| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MSN von Freund gehacktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.10.2010, 15:44
| #16 |
 |  MSN von Freund gehackt OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:43:59 on 24.10.2010 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.11 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll "AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Norton Security Scan for *.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\*\AppData\Local\Temp\catchme.sys (File not found) "uglcypow" (uglcypow) - ? - C:\Users\*\AppData\Local\Temp\uglcypow.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll "ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "Eraser" - "The Eraser Project" - "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "OpwareSE4" - "ScanSoft, Inc." - "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" "SSBkgdUpdate" - "Scansoft, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_062a651.dll (File found, but it contains no detailed information) "Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE "Google Update Service (gupdate1caeae055991017)" (gupdate1caeae055991017) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "Kaspersky Anti-Virus 7.0" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
24.10.2010, 15:46
| #17 |
| | MSN von Freund gehackt MBRCheck, version 1.2.3
__________________(c) 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: FUJITSU SIEMENS BIOS Manufacturer: Phoenix System Manufacturer: FUJITSU SIEMENS System Product Name: AMILO Pi 2550 Logical Drives Mask: 0x0000000c Kernel Drivers (total 193): 0x82A4C000 \SystemRoot\system32\ntkrnlpa.exe 0x82A15000 \SystemRoot\system32\halmacpi.dll 0x80BCF000 \SystemRoot\system32\kdcom.dll 0x88A1C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x88A94000 \SystemRoot\system32\PSHED.dll 0x88AA5000 \SystemRoot\system32\BOOTVID.dll 0x88AAD000 \SystemRoot\system32\CLFS.SYS 0x88AEF000 \SystemRoot\system32\CI.dll 0x88C32000 \SystemRoot\system32\drivers\Wdf01000.sys 0x88CA3000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x88CB1000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x88CF9000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x88D02000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x88D0A000 \SystemRoot\system32\DRIVERS\pci.sys 0x88D34000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x88D3F000 \SystemRoot\System32\drivers\partmgr.sys 0x88D50000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x88D58000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x88D63000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x88D73000 \SystemRoot\System32\drivers\volmgrx.sys 0x88DBE000 \SystemRoot\system32\DRIVERS\intelide.sys 0x88DC5000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x88DD3000 \SystemRoot\System32\drivers\mountmgr.sys 0x88DE9000 \SystemRoot\system32\DRIVERS\atapi.sys 0x88C00000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x88C23000 \SystemRoot\system32\DRIVERS\msahci.sys 0x88DF2000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x88B9A000 \SystemRoot\system32\drivers\fltmgr.sys 0x88BCE000 \SystemRoot\system32\drivers\fileinfo.sys 0x88E27000 \SystemRoot\System32\Drivers\Ntfs.sys 0x88F56000 \SystemRoot\System32\Drivers\msrpc.sys 0x88F81000 \SystemRoot\System32\Drivers\ksecdd.sys 0x88F94000 \SystemRoot\System32\Drivers\cng.sys 0x88FF1000 \SystemRoot\System32\drivers\pcw.sys 0x88E00000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x89020000 \SystemRoot\system32\drivers\ndis.sys 0x890D7000 \SystemRoot\system32\drivers\NETIO.SYS 0x89115000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8921B000 \SystemRoot\System32\drivers\tcpip.sys 0x89364000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x89395000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8939E000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x893DD000 \SystemRoot\System32\Drivers\spldr.sys 0x8913A000 \SystemRoot\System32\drivers\rdyboost.sys 0x893E5000 \SystemRoot\System32\Drivers\mup.sys 0x8943B000 \SystemRoot\system32\DRIVERS\kl1.sys 0x8995D000 \SystemRoot\System32\drivers\hwpolicy.sys 0x89965000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x89997000 \SystemRoot\system32\DRIVERS\disk.sys 0x899A8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x89400000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x89167000 \SystemRoot\system32\DRIVERS\klif.sys 0x8941F000 \SystemRoot\System32\Drivers\Null.SYS 0x89426000 \SystemRoot\System32\Drivers\Beep.SYS 0x8942D000 \SystemRoot\System32\drivers\vga.sys 0x88BDF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x89200000 \SystemRoot\System32\drivers\watchdog.sys 0x8920D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x893F5000 \SystemRoot\system32\drivers\rdpencdd.sys 0x891EA000 \SystemRoot\system32\drivers\rdprefmp.sys 0x891F2000 \SystemRoot\System32\Drivers\Msfs.SYS 0x89000000 \SystemRoot\System32\Drivers\Npfs.SYS 0x88E09000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8900E000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x89215000 \SystemRoot\system32\DRIVERS\kl2.sys 0x8CA17000 \SystemRoot\system32\drivers\afd.sys 0x8CA71000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8CAA3000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8CAAA000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8CAC9000 \SystemRoot\system32\DRIVERS\klim6.sys 0x8CAD1000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8CADF000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8CAF2000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8CB02000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8CB43000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8CB4D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8CB57000 \SystemRoot\System32\drivers\discache.sys 0x8CB63000 \SystemRoot\system32\drivers\csc.sys 0x8CBC7000 \SystemRoot\System32\Drivers\dfsc.sys 0x8CBDF000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8EA18000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8EA39000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8EA4B000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8F01A000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x8F52F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8EA4F000 \SystemRoot\System32\drivers\dxgmms1.sys 0x8F5E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8EA88000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8F5F1000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8EAD3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8FA23000 \SystemRoot\system32\DRIVERS\netw5v32.sys 0x8FE36000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x8FE5B000 \SystemRoot\system32\DRIVERS\itecir.sys 0x8FEB4000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8FECC000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8FED9000 \SystemRoot\system32\DRIVERS\klmouflt.sys 0x8FEE2000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8FEEF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x8FEFC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x8FF0E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8FF26000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8FF31000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8FF53000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8FF6B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8FF82000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8FF99000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x8FFA3000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8FFA5000 \SystemRoot\system32\DRIVERS\ks.sys 0x8FFD9000 \SystemRoot\system32\DRIVERS\circlass.sys 0x8FFE7000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8FFF5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8EAF2000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8FA00000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x94E1A000 \SystemRoot\system32\DRIVERS\smserial.sys 0x94F2E000 \SystemRoot\system32\drivers\modem.sys 0x94F3B000 \SystemRoot\system32\drivers\HdAudio.sys 0x94F8B000 \SystemRoot\system32\drivers\portcls.sys 0x94FBA000 \SystemRoot\system32\drivers\drmk.sys 0x94FD3000 \SystemRoot\system32\DRIVERS\hidir.sys 0x94FE2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x94FF5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x94E00000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x94E0C000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x95F30000 \SystemRoot\System32\win32k.sys 0x8FA11000 \SystemRoot\System32\drivers\Dxapi.sys 0x8EB36000 \SystemRoot\system32\DRIVERS\udfs.sys 0x8F000000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8F00D000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8EB76000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x8EB80000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x8EB91000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x94E17000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8EB9C000 \SystemRoot\system32\DRIVERS\monitor.sys 0x96190000 \SystemRoot\System32\TSDDD.dll 0x961C0000 \SystemRoot\System32\cdd.dll 0x8EBA7000 \SystemRoot\system32\drivers\luafv.sys 0x8EBC2000 \SystemRoot\system32\drivers\WudfPf.sys 0x8EBDC000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x93C2D000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x93C73000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x93C83000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x93C96000 \SystemRoot\system32\drivers\HTTP.sys 0x93D1B000 \SystemRoot\system32\DRIVERS\bowser.sys 0x93D34000 \SystemRoot\System32\drivers\mpsdrv.sys 0x93D46000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x93D69000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x93DA4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x99E1F000 \SystemRoot\system32\drivers\peauth.sys 0x99EB6000 \SystemRoot\System32\Drivers\secdrv.SYS 0x99EC0000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x99EE1000 \SystemRoot\System32\drivers\tcpipreg.sys 0x99EEE000 \SystemRoot\System32\DRIVERS\srv2.sys 0x99F3D000 \SystemRoot\System32\DRIVERS\srv.sys 0x99E00000 \??\C:\Users\*\AppData\Local\Temp\uglcypow.sys 0x76E30000 \Windows\System32\ntdll.dll 0x48440000 \Windows\System32\smss.exe 0x77070000 \Windows\System32\apisetschema.dll 0x00990000 \Windows\System32\autochk.exe 0x77050000 \Windows\System32\lpk.dll 0x76F80000 \Windows\System32\msctf.dll 0x76D90000 \Windows\System32\advapi32.dll 0x76B90000 \Windows\System32\iertutil.dll 0x76B40000 \Windows\System32\gdi32.dll 0x76B10000 \Windows\System32\imagehlp.dll 0x76AB0000 \Windows\System32\shlwapi.dll 0x76A00000 \Windows\System32\rpcrt4.dll 0x76920000 \Windows\System32\kernel32.dll 0x76F70000 \Windows\System32\psapi.dll 0x76900000 \Windows\System32\imm32.dll 0x768C0000 \Windows\System32\ws2_32.dll 0x767C0000 \Windows\System32\wininet.dll 0x76660000 \Windows\System32\ole32.dll 0x75A10000 \Windows\System32\shell32.dll 0x75980000 \Windows\System32\oleaut32.dll 0x75970000 \Windows\System32\nsi.dll 0x757D0000 \Windows\System32\setupapi.dll 0x75720000 \Windows\System32\msvcrt.dll 0x75680000 \Windows\System32\usp10.dll 0x75600000 \Windows\System32\comdlg32.dll 0x755A0000 \Windows\System32\difxapi.dll 0x75590000 \Windows\System32\normaliz.dll 0x75540000 \Windows\System32\Wldap32.dll 0x75520000 \Windows\System32\sechost.dll 0x75490000 \Windows\System32\clbcatq.dll 0x75350000 \Windows\System32\urlmon.dll |
|
24.10.2010, 19:21
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | MSN von Freund gehackt Das Log von mbrcheck ist unvollständig.
