| |
| |||||||
Log-Analyse und Auswertung: Trojaner? Virus? bin am Ende..Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
15.10.2008, 20:37
| #1 |
 |  Trojaner? Virus? bin am Ende.. Hijack Logfile Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:13:06, on 15.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe C:\Programme\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\a-squared Anti-Malware\a2service.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\VMware\VMware Converter\vmware-ufad.exe C:\Programme\VMware\VMware Virtual Machine Importer 2\vmware-ufad.exe C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programme\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\oodtray.exe C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\WINDOWS\system32\umonit.exe C:\Programme\Gigabyte\ET5Pro\GUI.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe C:\WINDOWS\system32\SerExt.exe C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Programme\Cyberlink\Shared Files\brs.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Logitech\QuickCam\Quickcam.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\VMware\VMware Workstation\vmware-tray.exe C:\Programme\VMware\VMware Workstation\hqtray.exe c:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Programme\Winamp\winampa.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\STAMPIT\Binary\Stray.exe C:\Programme\KlipFolio\KlipFolio.exe C:\Programme\Winamp Remote\bin\OrbTray.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe C:\Programme\Gigaset DECT\talk&surf_6_0\semon21.exe C:\Programme\Internet Explorer\iexplore.exe c:\programme\winamp toolbar\WinampTbServer.exe D:\download\windows-kb890830-v2.3.exe d:\dc5c1b57694443945b2e158093\mrtstub.exe C:\WINDOWS\system32\MRT.exe C:\WINDOWS\system32\cmd.exe C:\Programme\Mozilla Firefox\firefox.exe D:\download\qlketzd.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: (no name) - {FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: &klickTel Toolbar - {FFFF8BAD-BB43-4A08-8258-BFB40A29FBD7} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [EasyTuneVPro] C:\Programme\Gigabyte\ET5Pro\ETcall.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [DNS7reminder] "C:\Programme\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" O4 - HKLM\..\Run: [SerExt] SerExt.exe /unplug O4 - HKLM\..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe O4 - HKLM\..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [ActiveFax Client] C:\Programme\ActiveFax\Client\ActFaxClient.exe -Autostart O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Programme\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [RegCopernicDesktopSearch2] "C:\Programme\Copernic Desktop Search 2\DesktopSearchInstaller.exe" /REGISTERFILES /BOOTSTRAP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [STAMPIT-Tray] C:\Programme\STAMPIT\Binary\Stray.exe O4 - HKCU\..\Run: [KlipFolio] "C:\Programme\KlipFolio\KlipFolio.exe" /BOOT O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-2927508484-3136192603-1380905464-1114\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2927508484-3136192603-1380905464-1114\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t (User '?') O4 - HKUS\S-1-5-21-2927508484-3136192603-1380905464-1115\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2927508484-3136192603-1380905464-1115\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized (User '?') O4 - HKUS\S-1-5-21-2927508484-3136192603-1380905464-1115\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-2927508484-3136192603-1380905464-1115 Startup: AutorunsDisabled (User '?') O4 - S-1-5-21-2927508484-3136192603-1380905464-1115 Startup: OOo-dev 3.0.lnk = C:\Programme\OOo-dev 3\program\quickstart.exe (User '?') O4 - Startup: AutorunsDisabled O4 - Startup: Telefon- und Branchenbuch Frühjahr 2008 - Schnellstarter.lnk = ? O4 - Global Startup: ColorVisionStartup.lnk = C:\Programme\PANTONE COLORVISION\Startup\ColorVisionStartup.