Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.09.2009, 13:57   #1
eUnDoO
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Hey,

Da ich sogut wie keine Ahnung habe brauche ich Hilfe und wäre für diese auch sehr dankbar.
Beim chatten in MSN ist wohl, wie ich nachher Erfahren habe, an alle Personen in meiner Kontaktliste und natürlich an mir ein download-Link geschickt worden.
Seit ich ihn angeklickt habe, bekomme ich alle 5 Sekunden eine AntiVir-Achtung Fund Meldung in

C:\WINDOWS\system32\drivers\etc\hosts

Ist das Trojanische Pferd TR/AntiHosts.Gen

Ich habe direkt einen Freund kontaktiert der versucht hat den Virus manuell zu löschen. Dies funktioniert aber nicht da er sich immer wieder neu erstellt ...
Wir/Er hat ein paar Sachen ausprobiert und hin und her gegoogelt, haben das Problem auch nicht wegbekommen.

Ich weiß, dass es nicht viele Infos sind die ich geben kan, wenn mir jemand aber erklärt was genau ihr wissen müsstet um mir helfen zu können füge ich dies später natürlich hinzu.

MfG

Alt 12.09.2009, 14:22   #2
john.doe
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Hallo und

Hast du noch den Link auf den du geklickt hast oder kannst du ihn besorgen? Dann schicke ihn mir bitte als Private Nachricht.

Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas
__________________

__________________

Alt 12.09.2009, 17:41   #3
eUnDoO
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Okey mit CCleaner und RSIT hatte ich keine Probleme, jedoch konnte ich Malwarebytes nach der installation nicht öffnen vom icon aus. Trotzdem poste ich mal die info.txt und log.txt:

info.txt logfile of random's system information tool 1.06 2009-09-12 15:59:21

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
50 FREE MP3s +1 Free Audiobook!-->"C:\Programme\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ANNO 1602 Königs-Edition-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{077A7810-A937-4465-AD08-ACED9807995F}\SETUP.exe" -l0x7
Assassin's Creed-->C:\Programme\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly
Avira AntiVir PersonalEdition Classic-->C:\Programme\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE
biohazard 4-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}\install.exe" -l0x9 -removeonly
Call of Juarez - Bound in Blood-->C:\Programme\InstallShield Installation Information\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\setup.exe -runfromtemp -l0x0407
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Counter-Strike: Source v17-->C:\Programme\Counter-Strike Source\Uninstal.exe
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
DAEMON Tools Toolbar-->C:\Programme\DAEMON Tools Toolbar\uninst.exe
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FEAR SP Demo-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}\setup.exe" -l0x9 -removeonly
Free YouTube Download 2.3-->"C:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe"
GUILD WARS-->"C:\Programme\GUILD WARS\Gw.exe" -uninstall
GuildWars Visions v1.08-->"C:\Programme\Visions\unins000.exe"
GW Team Builder 1.2.1-->"C:\Programme\GW Team Builder\setup\unins000.exe"
Hamachi 1.0.3.0-->C:\Programme\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -l0x7 -remove -removeonly
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
kikin Plugin (JDownloader Edition) 1.11-->C:\Programme\kikin\uninst.exe
Left 4 Dead Dedicated Server-->"C:\Programme\Steam\steam.exe" steam://uninstall/510
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x7 UNINSTALL -removeonly
Logitech SetPoint-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010407-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.14)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NCsoft Launcher-->C:\Programme\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0007 -removeonly
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\System32\nvuninst.exe UninstallGUI
OpenAL-->"C:\Programme\OpenAL\oalinst.exe" /U
Portal-->"C:\Programme\Steam\steam.exe" steam://uninstall/400
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SweetIM for Messenger 2.7-->MsiExec.exe /X{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}
SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
TmNationsForever-->"C:\Programme\TmNationsForever\unins000.exe"
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Winamp Remote-->"C:\Programme\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox-->"C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Mozilla\Firefox\Profiles\306yrprx.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Programme\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XMedia Recode 2.1.1.1-->C:\Programme\XMedia Recode\uninst.exe

Hosts File Missing
======Security center information======

AV: Avira AntiVir PersonalEdition (outdated)

======System event log======

Computer Name: ALEX-PC
Event Code: 14
Message: Unknown error on CMDre 00000000 00000080 00000000 00000002 00000000

Record Number: 11514
Source Name: nv
Time Written: 20090830140326.000000+120
Event Type: Fehler
User:

Computer Name: ALEX-PC
Event Code: 14
Message: Unknown error on CMDre 00000000 00000868 03000400 00000002 00000000

Record Number: 11513
Source Name: nv
Time Written: 20090830140326.000000+120
Event Type: Fehler
User:

Computer Name: ALEX-PC
Event Code: 14
Message: Unknown error on CMDre 00000000 00000080 00000000 00000002 00000000

Record Number: 11512
Source Name: nv
Time Written: 20090830140322.000000+120
Event Type: Fehler
User:

Computer Name: ALEX-PC
Event Code: 14
Message: Unknown error on CMDre 00000000 00000868 04000500 00000002 00000000

Record Number: 11511
Source Name: nv
Time Written: 20090830140322.000000+120
Event Type: Fehler
User:

Computer Name: ALEX-PC
Event Code: 14
Message: Unknown error on CMDre 00000000 00000080 00000000 00000002 00000000

Record Number: 11510
Source Name: nv
Time Written: 20090830135733.000000+120
Event Type: Fehler
User:

=====Application event log=====

Computer Name: ALEX-PC
Event Code: 1000
Message: Fehlgeschlagene Anwendung winamp.exe, Version 5.5.4.2165, fehlgeschlagenes Modul ml_bookmarks.dll, Version 0.0.0.0, Fehleradresse 0x0000125d.

Record Number: 1362
Source Name: Application Error
Time Written: 20090718024452.000000+120
Event Type: Fehler
User:

Computer Name: ALEX-PC
Event Code: 1000
Message: Fehlgeschlagene Anwendung aion.bin, Version 1.9.601.1289, fehlgeschlagenes Modul , Version 0.0.0.0, Fehleradresse 0x00000000.

Record Number: 1361
Source Name: Application Error
Time Written: 20090718024325.000000+120
Event Type: Fehler
User:

Computer Name: ALEX-PC
Event Code: 4097
Message: Die Anwendung "C:\Programme\Winamp\winamp.exe" hat einen Programmfehler verursacht.
Datum und Zeit des Fehlers: 17.07.2009 um 13:43:12.093
Ausnahme: c0000005 an Adresse 1370125D (ml_bookmarks)

Record Number: 1360
Source Name: DrWatson
Time Written: 20090717134312.000000+120
Event Type: Informationen
User:

Computer Name: ALEX-PC
Event Code: 1000
Message: Fehlgeschlagene Anwendung winamp.exe, Version 5.5.4.2165, fehlgeschlagenes Modul ml_bookmarks.dll, Version 0.0.0.0, Fehleradresse 0x0000125d.

Record Number: 1359
Source Name: Application Error
Time Written: 20090717134310.000000+120
Event Type: Fehler
User:

Computer Name: ALEX-PC
Event Code: 1000
Message: Fehlgeschlagene Anwendung winamp.exe, Version 5.5.4.2165, fehlgeschlagenes Modul ml_bookmarks.dll, Version 0.0.0.0, Fehleradresse 0x0000125d.