__________________
__________________ |
|
24.10.2010, 19:42
| #19 |
| | MSN von Freund gehackt oh sorry mein fehler hier der rest: 0x75280000 \Windows\System32\user32.dll 0x75160000 \Windows\System32\crypt32.dll 0x75130000 \Windows\System32\wintrust.dll 0x750E0000 \Windows\System32\KernelBase.dll 0x75050000 \Windows\System32\comctl32.dll 0x75030000 \Windows\System32\devobj.dll 0x75000000 \Windows\System32\cfgmgr32.dll 0x74FF0000 \Windows\System32\msasn1.dll Processes (total 54): 0 System Idle Process 4 System 312 C:\Windows\System32\smss.exe 396 csrss.exe 468 C:\Windows\System32\wininit.exe 476 csrss.exe 524 C:\Windows\System32\services.exe 540 C:\Windows\System32\lsass.exe 548 C:\Windows\System32\lsm.exe 580 C:\Windows\System32\winlogon.exe 700 C:\Windows\System32\svchost.exe 780 C:\Windows\System32\svchost.exe 828 C:\Windows\System32\atiesrxx.exe 904 C:\Windows\System32\svchost.exe 944 C:\Windows\System32\svchost.exe 984 C:\Windows\System32\svchost.exe 1128 C:\Windows\System32\svchost.exe 1272 C:\Windows\System32\atieclxx.exe 1292 C:\Windows\System32\svchost.exe 1516 C:\Windows\System32\spoolsv.exe 1544 C:\Windows\System32\svchost.exe 1644 C:\Windows\System32\svchost.exe 1740 C:\Windows\System32\svchost.exe 1772 C:\Program Files\ICQ6Toolbar\ICQ Service.exe 1812 C:\Program Files\Canon\IJPLM\ijplmsvc.exe 1888 C:\Windows\System32\svchost.exe 1416 C:\Windows\System32\taskhost.exe 2600 C:\Windows\System32\svchost.exe 2792 C:\Windows\System32\dwm.exe 2972 C:\Windows\explorer.exe 3228 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 3244 C:\Program Files\Eraser\Eraser.exe 3292 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3368 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 3384 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe 3392 C:\Program Files\DivX\DivX Update\DivXUpdate.exe 3488 C:\Program Files\Windows Sidebar\sidebar.exe 3624 C:\Windows\System32\SearchIndexer.exe 3804 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 2820 C:\Program Files\Windows Media Player\wmpnetwk.exe 4816 C:\Windows\System32\wuauclt.exe 5388 C:\Windows\System32\taskhost.exe 4720 C:\Windows\System32\audiodg.exe 1200 C:\Program Files\Mozilla Firefox\firefox.exe 2992 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe 1168 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe 5580 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe 2380 C:\Users\*\Downloads\OSAM\osam.exe 4792 C:\Windows\System32\SearchProtocolHost.exe 5224 C:\Windows\System32\SearchFilterHost.exe 1256 C:\Users\*\Desktop\MBRCheck.exe 1052 C:\Windows\System32\conhost.exe 4880 C:\Windows\System32\dllhost.exe 4472 C:\Windows\System32\notepad.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
24.10.2010, 20:26
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MSN von Freund gehackt Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.10.2010, 22:15
| #21 |
| | MSN von Freund gehackt Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4938 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 24.10.2010 23:14:04 mbam-log-2010-10-24 (23-14-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 249935 Laufzeit: 1 Stunde(n), 25 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
27.10.2010, 08:26
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MSN von Freund gehackt Kommt das andere Log auch noch?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu MSN von Freund gehackt |
| antivir, automatisch, chat, eigenes, folge, folgender, folgendes, forum, freund, gehackt, gespeichert, gespräch, google, hintergrund, konto, kopieren, link, link geöffnet, msn, nachricht, nichts, passwörter, problem, reagiert, schei, skype |
Linear-Darstellung