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: NETGEAR ProSafe VPN Client.lnk = C:\Programme\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe O4 - Global Startup: Quicken 2009 Zahlungserinnerung.lnk = C:\Programme\Lexware\Quicken\2009\billmind.exe O4 - Global Startup: talk&surf 6.0 - Monitor.lnk = C:\Programme\Gigaset DECT\talk&surf_6_0\semon21.exe O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - ESC Trusted Zone: h**p://*.update.microsoft.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - h**p://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191418405953 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191435998307 O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - h**ps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - h**p://www.o2c.de/download/o2cplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - h**p://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxxxxxx.local O17 - HKLM\Software\..\Telephony: DomainName = xxxxxxxx.local O17 - HKLM\System\CCS\Services\Tcpip\..\{386B02F1-2180-4C05-B01A-3B283D9EAD7A}: NameServer = 192.168.1.100 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxxxxxxx.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = buender-zaubermaeuse.local O17 - HKLM\System\CS2\Services\Tcpip\..\{386B02F1-2180-4C05-B01A-3B283D9EAD7A}: NameServer = 192.168.1.2 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = xxxxxxxx.local O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ntfsdrv32 - C:\WINDOWS\ O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programme\a-squared Anti-Malware\a2service.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programme\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Programme\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Programme\VMware\VMware Converter\vmware-ufad.exe O23 - Service: VMware Virtual Machine Importer 2 Service (ufad-vmi) - VMware, Inc. - C:\Programme\VMware\VMware Virtual Machine Importer 2\vmware-ufad.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: xControlCOM - Siemens - C:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe -- End of file - 21953 bytes Code:
ATTFilter Stealth MBR rootkit detector 0.2.4 by Gmer, h**p://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
|
|
15.10.2008, 20:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner? Virus? bin am Ende.. Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen:
__________________Code:
ATTFilter C:\WINDOWS\system32\drivers\fsbts.sys
C:\WINDOWS\system32\drivers\GVTDrv.sys
C:\fseasyclean.exe
__________________ |
|
16.10.2008, 08:17
| #3 |
| | Trojaner? Virus? bin am Ende.. C:\WINDOWS\system32\drivers\fsbts.sys
__________________Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.16.0 2008.10.16 -
AntiVir 7.9.0.4 2008.10.16 -
Authentium 5.1.0.4 2008.10.16 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.16 -
BitDefender 7.2 2008.10.16 -
CAT-QuickHeal 9.50 2008.10.16 -
ClamAV 0.93.1 2008.10.16 -
DrWeb 4.44.0.09170 2008.10.16 -
eSafe 7.0.17.0 2008.10.15 -
eTrust-Vet 31.6.6150 2008.10.16 -
Ewido 4.0 2008.10.15 -
F-Prot 4.4.4.56 2008.10.15 -
F-Secure 8.0.14332.0 2008.10.16 -
Fortinet 3.113.0.0 2008.10.16 -
GData 19 2008.10.16 -
Ikarus T3.1.1.34.0 2008.10.16 -
K7AntiVirus 7.10.496 2008.10.15 -
Kaspersky 7.0.0.125 2008.10.16 -
McAfee 5406 2008.10.16 -