Record Number: 1358
Source Name: Application Error
Time Written: 20090717133841.000000+120
Event Type: Fehler
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
__________________

Alt 12.09.2009, 17:43   #4
eUnDoO
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



und die log.txt Teil 1 da er zu lang für einen Post ist.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alexander at 2009-09-12 15:59:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 45 GB (29%) free of 153 GB
Total RAM: 1791 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:20, on 12.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\IDT\WDM\sttray.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programme\Steam\Steam.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Dokumente und Einstellungen\Alexander\Desktop\RSIT.exe
C:\Programme\trend micro\Alexander.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programme\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ICQ] ~"C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D73021D7-2AC8-464C-8B69-EF0A749EA503} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.guitarwar.com/teams/1000151.gif

--
End of file - 19747 bytes

Alt 12.09.2009, 17:44   #5
eUnDoO
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Jetzt der zweite Teil:

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Programme\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-16 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Programme\kikin\ie_kikin.dll [2009-05-20 429800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Programme\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2007-08-31 249896]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-03-19 13508608]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-03-19 86016]
"SysTrayApp"=C:\Programme\IDT\WDM\sttray.exe [2007-12-14 413696]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2008-08-04 36352]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-05-10 94208]
""= []
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-16 148888]
"SweetIM"=C:\Programme\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Orb"=C:\Programme\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
"Steam"=C:\Programme\Steam\Steam.exe [2009-06-11 1217784]
"LDM"=C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-05-14 32768]
"DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-06-02 24264488]
"PlayNC Launcher"= []
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ICQ"=~C:\Programme\ICQ6.5\ICQ.exe silent []
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Reader Speed Launch.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech Desktop Messenger.lnk - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\World of Warcraft\WoW-1.12.x-to-2.0.1-deDE-patch-downloader.exe"="C:\Programme\World of Warcraft\WoW-1.12.x-to-2.0.1-deDE-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\World of Warcraft\WoW-2.4.2-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-2.4.2-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\WoW-BurningCrusade-deDE-Installer-downloader.exe"="D:\WoW-BurningCrusade-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Programme\World of Warcraft\Launcher.exe"="C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Programme\Steam\SteamApps\markis123\counter-strike source\hl2.exe"="C:\Programme\Steam\SteamApps\markis123\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*isabled:Logitech Desktop Messenger"
"C:\Dokumente und Einstellungen\Alexander\Desktop\World of Warcraft\Launcher.exe"="C:\Dokumente und Einstellungen\Alexander\Desktop\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Metin2_Germany\metin2.bin"="C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2"
"C:\Programme\TmNationsForever\TmForever.exe"="C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Dokumente und Einstellungen\Alexander\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Dokumente und Einstellungen\Alexander\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe"="C:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Steam\SteamApps\common\left 4 dead\srcds.exe"="C:\Programme\Steam\SteamApps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server"
"C:\Programme\Warcraft III\Warcraft III.exe"="C:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Programme\Counter-Strike Source\hl2.exe"="C:\Programme\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Dokumente und Einstellungen\Alexander\Lokale Einstellungen\Temp\RarSFX0\hl.exe"="C:\Dokumente und Einstellungen\Alexander\Lokale Einstellungen\Temp\RarSFX0\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\avruncm.exe"="C:\WINDOWS\system32\avruncm.exe:*:Enabled:Windows Live"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\avruncm.exe"="C:\WINDOWS\system32\avruncm.exe:*:Enabled:Windows Live"

======List of files/folders created in the last 1 months======

2009-09-12 15:59:13 ----D---- C:\rsit
2009-09-12 15:59:13 ----D---- C:\Programme\trend micro
2009-09-12 15:54:30 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Malwarebytes
2009-09-12 15:54:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-12 15:54:23 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-09-12 15:48:02 ----D---- C:\Programme\CCleaner
2009-09-11 23:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 23:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 23:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-11 22:44:45 ----D---- C:\WINDOWS\pss
2009-09-11 21:59:29 ----RSH---- C:\WINDOWS\system32\avruncm.exe
2009-09-11 16:08:37 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2009-09-11 16:08:37 ----D---- C:\Programme\DVDVideoSoft
2009-09-05 23:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-04 17:56:40 ----D---- C:\Programme\Counter-Strike Source
2009-09-04 15:50:57 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-09-04 13:53:53 ----A---- C:\WINDOWS\system32\irmon.dll
2009-09-04 13:53:53 ----A---- C:\WINDOWS\system32\irftp.exe
2009-09-04 13:53:52 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-08-28 20:41:42 ----A---- C:\WINDOWS\War3Unin.exe
2009-08-28 20:38:42 ----D---- C:\Programme\Warcraft III
2009-08-26 15:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-24 16:22:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN6
2009-08-24 16:22:23 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\MSN6
2009-08-21 18:52:49 ----D---- C:\Programme\directx
2009-08-21 18:52:25 ----D---- C:\Programme\ANNO 1602 Königs-Edition
2009-08-21 18:24:45 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\AdobeUM
2009-08-20 22:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-20 13:22:23 ----D---- C:\Programme\SweetIM
2009-08-20 13:22:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
2009-08-19 22:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-19 22:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-08-19 22:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-08-19 22:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-19 22:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-19 22:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-19 22:12:58 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-19 22:12:55 ----D---- C:\Programme\MSBuild
2009-08-19 22:12:53 ----D---- C:\WINDOWS\system32\en-US
2009-08-19 22:12:47 ----D---- C:\Programme\Reference Assemblies
2009-08-19 22:12:28 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-19 22:12:28 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-19 22:12:28 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-19 22:12:28 ----D---- C:\c2926e47e2819c92cc3832
2009-08-19 22:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-19 22:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-19 22:09:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-19 22:09:24 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-19 22:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-19 22:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-19 19:43:00 ----A---- C:\WINDOWS\system32\muweb.dll
2009-08-19 19:43:00 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-08-19 19:43:00 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-08-18 16:33:04 ----D---- C:\Programme\Microsoft
2009-08-18 16:32:47 ----D---- C:\Programme\Windows Live SkyDrive
2009-08-18 16:32:25 ----D---- C:\Programme\Windows Live
2009-08-18 16:30:58 ----D---- C:\Programme\Gemeinsame Dateien\Windows Live

