2009.09.12 -
Ikarus T3.1.1.72.0 2009.09.12 -
Jiangmin 11.0.800 2009.09.12 -
K7AntiVirus 7.10.843 2009.09.12 -
Kaspersky 7.0.0.125 2009.09.12 Trojan.Win32.Refroso.juq
McAfee 5739 2009.09.12 -
McAfee+Artemis 5739 2009.09.12 -
McAfee-GW-Edition 6.8.5 2009.09.12 Heuristic.LooksLike.Win32.Trojan.B
Microsoft 1.5005 2009.09.12 -
NOD32 4419 2009.09.12 -
Norman 6.01.09 2009.09.11 -
nProtect 2009.1.8.0 2009.09.12 -
Panda 10.0.2.2 2009.09.12 Suspicious file
PCTools 4.4.2.0 2009.09.11 -
Prevx 3.0 2009.09.12 -
Rising 21.46.52.00 2009.09.12 -
Sophos 4.45.0 2009.09.12 -
Sunbelt 3.2.1858.2 2009.09.12 -
Symantec 1.4.4.12 2009.09.12 -
TheHacker 6.3.4.4.402 2009.09.12 -
TrendMicro 8.950.0.1094 2009.09.12 -
VBA32 3.12.10.10 2009.09.11 -
ViRobot 2009.9.12.1932 2009.09.12 -
VirusBuster 4.6.5.0 2009.09.12 -
weitere Informationen
File size: 86016 bytes
MD5...: 6cf0b27011fe242abcf989288869b2ec
SHA1..: da2dd3a91624d8476b7aeeead263dca5e281514e
SHA256: fbc1a602e8b83b4cc2c822b58ed214384a63439f734cf9e9e694c281e1535e59
ssdeep: 1536:BQwua/lkX1mRviSobwfahk+Xo9TQh7pxfnHErAWNrfRLl9YRmrH9FmSXxOw
:Bua/+FmRvKbEai9Wj/urPfXxhO
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x61fa
timedatestamp.....: 0x4aa81d7f (Wed Sep 09 21:26:23 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x53de 0x5400 5.68 a893ff0ef887ce07f6f0eba9c3997bdc
.rdata 0x7000 0x8be 0xa00 4.69 eac5f36ff1c8f4d1466eefddeb4d2ea0
.data 0x8000 0x864 0x800 5.83 6c737451573658844a2a3b13fef3e92c
.rsrc 0x9000 0xe4dc 0xe600 7.96 b8b9fc16a60faac00eefffa54bea2a98
( 6 imports )
> KERNEL32.dll: GetTickCount, GetStartupInfoA, GetModuleHandleA, CreateThread, Sleep
> USER32.dll: SetWindowPos, MessageBoxA, PostQuitMessage, DestroyWindow, DefWindowProcA, DispatchMessageA, TranslateMessage, GetMessageA, UpdateWindow, ShowWindow, CreateWindowExA, SetWindowPlacement, LoadCursorA, LoadIconA, RegisterClassExA
> ole32.dll: CoInitialize
> GDI32.dll: GetStockObject
> MSVCP60.dll: __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z
> MSVCRT.dll: sprintf, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _EH_prolog, memcpy, strcpy, _except_handler3, memset, __2@YAPAXI@Z, getenv, _stricmp, malloc, memmove, strcmp, strlen, __CxxFrameHandler
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Lade dir das Tool Avenger und speichere es auf dem Desktop:
Code:
ATTFilter Drivers to delete:
npggsvc
ICQ Service
JavaQuickStarterService
Files to delete:
C:\WINDOWS\system32\avruncm.exe
Folders to delete:
c:\rsit
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
12.09.2009, 23:07
| #13 |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts So hab avenger meinen Rechner neu starten lassen und AntiVir meldet mir nun keine Viren-Meldungen mehr an, was bissher das einzige merkbare Zeichen für den Trojaner war. Hier das Log: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "mkgluz" found! ImagePath: system32\drivers\bkdrj.sys Start Type: 0 (Boot) Rootkit scan completed. Warning: Invalid contents in ServiceGroupOrder key! There may be a driver loading earlier than Avenger! Driver "npggsvc" deleted successfully. Driver "ICQ Service" deleted successfully. Driver "JavaQuickStarterService" deleted successfully. File "C:\WINDOWS\system32\avruncm.exe" deleted successfully. Folder "c:\rsit" deleted successfully. Completed script processing. ******************* Finished! Terminate. Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\npggsvc" not found! Deletion of driver "npggsvc" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ICQ Service" not found! Deletion of driver "ICQ Service" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\JavaQuickStarterService" not found! Deletion of driver "JavaQuickStarterService" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\avruncm.exe" not found! Deletion of file "C:\WINDOWS\system32\avruncm.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "c:\rsit" not found! Deletion of folder "c:\rsit" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
|
12.09.2009, 23:15
| #14 | |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hostsZitat:
 Was ist das denn für ein fieses Teil?  Da müssen wir genauer hinschauen. 1.) Rootkitsuche mit SysProt
2.) Rootkitscan mit RootRepeal
ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
12.09.2009, 23:40
| #15 |
| | TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts SysProt: Service Name: --- Module Base: BA8B8000 Module End: BA8C7000 Hidden: Yes Module Name: spvw.sys Service Name: --- Module Base: BA6A6000 Module End: BA7A7000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: B53D6000 Module End: B53EE000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: BADD4000 Module End: BADD6000 Hidden: Yes ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM\UserData\???????????p???????? Status: Hidden Object: C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM\UserData\???????????p??????????? Status: Hidden Object: C:\Dokumente und Einstellungen\***\Eigene Dateien\TrackMania\Tracks\Replays\Autosaves\Alexander_????·??·LOL.Replay.gbx Status: Hidden Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\_restore{5B4B78B1-C3D7-43F8-81C1-811742AB48B2} Status: Access denied ------------------------------------------------------------------------------------------- RootRepeal: ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/13 00:32 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: aajifnrh.sys Image Path: aajifnrh.sys Address: 0xBA8B8000 Size: 61440 File Visible: No Signed: - Status: - Name: bkdrj.sys Image Path: bkdrj.sys Address: 0xBA8A8000 Size: 61440 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB53D6000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBADD4000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP0252 Image Path: \Driver\PCI_PNP0252 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBAAA8000 Size: 49152 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: spvw.sys Image Path: spvw.sys Address: 0xBA6A6000 Size: 1052672 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Dokumente und Einstellungen\***\Recent\Mega Typ!.jpg.lnk Status: Could not get file information (Error 0xc0000008) Path: c:\dokumente und einstellungen\***\anwendungsdaten\skype\***\etilqs_agwy3mxx6tibhneosfzn Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\dokumente und einstellungen\***\anwendungsdaten\skype\***\etilqs_kghlqtaawu9ofihmybua Status: Allocation size mismatch (API: 32768, Raw: 0) Path: c:\dokumente und einstellungen\***\anwendungsdaten\skype\***\etilqs_ntefdedvaye4kpnchmx5 Status: Allocation size mismatch (API: 32768, Raw: 0) Path: c:\dokumente und einstellungen\***\anwendungsdaten\skype\***\etilqs_wexe6hhwei6bsjt13gc1 Status: Allocation size mismatch (API: 4096, Raw: 0) SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "spvw.sys" at address 0xba6a70e0 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xbaf042d4 #: 071 Function Name: NtEnumerateKey Status: Hooked by "spvw.sys" at address 0xba6c5ca4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spvw.sys" at address 0xba6c6032 #: 119 Function Name: NtOpenKey Status: Hooked by "spvw.sys" at address 0xba6a70c0 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xbaf042c0 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xbaf042c5 #: 160 Function Name: NtQueryKey Status: Hooked by "spvw.sys" at address 0xba6c610a #: 177 Function Name: NtQueryValueKey Status: Hooked by "spvw.sys" at address 0xba6c5f8a #: 247 Function Name: NtSetValueKey Status: Hooked by "spvw.sys" at address 0xba6c619c #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0xbaf042cf #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0xbaf042ca Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x87949500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89b0b1f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x89b041f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x89b041f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b041f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89b041f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x89b041f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b041f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x89b041f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x89c111f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x8880f1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x8880f1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8880f1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8880f1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x8880f1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x8880f1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x89a121f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x89a121f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a121f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a121f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x89a121f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89a121f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x89a121f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8880e1f8 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_CREATE] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_CLOSE] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_READ] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_SET_INFORMATION] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_SHUTDOWN] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_CLEANUP] Process: System Address: 0x887dd500 Size: 121 Object: Hidden Code [Driver: Cdfsఝ浍瑓䴨覊, IRP_MJ_PNP] Process: System Address: 0x887dd500 Size: 121 ==EOF== Geändert von eUnDoO (13.09.2009 um 00:40 Uhr) |
|
| Themen zu TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts |
| ahnung, brauche, c:\windows, chat, direkt, erstellt, freund, fund, funktioniert, immer wieder, infos, kontaktiert, liste, meldung, msn, neu, personen, pferd, problem, sekunden, system, system32, tr/antihosts.gen, trojanische, trojanische pferd, virus, windows |
Linear-Darstellung