Microsoft 1.4005 2008.10.16 -
NOD32 3526 2008.10.16 -
Norman 5.80.02 2008.10.15 -
Panda 9.0.0.4 2008.10.15 -
PCTools 4.4.2.0 2008.10.15 -
Prevx1 V2 2008.10.16 -
Rising 20.66.31.00 2008.10.16 -
SecureWeb-Gateway 6.7.6 2008.10.16 -
Sophos 4.34.0 2008.10.16 -
Sunbelt 3.1.1727.1 2008.10.16 -
Symantec 10 2008.10.16 -
TheHacker 6.3.1.0.114 2008.10.15 -
TrendMicro 8.700.0.1004 2008.10.16 -
VBA32 3.12.8.7 2008.10.16 -
ViRobot 2008.10.16.1422 2008.10.16 -
VirusBuster 4.5.11.0 2008.10.15 -
weitere Informationen
File size: 23040 bytes
MD5...: 2b52ffe2e355dad6970ff657683e6254
SHA1..: 24a2354d8559a70ae2b992cd4ff3c57d24bb292b
SHA256: 957239f7024be60b8b884eaa17e2d545dccc0244ceae20d27f9b71287718abbe
SHA512: 1ccd4db315c54bb8da8109825c4c914fbd19bb014379b2a3be9f62375098b0e4
14b2a348c539f05d9a6336c53a6665905750fdce58b55e96bb517f77bab72104
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x18005
timedatestamp.....: 0x47aa9bac (Thu Feb 07 05:48:28 2008)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x25e6 0x2600 6.29 a22c8a1ab1599a3f4226f7fdd4bd8a52
.rdata 0x4000 0x454 0x600 3.02 6bf0fe93d9eb5c60efaf6c2fc32192ae
.data 0x5000 0x5ac 0x600 6.51 d51480f42b0dc801eabfe84e39f25c38
PAGE 0x6000 0x13d3 0x1400 6.20 773d99a9973d576b4ad059b4a2e89ac4
INIT 0x8000 0x736 0x800 5.14 8d93493a73b49c7e80ad9310a0cab84b
.rsrc 0x9000 0x3e8 0x400 3.28 580c79141f38d0b4bf9cbafff930d375
.reloc 0xa000 0x34c 0x400 4.93 54424bd0034b15c02a77831f2630b28e
( 2 imports )
> ntoskrnl.exe: IofCompleteRequest, PsRemoveLoadImageNotifyRoutine, IoDeleteDevice, IoUnregisterShutdownNotification, IoDeleteSymbolicLink, RtlInitUnicodeString, IoRegisterShutdownNotification, PsSetLoadImageNotifyRoutine, IoCreateSymbolicLink, InitSafeBootMode, ExInitializeResourceLite, ExDeleteResourceLite, ExAcquireResourceSharedLite, KeEnterCriticalRegion, ExAcquireResourceExclusiveLite, KeLeaveCriticalRegion, ExReleaseResourceLite, memcpy, ZwClose, ZwReadFile, ZwQueryInformationFile, ExFreePoolWithTag, _snwprintf, ZwOpenKey, ZwCreateKey, ZwQueryValueKey, ZwSetValueKey, ZwEnumerateKey, ZwDeleteKey, ZwSetInformationFile, ZwOpenFile, ZwDeleteFile, memset, IoFreeMdl, MmUnlockPages, MmMapLockedPagesSpecifyCache, MmProbeAndLockPages, IoAllocateMdl, KeTickCount, KeBugCheckEx, RtlUnwind, ZwCreateFile, ExAllocatePoolWithTag, MmGetSystemRoutineAddress, ZwSetSecurityObject, ObOpenObjectByPointer, IoDeviceObjectType, IoCreateDevice, RtlGetDaclSecurityDescriptor, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, SeCaptureSecurityDescriptor, SeExports, IoIsWdmVersionAvailable, _wcsnicmp, RtlAddAccessAllowedAce, RtlLengthSid, wcschr, RtlAbsoluteToSelfRelativeSD, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlFreeUnicodeString
> HAL.dll: KeGetCurrentIrql
Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.16.0 2008.10.16 -
AntiVir 7.9.0.4 2008.10.16 -
Authentium 5.1.0.4 2008.10.16 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.16 -
BitDefender 7.2 2008.10.16 -
CAT-QuickHeal 9.50 2008.10.16 -
ClamAV 0.93.1 2008.10.16 -
DrWeb 4.44.0.09170 2008.10.16 -
eSafe 7.0.17.0 2008.10.15 -
eTrust-Vet 31.6.6150 2008.10.16 -
Ewido 4.0 2008.10.15 -
F-Prot 4.4.4.56 2008.10.15 -
F-Secure 8.0.14332.0 2008.10.16 -
Fortinet 3.113.0.0 2008.10.16 -
GData 19 2008.10.16 -
Ikarus T3.1.1.34.0 2008.10.16 -
K7AntiVirus 7.10.496 2008.10.15 -
Kaspersky 7.0.0.125 2008.10.16 -
McAfee 5406 2008.10.16 -
Microsoft 1.4005 2008.10.16 -
NOD32 3526 2008.10.16 -
Norman 5.80.02 2008.10.15 -
Panda 9.0.0.4 2008.10.15 -
PCTools 4.4.2.0 2008.10.15 -
Prevx1 V2 2008.10.16 -
Rising 20.66.31.00 2008.10.16 -
SecureWeb-Gateway 6.7.6 2008.10.16 -
Sophos 4.34.0 2008.10.16 -
Sunbelt 3.1.1727.1 2008.10.16 -