======List of files/folders modified in the last 1 months======

2009-09-12 15:59:13 ----RD---- C:\Programme
2009-09-12 15:59:07 ----D---- C:\WINDOWS\Temp
2009-09-12 15:55:31 ----D---- C:\WINDOWS\system32\drivers
2009-09-12 15:54:13 ----D---- C:\WINDOWS\Prefetch
2009-09-12 15:50:31 ----D---- C:\Programme\Mozilla Firefox
2009-09-12 15:33:26 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Skype
2009-09-12 13:36:51 ----D---- C:\WINDOWS\system32
2009-09-12 13:36:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-12 13:33:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-12 13:33:02 ----D---- C:\Programme\Steam
2009-09-12 00:34:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-12 00:01:54 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\skypePM
2009-09-11 23:21:27 ----D---- C:\WINDOWS
2009-09-11 23:18:30 ----HD---- C:\WINDOWS\inf
2009-09-11 23:18:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-11 23:18:27 ----A---- C:\WINDOWS\imsins.BAK
2009-09-11 23:18:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-11 21:09:37 ----D---- C:\Programme\DivX
2009-09-11 21:09:05 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-09-11 21:09:03 ----SHD---- C:\WINDOWS\Installer
2009-09-11 16:08:37 ----D---- C:\Programme\Gemeinsame Dateien
2009-09-05 22:45:00 ----D---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Hamachi
2009-09-04 15:50:59 ----D---- C:\WINDOWS\twain_32
2009-09-04 13:53:48 ----D---- C:\WINDOWS\security
2009-09-03 12:40:53 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-28 23:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-21 18:52:25 ----HD---- C:\Programme\InstallShield Installation Information
2009-08-20 22:34:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-20 13:32:28 ----RSD---- C:\WINDOWS\assembly
2009-08-19 22:15:19 ----D---- C:\WINDOWS\WinSxS
2009-08-19 22:12:51 ----RSD---- C:\WINDOWS\Fonts
2009-08-19 22:12:34 ----D---- C:\WINDOWS\system32\spool
2009-08-19 22:11:11 ----D---- C:\Programme\Internet Explorer
2009-08-19 22:09:27 ----D---- C:\Programme\Outlook Express
2009-08-18 16:33:51 ----SD---- C:\Dokumente und Einstellungen\Alexander\Anwendungsdaten\Microsoft
2009-08-18 16:32:52 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-08-18 16:32:52 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-08-13 17:15:57 ----A---- C:\WINDOWS\system32\jscript.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2007-08-09 40768]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2007-09-07 62016]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712]
R3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-26 25280]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-03-19 7086240]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2008-01-29 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2008-01-29 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-14 1270872]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 ajnwyuh1;ajnwyuh1; C:\WINDOWS\system32\drivers\ajnwyuh1.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2007-08-28 63016]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2007-09-11 214056]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-16 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-03-19 155716]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-02 2862428]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Alt 12.09.2009, 17:53   #6
john.doe
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Zitat:
Hast du noch den Link auf den du geklickt hast oder kannst du ihn besorgen? Dann schicke ihn mir bitte als Private Nachricht.
Wann (möglichst genau) hast du auf den Link geklickt?

Start => Ausführen => notepad C:\WINDOWS\system32\drivers\etc\hosts => OK => [Strg]a => [Strg]c => beim trojaner-board dann [Strg]v

ciao, andreas
__________________
--> TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts

Alt 12.09.2009, 18:14   #7
eUnDoO
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



