| |
| |||||||
Log-Analyse und Auswertung: Fragwürdige NetzwerkaktivitätenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.04.2009, 20:16
| #12 |
| |  Fragwürdige Netzwerkaktivitäten Danke auch dir KarlKarl, Wie du mir aufgetragen hast, hab ich Deamon Tools deinstalliert und einen neuen Gmer-Scan und Hijackthis-Log angefertigt. Die benannte Datei ist nichtmehr im Log aufgetaucht. Code:
ATTFilter GMER 1.0.15.14966 - h**p://www.gmer.net
Rootkit scan 2009-04-03 20:36:18
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.15 ----
SSDT 8748DBA0 ZwAlertResumeThread
SSDT 8748DC60 ZwAlertThread
SSDT 874867F8 ZwAllocateVirtualMemory
SSDT 873682E8 ZwAlpcConnectPort
SSDT 8748DB58 ZwCreateMutant
SSDT 87485608 ZwCreateThread
SSDT 87480EF0 ZwDebugActiveProcess
SSDT 87486D50 ZwFreeVirtualMemory
SSDT 87482B38 ZwImpersonateAnonymousToken
SSDT 8748D080 ZwImpersonateThread
SSDT 87486C70 ZwMapViewOfSection
SSDT 8748DA00 ZwOpenEvent
SSDT 87485548 ZwOpenProcessToken
SSDT 87480FD0 ZwOpenSection
SSDT 87402D70 ZwOpenThreadToken
SSDT 873FE7F8 ZwResumeThread
SSDT 874831E0 ZwSetContextThread
SSDT 87402E40 ZwSetInformationProcess
SSDT 87483110 ZwSetInformationThread
SSDT 8748D920 ZwSuspendProcess
SSDT 8748B3B8 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8F695DF0]
SSDT 87483050 ZwTerminateThread
SSDT 87486BB0 ZwUnmapViewOfSection
SSDT 87486728 ZwWriteVirtualMemory
INT 0x51 ? 8544CBF8
INT 0x62 ? 63BAF00
INT 0x72 ? 863BAF00
INT 0x82 ? 8544BBF8
INT 0x92 ? 8544BBF8
INT 0xA2 ? 8544CBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 350 822FE914 8 Bytes [A0, DB, 48, 87, 60, DC, 48, ...] {MOV AL, [0x608748db]; FMUL QWORD [EAX-0x79]}
.text ntkrnlpa.exe!KeSetTimerEx + 364 822FE928 4 Bytes [F8, 67, 48, 87]
.text ntkrnlpa.exe!KeSetTimerEx + 370 822FE934 4 Bytes CALL 34B71FBB
.text ntkrnlpa.exe!KeSetTimerEx + 428 822FE9EC 4 Bytes [58, DB, 48, 87] {POP EAX; FISTTP DWORD [EAX-0x79]}
.text ntkrnlpa.exe!KeSetTimerEx + 454 822FEA18 4 Bytes [08, 56, 48, 87]
.text ...
? System32\Drivers\spki.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8E12E46F 5 Bytes JMP 863BA4E0
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068D6D2] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068D040] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068D7FC] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068D0BE] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068D13C] \SystemRoot\System32\Drivers\spki.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069D048] \SystemRoot\System32\Drivers\spki.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74DC7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74E098C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74DCD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74DBF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74DC7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74DBE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74DFB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74DCD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74DC012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74DC0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74DB71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74E4D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74DE75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74DBDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74DB668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74DB66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74DC1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 854541F8
AttachedDevice \FileSystem\Ntfs \Ntfs AntiBotFilter.sys
Device \FileSystem\fastfat \FatCdrom 87E981F8
Device \Driver\volmgr \Device\VolMgrControl 8544E1F8
Device \Driver\usbohci \Device\USBPDO-0 864D8500
Device \Driver\usbehci \Device\USBPDO-1 864D71F8
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 8544E1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 8544E1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 864E9500
Device \Driver\volmgr \Device\HarddiskVolume3 8544E1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 854501F8
Device \Driver\atapi \Device\Ide\IdePort1 854501F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 854501F8
Device \Driver\volmgr \Device\HarddiskVolume4 8544E1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000080 873FF500
Device \Driver\USBSTOR \Device\00000074 873FF500
Device \Driver\volmgr \Device\HarddiskVolume5 8544E1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000075 873FF500
Device \Driver\USBSTOR \Device\00000081 873FF500
Device \Driver\volmgr \Device\HarddiskVolume6 8544E1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\00000069 854521F8
Device \Driver\netbt \Device\NetBt_Wins_Export 873BF1F8
Device \Driver\USBSTOR \Device\00000085 873FF500
Device \Driver\Smb \Device\NetbiosSmb 873F31F8
Device \Driver\USBSTOR \Device\00000086 873FF500
Device \Driver\nvstor32 \Device\RaidPort0 854521F8
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\nvstor32 \Device\RaidPort1 854521F8
Device \Driver\nvstor32 \Device\RaidPort2 854521F8
Device \Driver\iScsiPrt \Device\RaidPort3 865091F8
Device \Driver\usbohci \Device\USBFDO-0 864D8500
Device \Driver\usbehci \Device\USBFDO-1 864D71F8
Device \Driver\netbt \Device\NetBT_Tcpip_{510FE5E3-6D97-45DE-8EF6-FC7C74F80C43} 873BF1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{9C459856-BE7E-4950-9FBB-559C46417253} 873BF1F8
Device \Driver\USBSTOR \Device\0000007f 873FF500
Device \FileSystem\fastfat \Fat 87E981F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AntiBotFilter.sys
Device \FileSystem\cdfs \Cdfs 880351F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x18 0xF6 0x55 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x18 0xF6 0x55 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40072E1E-34F2-14CE-72DC-59853D67C41D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40072E1E-34F2-14CE-72DC-59853D67C41D}@pahfalfajpjjicdjldpegblbogaodfce 0x6B 0x61 0x6A 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40072E1E-34F2-14CE-72DC-59853D67C41D}@abnekpblmjofinpbhfiimhhjnpdmehjmpi 0x6B 0x61 0x6A 0x6B ...
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\LogFiles\Scm\SCM.EVM (size mismatch) 229376/0 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (size mismatch) 2158312/2109584 bytes
File C:\Windows\System32\spool\SpoolerETW.etl (size mismatch) 4096/0 bytes
File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 (size mismatch) 245760/0 bytes
File C:\Windows\System32\wfp\wfpdiag.etl (size mismatch) 65536/0 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:58:17 , on 03.04.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\EXPERTool ATI\TBPANEL.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Knl\knl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Razer\Copperhead\razertra.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: knl.lnk = C:\Program Files\Knl\knl.exe O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**ps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe -- End of file - 9171 bytes Das Problem mit dem GMER Button besteht aber weiterhin. Hat dazu einer noch ne Erklärung/Lösung? |
| Themen zu Fragwürdige Netzwerkaktivitäten |
| adobe, bho, browser, download, dsl, explorer, firefox, frage, gainward, hijackthis, hängen, immer wieder, internet, internet explorer, intrusion prevention, konvertieren, langsames internet, malwarebytes' anti-malware, monitor, mozilla, netzwerk, nicht gefunden, nicht vorhanden, object, pdf, pdf-datei, plug-in, programm, registrierungsschlüssel, rojaner gefunden, router, rundll, server, software, symantec, trojaner gefunden, trojaner-board, vista, windows sidebar |
Baum-Darstellung