Symantec 10 2008.10.16 -
TheHacker 6.3.1.0.114 2008.10.15 -
TrendMicro 8.700.0.1004 2008.10.16 -
VBA32 3.12.8.7 2008.10.16 -
ViRobot 2008.10.16.1422 2008.10.16 -
VirusBuster 4.5.11.0 2008.10.15 -
weitere Informationen
File size: 24944 bytes
MD5...: 689a8eef2a2d62b28a0a578a6196531c
SHA1..: 9fe5420f5f3aecc3b84e5db91b48d20508cd778a
SHA256: 76732a6d009d498d3d8ae687d8e0fb472c9a660494c86ad6242ca606ae76671f
SHA512: 23d4c6563cde5c54ee2df923d089651aa237542771df9f2eaea9a5eb7114e2d6
8742b5fec2e90674193b2b66d58122a38cb68dd2d0748a7f22e90835ec77e3da
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1397a
timedatestamp.....: 0x43842fa2 (Wed Nov 23 09:00:18 2005)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2c0 0x30bf 0x30c0 6.46 57f20be93068c3986fb8a8cb3717128b
.rdata 0x3380 0xc4 0xe0 2.45 69876fc78e24ffa13d57c90b18834959
.data 0x3460 0xe0 0xe0 0.04 bfb86488b36dca4781ba83502345384f
PAGESER 0x3540 0x408 0x420 5.74 1c001a7664f10619db1e926940e35362
INIT 0x3960 0x328 0x340 5.42 443da3d76231db2553c4263a3e38c55b
.reloc 0x3ca0 0x1c2 0x1e0 5.45 0f864528912b8df16e1fd4c4d9939acb
( 2 imports )
> ntoskrnl.exe: MmFreeNonCachedMemory, MmAllocateNonCachedMemory, strncmp, IoCreateDevice, IoDeleteSymbolicLink, IofCompleteRequest, KeInitializeTimer, KeCancelTimer, KeSetTimer, MmUnmapIoSpace, RtlInitUnicodeString, MmLockPagableDataSection, IoCreateSymbolicLink, IoDeleteDevice, MmMapIoSpace, KeInitializeEvent, KeInitializeDpc
> HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KfRaiseIrql, WRITE_PORT_ULONG, KeGetCurrentIrql, READ_PORT_ULONG
( 0 exports )
Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.16.0 2008.10.16 -
AntiVir 7.9.0.4 2008.10.16 -
Authentium 5.1.0.4 2008.10.16 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.16 -
BitDefender 7.2 2008.10.16 -
CAT-QuickHeal 9.50 2008.10.16 -
ClamAV 0.93.1 2008.10.16 -
DrWeb 4.44.0.09170 2008.10.16 -
eSafe 7.0.17.0 2008.10.15 -
eTrust-Vet 31.6.6150 2008.10.16 -
Ewido 4.0 2008.10.15 -
F-Prot 4.4.4.56 2008.10.15 -
F-Secure 8.0.14332.0 2008.10.16 -
Fortinet 3.113.0.0 2008.10.16 -
GData 19 2008.10.16 -
Ikarus T3.1.1.34.0 2008.10.16 -
K7AntiVirus 7.10.496 2008.10.15 -
Kaspersky 7.0.0.125 2008.10.16 -
McAfee 5406 2008.10.16 -
Microsoft 1.4005 2008.10.16 -
NOD32 3526 2008.10.16 -
Norman 5.80.02 2008.10.15 -
Panda 9.0.0.4 2008.10.15 -
PCTools 4.4.2.0 2008.10.15 -
Prevx1 V2 2008.10.16 -
Rising 20.66.31.00 2008.10.16 -
SecureWeb-Gateway 6.7.6 2008.10.16 -
Sophos 4.34.0 2008.10.16 -
Sunbelt 3.1.1727.1 2008.10.16 -
Symantec 10 2008.10.16 -
TheHacker 6.3.1.0.114 2008.10.15 -
TrendMicro 8.700.0.1004 2008.10.16 -
VBA32 3.12.8.7 2008.10.16 -
ViRobot 2008.10.16.1422 2008.10.16 -
VirusBuster 4.5.11.0 2008.10.15 -
weitere Informationen
File size: 5301904 bytes
MD5...: de712acaccac58895c35f7d644b56cdf
SHA1..: 961933dfded24d04039a7db4730410fb810cb302
SHA256: 9d4cf18ff07ca4e094c0be4c0704d2c07f46ef8b7bb6a5c87fd6f8a1497edbc0
SHA512: 1286a808fde57c0b5ebf51a4d2b922057ede0f74c812e03385ddfbee453c3d18
6d2acd69ce26773432564c4ce62a2ceef2d706804cb1639975a7828f3097955f
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x433a0e
timedatestamp.....: 0x48bf7838 (Thu Sep 04 05:55:04 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5338d 0x54000 6.63 d120260209f3e6c6cd9bee67db11e384
.rdata 0x55000 0x155b0 0x16000 4.92 7b70a0cb2acd30472b4668f9ec838aba
.data 0x6b000 0x82d8 0x5000 3.54 59d7270217128cfcb23ff84321ab30b4
.rsrc 0x74000 0x995c 0xa000 3.63 6c4f9ed38a30482e1ca7b20c8fbac7eb
( 14 imports )
> RPCRT4.dll: UuidCreate, UuidToStringA