# Copyright 2001-2010 Microsoft Corporation
#
# This is a sample HOSTS file used by TCP connections within Windows.
#



























































































127.0.0.1 msnfix.changelog.fr
127.0.0.1 www.incodesolutions.com
127.0.0.1 virusinfo.prevx.com
127.0.0.1 download.bleepingcomputer.com
127.0.0.1 www.dazhizhu.cn
127.0.0.1 foro.noticias3d.com
127.0.0.1 www.nabble.com
127.0.0.1 lurker.clamav.net
127.0.0.1 lexikon.ikarus.at
127.0.0.1 research.sunbelt-software.com
127.0.0.1 www.virusdoctor.jp
127.0.0.1 www.elitepvpers.de
127.0.0.1 guru.avg.com
127.0.0.1 www.superuser.co.kr
127.0.0.1 ntfaq.co.kr
127.0.0.1 v.dreamwiz.com
127.0.0.1 cit.kookmin.ac.kr
127.0.0.1 forums.whatthetech.com
127.0.0.1 forum.hijackthis.de
127.0.0.1 avg.vo.llnwd.net
127.0.0.1 www.huaifai.go.th
127.0.0.1 www.mostz.com
127.0.0.1 www.krupunmai.com
127.0.0.1 www.cddchiangmai.net
127.0.0.1 forum.malekal.com
127.0.0.1 tech.pantip.com
127.0.0.1 sapcupgrades.com
127.0.0.1 www.247fixes.com
127.0.0.1 forum.sysinternals.com
127.0.0.1 forum.telecharger.01net.com
127.0.0.1 sophos.com
127.0.0.1 foros.softonic.com
127.0.0.1 avast-home.uptodown.com
127.0.0.1 dr-web-cureit.softonic.com
127.0.0.1 www.f-secure.com
127.0.0.1 www.chkrootkit.org
127.0.0.1 diamondcs.com.au
127.0.0.1 www.rootkit.nl
127.0.0.1 www.sysinternals.com
127.0.0.1 z-oleg.com
127.0.0.1 espanol.dir.groups.yahoo.com
127.0.0.1 www.castlecrops.com
127.0.0.1 www.misec.net
127.0.0.1 safecomputing.umn.edu
127.0.0.1 www.antirootkit.com
127.0.0.1 www.greatis.com
127.0.0.1 ar.answers.yahoo.com
127.0.0.1 www.elhacker.org
127.0.0.1 www.rootkit.com
127.0.0.1 www.pctools.com
127.0.0.1 www.pcsupportadvisor.com
127.0.0.1 www.resplendence.com
127.0.0.1 www.personal.psu.edu
127.0.0.1 foro.ethek.com
127.0.0.1 foro.elhacker.net
127.0.0.1 vil.nail.com
127.0.0.1 search.mcafee.com
127.0.0.1 wwww.mcafee.com
127.0.0.1 download.nai.com
127.0.0.1 wwww.experts-exchange.com
127.0.0.1 www.bakunos.com
127.0.0.1 www.darkclockers.com
127.0.0.1 www.Merijn.org
127.0.0.1 www.spywareinfo.com
127.0.0.1 www.spybot.info
127.0.0.1 www.viruslist.com
127.0.0.1 www.hijackthis.de
127.0.0.1 www.f-secure.com
127.0.0.1 forum.kaspersky.com
127.0.0.1 majorgeeks.com
127.0.0.1 www.avp.com
127.0.0.1 www.virustotal.com
127.0.0.1 www.sophos.com
127.0.0.1 linhadefensiva.uol.com.br
127.0.0.1 cmmings.cn
127.0.0.1 www.sergiwa.com
127.0.0.1 www.el-hacker.com
127.0.0.1 www.avg-antivirus.net
127.0.0.1 www.kaspersky-labs.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.bleepingcomputer.com
127.0.0.1 www.free.grisoft.com
127.0.0.1 alerta-antivirus.inteco.es
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.analysis.seclab.tuwien.ac.at
127.0.0.1 www.symantec.com
127.0.0.1 www.kztechs.com
127.0.0.1 ad-aware-se.uptodown.com
127.0.0.1 stdio-labs.blogspot.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 update.symantec.com
127.0.0.1 www.box.net
127.0.0.1 foro.el-hacker.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.free.avg.com
127.0.0.1 download.mcafee.com
127.0.0.1 mast.mcafee.com
127.0.0.1 www.tecno-soft.com
127.0.0.1 ladooscuro.es
127.0.0.1 ftp.drweb.com
127.0.0.1 download.microsoft.comguru0.grisoft.cz
127.0.0.1 guru1.grisoft.cz
127.0.0.1 guru2.grisoft.cz
127.0.0.1 guru3.grisoft.cz
127.0.0.1 download.bleepingcomputer.com
127.0.0.1 it.answers.yahoo.com
127.0.0.1 www.softonic.com
127.0.0.1 guru4.grisoft.cz
127.0.0.1 guru5.grisoft.cz
127.0.0.1 www.virusspy.com
127.0.0.1 www.download.f-secure.com
127.0.0.1 www.malwareremoval.com
127.0.0.1 forums.cnet.com
127.0.0.1 foros.softonic.com
127.0.0.1 hjt-data.trend-braintree.com
127.0.0.1 www.pantip.com
127.0.0.1 secubox.aldria.com
127.0.0.1 www.forospyware.com
127.0.0.1 www.manuelruvalcaba.com
127.0.0.1 www.zonavirus.com
127.0.0.1 www.leforo.com
127.0.0.1 www.siteadvisor.com
127.0.0.1 blog.threatfire.com
127.0.0.1 www.threatexpert.com
127.0.0.1 blog.hispasec.com
127.0.0.1 www.configurarequipos.com
127.0.0.1 sosvirus.changelog.fr
127.0.0.1 mailcenter.rising.com.cn
127.0.0.1 mailcenter.rising.com
127.0.0.1 www.rising.com.cn
127.0.0.1 www.rising.com
127.0.0.1 www.babooforum.com.br
127.0.0.1 www.runscanner.net
127.0.0.1 www.blogschapines.com
127.0.0.1 sosvirus.changelog.fr
127.0.0.1 upload.changelog.fr
127.0.0.1 www.raymond.cc
127.0.0.1 changelog.fr
127.0.0.1 www.pcentraide.com
127.0.0.1 atazita.blogspot.com
127.0.0.1 www.thinkpad.cn
127.0.0.1 www.final4ever.com
127.0.0.1 files.filefont.com
127.0.0.1 www.infos-du-net.com
127.0.0.1 www.trendsecure.com
127.0.0.1 forum.hardware.fr
127.0.0.1 www.utilidades-utiles.com
127.0.0.1 blogs.icerocket.com
127.0.0.1 www.spychecker.com
127.0.0.1 www.geekstogo.com
127.0.0.1 forums.maddoktor2.com
127.0.0.1 www.smokey-services.eu
127.0.0.1 www.clubic.com
127.0.0.1 www.linhadefensiva.org
127.0.0.1 www.rolandovera.com
127.0.0.1 download.sysinternals.com
127.0.0.1 www.pcguide.com
127.0.0.1 www.thetechguide.com
127.0.0.1 www.ozzu.com
127.0.0.1 www.changedetection.com
127.0.0.1 espanol.groups.yahoo.com
127.0.0.1 community.thaiware.com
127.0.0.1 www.avpclub.ddns.info
127.0.0.1 www.offensivecomputing.net
127.0.0.1 www.grisoft.com
127.0.0.1 boardreader.com
127.0.0.1 www.guiadohardware.net
127.0.0.1 www.msnvirusremoval.com
127.0.0.1 www.cisrt.org
127.0.0.1 fixmyim.com
127.0.0.1 samroeng.hi5.com
127.0.0.1 foro.elhacker.net
127.0.0.1 www.daboweb.com
127.0.0.1 service1.symantec.com
127.0.0.1 forums.techguy.org
127.0.0.1 www.incodesolutions.com
127.0.0.1 hijackthis.download3000.com
127.0.0.1 www.cybertechhelp.com
127.0.0.1 www.superdicas.com.br
127.0.0.1 www.51nb.com
127.0.0.1 downloads.andymanchesta.com
127.0.0.1 andymanchesta.com
127.0.0.1 info.prevx.com
127.0.0.1 aknow.prevx.com
127.0.0.1 www.zonavirus.com
127.0.0.1 securitywonks.net
127.0.0.1 www.yoreparo.com
127.0.0.1 www.lavasoft.com
127.0.0.1 www.virscan.org
127.0.0.1 www.eeload.com
127.0.0.1 down.www.kingsoft.com
127.0.0.1 www.file.net
127.0.0.1 onecare.live.com
127.0.0.1 mvps.org
127.0.0.1 www.laneros.com
127.0.0.1 www.housecall.trendmicro.com
127.0.0.1 www.avast.com
127.0.0.1 www.free.avg.com
127.0.0.1 www.onlinescan.avast.com
127.0.0.1 www.ewido.net
127.0.0.1 www.trucoswindows.net
127.0.0.1 www.futurenow.bitdefender.com
127.0.0.1 www.bitdefender.com
127.0.0.1 www.f-prot.com
127.0.0.1 www.trendsecure.com
127.0.0.1 security.symantec.com
127.0.0.1 oldtimer.geekstogo.com
127.0.0.1 www.avira.com
127.0.0.1 www.eset.com
127.0.0.1 www.free.avg.com
127.0.0.1 www.free-av.com
127.0.0.1 kr.ahnlab.com
127.0.0.1 www.eset.com
127.0.0.1 forospyware.com
127.0.0.1 thejokerx.blogspot.com
127.0.0.1 www.2-spyware.com
127.0.0.1 www.antivir.es
127.0.0.1 www.prevx.com
127.0.0.1 www.ikarus.net
127.0.0.1 bbs.s-sos.net
127.0.0.1 www.housecall.trendmicro.com
127.0.0.1 www.superdicas.com.br
127.0.0.1 www.forums.majorgeeks.com
127.0.0.1 www.castlecops.com
127.0.0.1 www.virusspy.com
127.0.0.1 andymanchesta.com
127.0.0.1 www.kaspersky.es
127.0.0.1 subs.geekstogo.com
127.0.0.1 www.forospanish.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.fortinet.com
127.0.0.1 www.safer-networking.org
127.0.0.1 www.fortiguardcenter.com
127.0.0.1 www.dougknox.com
127.0.0.1 www.vsantivirus.com
127.0.0.1 www.firewallguide.com
127.0.0.1 www.auditmypc.com
127.0.0.1 www.spywaredb.com
127.0.0.1 www.mxttchina.com
127.0.0.1 www.ziggamza.net
127.0.0.1 www.forospyware.es
127.0.0.1 pogonyuto.forospanish.com
127.0.0.1 www.antivirus.comodo.com
127.0.0.1 www.spywareterminator.com
127.0.0.1 www.eradicatespyware.net
127.0.0.1 www.freespywareremoval.info
127.0.0.1 www.personalfirewall.comodo.com
127.0.0.1 www.clamav.net
127.0.0.1 www.antivirus.about.com
127.0.0.1 www.pandasecurity.com
127.0.0.1 www.webphand.com
127.0.0.1 mx.answers.yahoo.com
127.0.0.1 www.securitywonks.net
127.0.0.1 www.sandboxie.com
127.0.0.1 www.clamwin.com
127.0.0.1 www.cwsandbox.org
127.0.0.1 www.ca.com
127.0.0.1 www.arswp.com
127.0.0.1 es.answers.yahoo.com
127.0.0.1 www.trucoswindows.es
127.0.0.1 www.networkworld.com
127.0.0.1 www.cddchiangmai.net
127.0.0.1 www.threatexpert.com
127.0.0.1 www.norman.com
127.0.0.1 espanol.answers.yahoo.com
127.0.0.1 www.tallemu.com
127.0.0.1 virscan.org
127.0.0.1 www.viruschief.com
127.0.0.1 scanner.virus.org
127.0.0.1 www.hijackthis.de
127.0.0.1 housecall65.trendmicro.com
127.0.0.1 www.guiadohardware.net
127.0.0.1 hjt.networktechs.com
127.0.0.1 www.techsupportforum.com
127.0.0.1 www.whatthetech.com
127.0.0.1 www.soccersuck.com
127.0.0.1 www.pcentraide.com
127.0.0.1 comunidad.wilkinsonpc.com.co
127.0.0.1 forum.piriform.com
127.0.0.1 www.tweaksforgeeks.com
127.0.0.1 www.daniweb.com
127.0.0.1 www.geekstogo.com
127.0.0.1 es.answers.yahoo.com
127.0.0.1 www.techsupportforum.com
127.0.0.1 www.pchell.com
127.0.0.1 www.spyany.com
127.0.0.1 forums.techguy.org
127.0.0.1 www.experts-exchange.com
127.0.0.1 www.wikio.es
127.0.0.1 www.pandasecurity.com
127.0.0.1 forums.devshed.com
127.0.0.1 forum.tweaks.com
127.0.0.1 www.wilderssecurity.com
127.0.0.1 www.techspot.com
127.0.0.1 www.thecomputerpitstop.com
127.0.0.1 es.wasalive.com
127.0.0.1 secunia.com
127.0.0.1 es.kioskea.net
127.0.0.1 www.taringa.net
127.0.0.1 www.cyberdefender.com
127.0.0.1 www.feedage.com
127.0.0.1 new.taringa.net
127.0.0.1 forum.zazana.com
127.0.0.1 forum.clubedohardware.com.br
127.0.0.1 www.computing.net
127.0.0.1 discussions.virtualdr.com
127.0.0.1 forum.securitycadets.com
127.0.0.1 www.techimo.com
127.0.0.1 13iii.com
127.0.0.1 www.dicasweb.com.br
127.0.0.1 www.infosecpodcast.com
127.0.0.1 www.usbcleaner.cn
127.0.0.1 www.net-security.org
127.0.0.1 www.bleedingthreats.net
127.0.0.1 acs.pandasoftware.com
127.0.0.1 www.funkytoad.com
127.0.0.1 www.360safe.cn
127.0.0.1 www.360safe.com
127.0.0.1 bbs.360safe.cn
127.0.0.1 bbs.360safe.com
127.0.0.1 codehard.wordpress.com
127.0.0.1 forum.clubedohardware.com.br
127.0.0.1 www.360.cn
127.0.0.1 www.360.com
127.0.0.1 bbs.360safe.cn
127.0.0.1 bbs.360safe.com
127.0.0.1 www.forospyware.es
127.0.0.1 p3dev.taringa.net
127.0.0.1 www.precisesecurity.com
127.0.0.1 baike.360.cn
127.0.0.1 baike.360.com
127.0.0.1 kaba.360.cn
127.0.0.1 kaba.360.com
127.0.0.1 deckard.geekstogo.com
127.0.0.1 www.taringa.net
127.0.0.1 forums.comodo.com
127.0.0.1 www.mvps.org
127.0.0.1 down.360safe.cn
127.0.0.1 down.360safe.com
127.0.0.1 x.360safe.com
127.0.0.1 dl.360safe.com
127.0.0.1 ftp.drweb.com
127.0.0.1 www.hotshare.net
127.0.0.1 es.wasalive.com
127.0.0.1 free.antivirus.com
127.0.0.1 updatem.360safe.com
127.0.0.1 updatem.360safe.cn
127.0.0.1 update.360safe.cn
127.0.0.1 update.360safe.com
127.0.0.1 www.utilidades-utiles.com
127.0.0.1 forum.kaspersky.com
127.0.0.1 bbs.duba.net
127.0.0.1 www.duba.net
127.0.0.1 zhidao.baidu.com
127.0.0.1 hi.baidu.com
127.0.0.1 www.drweb.com.es
127.0.0.1 msncleaner.softonic.com
127.0.0.1 www.javacoolsoftware.com
127.0.0.1 file.ikaka.com
127.0.0.1 file.ikaka.cn
127.0.0.1 bbs.ikaka.com
127.0.0.1 zhidao.ikaka.com
127.0.0.1 www.eset-la.com
127.0.0.1 www.eset-la.com
127.0.0.1 software-files.download.com
127.0.0.1 www.ikaka.com
127.0.0.1 www.ikaka.cn
127.0.0.1 bbs.cfan.com.cn
127.0.0.1 www.cfan.com.cn
127.0.0.1 www.pandasecurity.com
127.0.0.1 es.mcafee.com
127.0.0.1 downloads.malwarebytes.org
127.0.0.1 bbs.kafan.cn
127.0.0.1 bbs.kafan.com
127.0.0.1 bbs.kpfans.com
127.0.0.1 bbs.taisha.org
127.0.0.1 www.manuelruvalcaba.com
127.0.0.1 support.f-secure.com
127.0.0.1 bbs.winzheng.com
127.0.0.1 alerta-antivirus.inteco.es
127.0.0.1 foros.zonavirus.com
127.0.0.1 alerta-antivirus.red.es
127.0.0.1 www.zonavirus.com
127.0.0.1 www.malwarebytes.org
127.0.0.1 www.commentcamarche.net
127.0.0.1 www.ewido.net
127.0.0.1 www.infospyware.com
127.0.0.1 www.bitdefender.es
127.0.0.1 housecall.trendmicro.com
127.0.0.1 foros.toxico-pc.com
127.0.0.1 www.emsisoft.de
127.0.0.1 www.securitynewsportal.com