> KERNEL32.dll: GetFileAttributesW, GetFileTime, GetTickCount, HeapAlloc, GetStartupInfoW, RtlUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetTimeFormatA, GetDateFormatA, GetSystemTimeAsFileTime, ExitThread, ExitProcess, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapReAlloc, HeapSize, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, SetHandleCount, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, Sleep, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, SetStdHandle, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEnvironmentVariableA, FileTimeToLocalFileTime, SetErrorMode, FileTimeToSystemTime, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, GetThreadLocale, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalFlags, RaiseException, GlobalFindAtomW, CompareStringW, LoadLibraryA, GetVersionExA, GetModuleHandleA, FormatMessageW, LocalFree, MulDiv, WritePrivateProfileStringW, GlobalUnlock, GlobalFree, FreeResource, GetCurrentProcessId, SetLastError, GlobalAddAtomW, GlobalDeleteAtom, GetCurrentThreadId, ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, lstrcmpA, GetLocaleInfoW, LoadLibraryW, CompareStringA, FindResourceW, LoadResource, LockResource, SizeofResource, InterlockedExchange, GlobalLock, lstrcmpW, GlobalAlloc, FreeLibrary, GetModuleHandleW, GetProcAddress, lstrlenA, lstrlenW, GetProcessHeap, HeapFree, InterlockedDecrement, CreatePipe, DuplicateHandle, CreateThread, CreateProcessW, GetExitCodeProcess, GetCurrentProcess, AttachConsole, GenerateConsoleCtrlEvent, TerminateProcess, DeleteFileW, RemoveDirectoryW, WriteFile, GetCurrentThread, CreateMutexW, GetModuleFileNameW, CreateDirectoryW, GetTempPathW, WideCharToMultiByte, WaitForSingleObject, TerminateThread, CreateFileW, GetLastError, GetFileSize, ReadFile, CloseHandle, MultiByteToWideChar, GetCommandLineW
> USER32.dll: PostThreadMessageW, SetWindowContextHelpId, MapDialogRect, CharNextW, InvalidateRgn, InvalidateRect, SetRect, IsRectEmpty, CopyAcceleratorTableW, DestroyMenu, UnregisterClassW, CharUpperW, GetSysColorBrush, ReleaseCapture, LoadCursorW, SetCapture, MoveWindow, SetWindowTextW, IsDialogMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, SetFocus, GetWindowTextW, GetForegroundWindow, GetTopWindow, GetMessageTime, GetMessagePos, UpdateWindow, GetMenu, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, EqualRect, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcW, CallWindowProcW, SetWindowLongW, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindow, GetSysColor, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, UnhookWindowsHookEx, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamW, DestroyWindow, IsWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, GetWindowThreadProcessId, GetWindowLongW, MessageBeep, GetNextDlgGroupItem, RegisterClipboardFormatW, GetLastActivePopup, IsWindowEnabled, MapWindowPoints, MessageBoxW, SetCursor, SetWindowsHookExW, CallNextHookEx, GetMessageW, TranslateMessage, DispatchMessageW, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageW, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, GetFocus, ModifyMenuW, GetMenuState, EnableMenuItem, CheckMenuItem, PostMessageW, PostQuitMessage, ExitWindowsEx, GetSystemMetrics, EnableWindow, LoadIconW, GetParent, GetClientRect, GetWindowRect, SetWindowRgn, SendMessageW, RegisterWindowMessageW, EnumWindows, SetForegroundWindow, IsIconic, ShowWindow, SendMessageTimeoutW, AdjustWindowRectEx, UnregisterClassA
> GDI32.dll: CreateRectRgnIndirect, GetMapMode, GetRgnBox, GetTextColor, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, GetStockObject, DeleteDC, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, GetDeviceCaps, CreateBitmap, GetBkColor, CreateRectRgn, ExtTextOutW, TextOutW, RectVisible, PtVisible, GetWindowExtEx, GetViewportExtEx, GetObjectW, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC
> comdlg32.dll: GetFileTitleW
> WINSPOOL.DRV: OpenPrinterW, DocumentPropertiesW, ClosePrinter
> ADVAPI32.dll: RegQueryValueExW, RegQueryValueW, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, RegCreateKeyExW, OpenProcessToken, RegOpenKeyExW, RegCloseKey, FreeSid, RegSetValueExW, RegDeleteValueW, LookupPrivilegeValueW, AdjustTokenPrivileges, ImpersonateSelf, OpenThreadToken, GetTokenInformation, AllocateAndInitializeSid, EqualSid, RevertToSelf
> SHELL32.dll: SHFileOperationW
> COMCTL32.dll: InitCommonControlsEx
> SHLWAPI.dll: PathFindExtensionW, PathFindFileNameW, PathStripToRootW, PathCompactPathExW, PathIsUNCW
> oledlg.dll: OleUIBusyW
> ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CLSIDFromProgID, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoRegisterMessageFilter
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -
( 0 exports )
|
|
16.10.2008, 08:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Trojaner? Virus? bin am Ende.. Was ist mit den anderen Tools? Also Blacklight, Malwarebytes, etc...
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.10.2008, 09:14
| #5 |
| | Trojaner? Virus? bin am Ende.. Blacklight findet nichts. Malwarebytes habe ich eben gerade angestellt, poste ich später. Die pppoe.mtu-net.ru taucht seit gestern abend nicht mehr auf, wenn ich netstat-o abfrage. Ich habe es ein paar mal überprüft, auch heute morgen nix. |
|
16.10.2008, 11:35
| #6 |
| | Trojaner? Virus? bin am Ende.. Malware hat nix gefunden: Code:
ATTFilter Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1266
Windows 5.1.2600 Service Pack 3
2008-10-16 12:36:00
mbam-log-2008-10-16 (12-36-00).txt
Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 341505
Laufzeit: 46 minute(s), 8 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
16.10.2008, 11:57
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner? Virus? bin am Ende..Code:
ATTFilter 2008-10-14 03:24 . 2008-10-14 03:24 23,040 --a------ C:\WINDOWS\system32\drivers\fsbts.sys
Eine Suche nach dem MD5 Hash dieser Datei ergibt ebenfalls Null Ergebnisse. Hast Du zufällig am 14.10.08 um ca. 3h morgens was installiert?  Wenn Du Dir die Eigenschaften per Rechtsklick dieser Datei anzeigen lässt, steht da was im Reiter Version über Hersteller und Version?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.10.2008, 12:08
| #8 |
| | Trojaner? Virus? bin am Ende.. Installiert...mmh, eigentlich nix Kann höchstens sein dass der Computer hochgefahren wurde..aber das würde ja die Zeit nicht anpassen, komisch. fsbts.sys Beschreibung: F-Secure Boot Time Scanner (filter) for Window Dateiversion: 1.0.14060.0 Firma: F-Secure Corporation Interner Name: fsbts.sys Produktname: F-Secure Boot Time Scanner Geändert von KathrinS (16.10.2008 um 12:17 Uhr) |
|
16.10.2008, 15:53
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner? Virus? bin am Ende.. Das Teil ist von F-Secure. Dann isses ok. Ich konnte es nur keinem Programm zuordnen und hab deswegen - auch wegen der schlechten Suchergebnisse - schon an einer Malwaredatei gedacht.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner? Virus? bin am Ende.. |
| bho, bonjour, browser, canon, converter, desktop, e-mail, firefox, gigabyte, google, hijackthis, hkus\s-1-5-18, internet, internet explorer, internet security, kaspersky, konvertieren, lexware, logfile, malwarebytes' anti-malware, mozilla, netgear, neu aufsetzen, pdf-datei, port, poweriso, scan, security, senden, software, spam, trojaner, trojaner?, virtual machine, virus, windows xp, windows xp sp3, xp sp3 |
Hybrid-Darstellung