Alt 12.09.2009, 18:20   #8
john.doe
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Da fehlt noch www.trojaner-board.de.

Beantworte bitte meine Fragen:
Zitat:
Hast du noch den Link auf den du geklickt hast oder kannst du ihn besorgen? Dann schicke ihn mir bitte als Private Nachricht.
Zitat:
Wann (möglichst genau) hast du auf den Link geklickt?
Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus.
Wähle die Sprache deiner Wahl und anschließend die Option 2.
Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 12.09.2009, 18:37   #9
eUnDoO
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Hab gerade nochmal wo nachgeguckt im Chat-Log und es dürfte so gegen 21:55-22:00 gewesen sein, ich tippe um 21:59, genauer geht es aber leider nicht.

€dit: Log vergessen:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : Default System BIOS
USER : Alexander ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 7.0.0.2
(Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:43 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 12.09.2009|19:24 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Geloescht ! - C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\nsa26.tmp

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Ordner Verzeichnis unter ANWEND~1

[25.03.2009|09:17] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Adobe
[21.08.2009|18:24] C:\DOKUME~1\ALEXAN~1\ANWEND~1\AdobeUM
[29.06.2009|15:03] C:\DOKUME~1\ALEXAN~1\ANWEND~1\DAEMON Tools Lite
[16.07.2009|22:40] C:\DOKUME~1\ALEXAN~1\ANWEND~1\DivX
[03.07.2009|11:48] C:\DOKUME~1\ALEXAN~1\ANWEND~1\GetRightToGo
[13.02.2009|19:09] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Google
[08.05.2009|18:52] C:\DOKUME~1\ALEXAN~1\ANWEND~1\gtk-2.0
[05.09.2009|22:45] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Hamachi
[29.05.2009|22:19] C:\DOKUME~1\ALEXAN~1\ANWEND~1\ICQ
[13.02.2009|17:22] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Identities
[13.02.2009|18:35] C:\DOKUME~1\ALEXAN~1\ANWEND~1\InstallShield
[26.06.2009|18:29] C:\DOKUME~1\ALEXAN~1\ANWEND~1\kikin
[14.05.2009|14:09] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Logitech
[13.02.2009|18:40] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Macromedia
[08.06.2009|15:47] C:\DOKUME~1\ALEXAN~1\ANWEND~1\MAGIX
[12.09.2009|15:54] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Malwarebytes
[18.08.2009|16:33] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Microsoft
[13.02.2009|17:42] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Microsoft Web Folders
[02.06.2009|17:06] C:\DOKUME~1\ALEXAN~1\ANWEND~1\MobMapUpdater
[13.02.2009|19:16] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Mozilla
[06.09.2009|20:03] C:\DOKUME~1\ALEXAN~1\ANWEND~1\MSN6
[30.06.2009|15:10] C:\DOKUME~1\ALEXAN~1\ANWEND~1\SecuROM
[12.09.2009|15:33] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Skype
[12.09.2009|16:03] C:\DOKUME~1\ALEXAN~1\ANWEND~1\skypePM
[21.06.2009|01:47] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Sun
[18.07.2009|20:07] C:\DOKUME~1\ALEXAN~1\ANWEND~1\teamspeak2
[29.06.2009|15:18] C:\DOKUME~1\ALEXAN~1\ANWEND~1\TeamViewer
[13.02.2009|18:51] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Ubisoft
[19.02.2009|22:18] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Winamp
[06.03.2009|22:07] C:\DOKUME~1\ALEXAN~1\ANWEND~1\WinRAR
[0|Datei(en)] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Bytes
[32|Verzeichnis(se),] C:\DOKUME~1\ALEXAN~1\ANWEND~1\Bytes frei

[13.02.2009|18:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
[13.02.2009|17:37] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Avira
[21.03.2009|17:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Blizzard
[26.06.2009|18:22] C:\DOKUME~1\ALLUSE~1\ANWEND~1\DAEMON Tools Lite
[10.07.2009|11:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
[29.05.2009|22:15] C:\DOKUME~1\ALLUSE~1\ANWEND~1\ICQ
[10.07.2009|11:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\MAGIX
[12.09.2009|15:54] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes
[18.08.2009|16:32] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft
[24.08.2009|16:22] C:\DOKUME~1\ALLUSE~1\ANWEND~1\MSN6
[30.05.2009|11:59] C:\DOKUME~1\ALLUSE~1\ANWEND~1\nView_Profiles
[19.02.2009|22:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\OrbNetworks
[30.06.2009|17:25] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype
[20.08.2009|13:22] C:\DOKUME~1\ALLUSE~1\ANWEND~1\SweetIM
[08.07.2009|14:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TrackMania
[13.02.2009|18:47] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Ubisoft
[19.02.2009|22:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Winamp Toolbar
[0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes
[19|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei

[13.02.2009|17:18] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft
[0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes
[3|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei

[11.09.2009|22:35] C:\DOKUME~1\LOCALS~1\ANWEND~1\Adobe
[13.02.2009|17:21] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft
[0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes
[4|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei

[13.02.2009|17:21] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft
[0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes
[3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei

--------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks

[12.09.2009 18:29][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02.04.2003 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Ordner Verzeichnis unter C:\Programme

[13.02.2009|18:03] C:\Programme\Adobe
[28.08.2009|17:29] C:\Programme\ANNO 1602 Königs-Edition
[13.02.2009|17:37] C:\Programme\Avira
[15.07.2009|00:50] C:\Programme\CAPCOM
[12.09.2009|15:48] C:\Programme\CCleaner
[13.02.2009|17:16] C:\Programme\ComPlus Applications
[04.09.2009|18:23] C:\Programme\Counter-Strike Source
[27.06.2009|09:06] C:\Programme\DAEMON Tools Lite
[26.06.2009|18:22] C:\Programme\DAEMON Tools Toolbar
[21.08.2009|18:52] C:\Programme\directx
[11.09.2009|21:09] C:\Programme\DivX
[11.09.2009|16:08] C:\Programme\DVDVideoSoft
[11.09.2009|16:08] C:\Programme\Gemeinsame Dateien
[10.07.2009|11:17] C:\Programme\Google
[14.07.2009|20:43] C:\Programme\GUILD WARS
[16.07.2009|01:17] C:\Programme\GW Team Builder
[26.04.2009|20:04] C:\Programme\Hamachi
[29.05.2009|22:17] C:\Programme\ICQ6.5
[29.05.2009|22:15] C:\Programme\ICQ6Toolbar
[13.02.2009|17:54] C:\Programme\IDT
[21.08.2009|18:52] C:\Programme\InstallShield Installation Information
[19.08.2009|22:11] C:\Programme\Internet Explorer
[16.07.2009|13:56] C:\Programme\Java
[26.06.2009|19:43] C:\Programme\JDownloader 0.6.193
[26.06.2009|18:29] C:\Programme\kikin
[14.05.2009|14:07] C:\Programme\Logitech
[23.06.2009|00:21] C:\Programme\LÖSCHEN
[10.07.2009|11:10] C:\Programme\MAGIX
[12.09.2009|15:55] C:\Programme\Malwarebytes' Anti-Malware
[15.02.2009|02:10] C:\Programme\Messenger
[17.06.2009|17:45] C:\Programme\Metin2_Germany
[18.08.2009|16:33] C:\Programme\Microsoft
[13.02.2009|17:42] C:\Programme\microsoft frontpage
[13.02.2009|17:42] C:\Programme\Microsoft Office
[13.02.2009|18:51] C:\Programme\Movie Maker
[12.09.2009|18:33] C:\Programme\Mozilla Firefox
[19.08.2009|22:12] C:\Programme\MSBuild
[13.02.2009|17:16] C:\Programme\MSN
[13.02.2009|17:16] C:\Programme\MSN Gaming Zone
[15.02.2009|02:08] C:\Programme\MSXML 4.0
[03.07.2009|12:31] C:\Programme\NCSoft
[13.02.2009|18:50] C:\Programme\NetMeeting
[13.02.2009|17:16] C:\Programme\Online Services
[13.02.2009|17:17] C:\Programme\Online-Dienste
[10.06.2009|21:32] C:\Programme\OpenAL
[19.08.2009|22:09] C:\Programme\Outlook Express
[19.08.2009|22:12] C:\Programme\Reference Assemblies
[30.06.2009|15:08] C:\Programme\Sierra
[30.06.2009|17:25] C:\Programme\Skype
[09.07.2009|13:48] C:\Programme\Stardock
[12.09.2009|18:30] C:\Programme\Steam
[20.08.2009|13:22] C:\Programme\SweetIM
[25.05.2009|17:56] C:\Programme\T4E
[28.02.2009|18:40] C:\Programme\Teamspeak2_RC2
[09.07.2009|23:58] C:\Programme\thriXXX
[10.06.2009|21:41] C:\Programme\TmNationsForever
[12.09.2009|15:59] C:\Programme\trend micro
[15.07.2009|23:08] C:\Programme\Ubisoft
[13.02.2009|17:22] C:\Programme\Uninstall Information
[09.06.2009|14:26] C:\Programme\Visions
[06.09.2009|14:36] C:\Programme\Warcraft III
[19.02.2009|22:18] C:\Programme\Winamp
[19.02.2009|22:17] C:\Programme\Winamp Remote
[19.02.2009|22:17] C:\Programme\Winamp Toolbar
[18.08.2009|16:32] C:\Programme\Windows Live
[18.08.2009|16:32] C:\Programme\Windows Live SkyDrive
[15.07.2009|23:15] C:\Programme\Windows Media Player
[13.02.2009|18:50] C:\Programme\Windows NT
[13.02.2009|18:26] C:\Programme\WindowsUpdate
[13.02.2009|17:40] C:\Programme\WinRAR
[13.02.2009|17:18] C:\Programme\xerox
[02.03.2009|09:16] C:\Programme\XMedia Recode
[0|Datei(en)] C:\Programme\Bytes
[74|Verzeichnis(se),] C:\Programme\Bytes frei

--------------------\\ Ordner Verzeichnis unter C:\Programme\Gemeinsame Dateien

[13.02.2009|18:03] C:\Programme\Gemeinsame Dateien\Adobe
[23.06.2009|13:17] C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
[13.02.2009|17:44] C:\Programme\Gemeinsame Dateien\Designer
[13.02.2009|17:17] C:\Programme\Gemeinsame Dateien\Dienste
[11.09.2009|21:09] C:\Programme\Gemeinsame Dateien\DivX Shared
[11.09.2009|16:08] C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[13.02.2009|17:52] C:\Programme\Gemeinsame Dateien\InstallShield
[14.05.2009|14:06] C:\Programme\Gemeinsame Dateien\Logitech
[18.08.2009|16:32] C:\Programme\Gemeinsame Dateien\Microsoft Shared
[13.02.2009|17:17] C:\Programme\Gemeinsame Dateien\MSSoap
[14.02.2009|00:13] C:\Programme\Gemeinsame Dateien\ODBC
[30.06.2009|17:25] C:\Programme\Gemeinsame Dateien\Skype
[14.02.2009|00:13] C:\Programme\Gemeinsame Dateien\SpeechEngines
[13.02.2009|18:50] C:\Programme\Gemeinsame Dateien\System
[18.08.2009|16:30] C:\Programme\Gemeinsame Dateien\Windows Live
[0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes
[17|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei

--------------------\\ Process

( 42 Processes )

... OK !

--------------------\\ Ueberpruefung mit S_Lop

Kein Lop Ordner gefunden !

--------------------\\ Suche nach Lop Dateien - Ordnern

Kein Lop Ordner gefunden !

--------------------\\ Suche innerhalb der Registry

..... OK !

--------------------\\ Ueberpruefung der Hosts Datei

Hosts Datei SAUBER


--------------------\\ Suche nach verborgenen Dateien mit Catchme


--------------------\\ Suche nach anderen Infektionen


[F:1516][D:86]-> C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp
[F:65][D:0]-> C:\DOKUME~1\ALEXAN~1\Cookies
[F:2316][D:5]-> C:\DOKUME~1\ALEXAN~1\LOKALE~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 12.09.2009|19:29 - Option : [2]

--------------------\\ Scan beendet um 19:29:18

Geändert von eUnDoO (12.09.2009 um 19:14 Uhr)

Alt 12.09.2009, 19:31   #10
john.doe
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Zitat:
ich tippe um 21:59, genauer geht es aber leider nicht.
Zitat:
2009-09-11 21:59:29 ----RSH---- C:\WINDOWS\system32\avruncm.exe
Es wird nur nicht ersichtlich, wie das gestartet wird.

http://www.trojaner-board.de/74908-a...t-scanner.html

ciao, andreas

Edit: Lade die Datei
Zitat:
C:\WINDOWS\system32\avruncm.exe
bitte bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html (nur Schritt 2)

Markiere den Text in der Box, kopiere ihn und füge ihn im Uploadchannel ins erste weiße Feld ein.
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Geändert von john.doe (12.09.2009 um 19:53 Uhr)

Alt 12.09.2009, 22:10   #11
eUnDoO
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Hab C:\WINDOWS\system32\avruncm.exe hochgeladen sowie beschrieben und vorhin GMER durchlaufen lassen. Als er anscheinend fertig wurde öffnete sich ein Warnfenster mit folgendem Inhalt:

"GMER found a system modification caused by ROOTKIT."

Das ist das Log:

GMER 1.0.15.15077 [0l1uwpio.exe] - http://www.gmer.net
Rootkit scan 2009-09-12 22:59:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spqy.sys ZwCreateKey [0xBA6A70E0]
SSDT BAFF1F1C ZwCreateThread
SSDT spqy.sys ZwEnumerateKey [0xBA6C5CA4]
SSDT spqy.sys ZwEnumerateValueKey [0xBA6C6032]
SSDT spqy.sys ZwOpenKey [0xBA6A70C0]
SSDT BAFF1F08 ZwOpenProcess
SSDT BAFF1F0D ZwOpenThread
SSDT spqy.sys ZwQueryKey [0xBA6C610A]
SSDT spqy.sys ZwQueryValueKey [0xBA6C5F8A]
SSDT spqy.sys ZwSetValueKey [0xBA6C619C]
SSDT BAFF1F17 ZwTerminateProcess
SSDT BAFF1F12 ZwWriteVirtualMemory

INT 0x62 ? 89BA1BF8
INT 0x94 ? 89B10BF8
INT 0xB4 ? 89BA1BF8
INT 0xB4 ? 89BA1BF8
INT 0xB4 ? 89B10BF8
INT 0xB4 ? 89B10BF8
INT 0xB4 ? 89BA1BF8

---- Kernel code sections - GMER 1.0.15 ----

? spqy.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B9EEE8AC 5 Bytes JMP 89B101D8
.text a0vams5v.SYS B9670386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a0vams5v.SYS B96703AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a0vams5v.SYS B96703C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a0vams5v.SYS B96703C9 1 Byte [30]
.text a0vams5v.SYS B96703C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Winamp Remote\bin\OrbTray.exe[664] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00413C70 C:\Programme\Winamp Remote\bin\OrbTray.exe (Orb/Orb Networks)
.text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!ReadFile 7C801812 6 Bytes JMP 5F160F5A
.text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01290001
.text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F130F5A
.text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Programme\ICQ6.5\ICQ.exe[1308] kernel32.dll!GetFileSize 7C810B17 6 Bytes JMP 5F190F5A
.text C:\Programme\ICQ6.5\ICQ.exe[1308] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5F040F5A
.text C:\Programme\ICQ6.5\ICQ.exe[1308] USER32.dll!SetParent 7E37C7F9 3 Bytes [FF, 25, 1E]
.text C:\Programme\ICQ6.5\ICQ.exe[1308] USER32.dll!SetParent + 4 7E37C7FD 2 Bytes [1D, 5F]
.text C:\Programme\ICQ6.5\ICQ.exe[1308] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ICQ6.5\ICQ.exe[1308] ole32.dll!CoCreateInstance 774D057E 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012C0001
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F3B0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F290F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F2C0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F2F0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!FindResourceW 7C80BC6E 6 Bytes JMP 5F230F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] kernel32.dll!SizeofResource 7C80BD09 6 Bytes JMP 5F260F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 5F040F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 6 Bytes JMP 5F410F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] ADVAPI32.dll!RegSetValueExA 77DAEAE7 6 Bytes JMP 5F3E0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5F200F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!DestroyWindow 7E37B19C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!DestroyWindow + 4 7E37B1A0 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!SetWindowLongW 7E37C2BB 6 Bytes JMP 5F1A0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 5F170F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!HttpOpenRequestA 77192B01 6 Bytes JMP 5F4A0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!InternetCloseHandle 77194D94 6 Bytes JMP 5F570F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!HttpQueryInfoA 771979CA 6 Bytes JMP 5F4D0F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!InternetReadFile 771982F2 6 Bytes JMP 5F540F5A
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1640] WININET.dll!GetUrlCacheEntryInfoExW 771A68A6 6 Bytes JMP 5F5A0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A8042] spqy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A813E] spqy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A80C0] spqy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A8800] spqy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A86D6] spqy.sys
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a0vams5v.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89BA01F8

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira Antivir File Filter Driver Manager/Avira GmbH)

Device \Driver\sptd \Device\878103368 spqy.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{96BA77FC-F72C-4F5B-B010-BDAEB2AA2DF9} 896B9500
Device \Driver\usbohci \Device\USBPDO-0 899D21F8
Device \Driver\usbehci \Device\USBPDO-1 899D11F8
Device \Driver\usbohci \Device\USBPDO-2 899D21F8
Device \Driver\usbehci \Device\USBPDO-3 899D11F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89C111F8
Device \Driver\Cdrom \Device\CdRom0 89A9D1F8
Device \Driver\Cdrom \Device\CdRom1 89A9D1F8
Device \Driver\PCI_PNP9618 \Device\0000003d spqy.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 896B9500
Device \Driver\NetBT \Device\NetbiosSmb 896B9500
Device \Driver\NetBT \Device\NetBT_Tcpip_{A0B28692-DC27-4E9E-A096-776C3E9BA8AC} 896B9500
Device \Driver\usbohci \Device\USBFDO-0 899D21F8
Device \Driver\usbehci \Device\USBFDO-1 899D11F8
Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{287FB9DD-DD13-4F92-942C-B026A5237C2A} 896B9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896BA500
Device \Driver\usbohci \Device\USBFDO-2 899D21F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 896BA500
Device \Driver\usbehci \Device\USBFDO-3 899D11F8
Device \Driver\BTHUSB \Device\0000007c bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl 89C111F8
Device \Driver\a0vams5v \Device\Scsi\a0vams5v1Port4Path0Target0Lun0 898431F8
Device \Driver\a0vams5v \Device\Scsi\a0vams5v1 898431F8
Device \FileSystem\Cdfs \Cdfs 898881F8

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\avruncm.exe (*** hidden *** ) 1232

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986000151
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986000151@001a7d521e83 0x99 0x1B 0x0D 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x15 0x5C 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x8A 0xD7 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0x29 0xDE 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001986000151 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001986000151@001a7d521e83 0x99 0x1B 0x0D 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x15 0x5C 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x8A 0xD7 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCD 0x29 0xDE 0x4B ...

---- EOF - GMER 1.0.15 ----

Alt 12.09.2009, 22:28   #12
john.doe
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Nur Kaspersky erkennt ihn bisher. Virustotal. MD5: 6cf0b27011fe242abcf989288869b2ec Heuristic.LooksLike.Win32.Trojan.B Trojan.Win32.Refroso.juq Trojan.Win32.Refroso.juq
Code:
ATTFilter
Datei avruncm.exe empfangen 2009.09.12 21:13:21 (UTC)
Status:    Beendet 
Ergebnis: 4/41 (9.76%) 
 Filter 
Drucken der Ergebnisse  Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	4.5.0.24	2009.09.12	-
AhnLab-V3	5.0.0.2	2009.09.12	-
AntiVir	7.9.1.14	2009.09.11	-
Antiy-AVL	2.0.3.7	2009.09.11	-
Authentium	5.1.2.4	2009.09.12	-
Avast	4.8.1351.0	2009.09.12	-
AVG	8.5.0.412	2009.09.12	-
BitDefender	7.2	2009.09.12	-
CAT-QuickHeal	10.00	2009.09.12	-
ClamAV	0.94.1	2009.09.12	-
Comodo	2296	2009.09.12	-
DrWeb	5.0.0.12182	2009.09.12	-
eSafe	7.0.17.0	2009.09.10	-
eTrust-Vet	31.6.6733	2009.09.11	-
F-Prot	4.5.1.85	2009.09.12	-
F-Secure	8.0.14470.0	2009.09.12	Trojan.Win32.Refroso.juq
Fortinet	3.120.0.0	2009.09.12	-
GData	19	2009.09.12	-
Ikarus	T3.1.1.72.0	2009.09.12	-
Jiangmin	11.0.800	2009.09.12	-
K7AntiVirus	7.10.843	2009.09.12	-
Kaspersky	7.0.0.125	2009.09.12	Trojan.Win32.Refroso.juq
McAfee	5739	2009.09.12	-
McAfee+Artemis	5739	2009.09.12	-
McAfee-GW-Edition	6.8.5	2009.09.12	Heuristic.LooksLike.Win32.Trojan.B
Microsoft	1.5005	2009.09.12	-
NOD32	4419	2009.09.12	-
Norman	6.01.09	2009.09.11	-
nProtect	2009.1.8.0	2009.09.12	-
Panda	10.0.2.2	2009.09.12	Suspicious file
PCTools	4.4.2.0	2009.09.11	-
Prevx	3.0	2009.09.12	-
Rising	21.46.52.00	2009.09.12	-
Sophos	4.45.0	2009.09.12	-
Sunbelt	3.2.1858.2	2009.09.12	-
Symantec	1.4.4.12	2009.09.12	-
TheHacker	6.3.4.4.402	2009.09.12	-
TrendMicro	8.950.0.1094	2009.09.12	-
VBA32	3.12.10.10	2009.09.11	-
ViRobot	2009.9.12.1932	2009.09.12	-
VirusBuster	4.6.5.0	2009.09.12	-
weitere Informationen
File size: 86016 bytes
MD5...: 6cf0b27011fe242abcf989288869b2ec
SHA1..: da2dd3a91624d8476b7aeeead263dca5e281514e
SHA256: fbc1a602e8b83b4cc2c822b58ed214384a63439f734cf9e9e694c281e1535e59
ssdeep: 1536:BQwua/lkX1mRviSobwfahk+Xo9TQh7pxfnHErAWNrfRLl9YRmrH9FmSXxOw
:Bua/+FmRvKbEai9Wj/urPfXxhO
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x61fa
timedatestamp.....: 0x4aa81d7f (Wed Sep 09 21:26:23 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x53de 0x5400 5.68 a893ff0ef887ce07f6f0eba9c3997bdc
.rdata 0x7000 0x8be 0xa00 4.69 eac5f36ff1c8f4d1466eefddeb4d2ea0
.data 0x8000 0x864 0x800 5.83 6c737451573658844a2a3b13fef3e92c
.rsrc 0x9000 0xe4dc 0xe600 7.96 b8b9fc16a60faac00eefffa54bea2a98

( 6 imports ) 
> KERNEL32.dll: GetTickCount, GetStartupInfoA, GetModuleHandleA, CreateThread, Sleep
> USER32.dll: SetWindowPos, MessageBoxA, PostQuitMessage, DestroyWindow, DefWindowProcA, DispatchMessageA, TranslateMessage, GetMessageA, UpdateWindow, ShowWindow, CreateWindowExA, SetWindowPlacement, LoadCursorA, LoadIconA, RegisterClassExA
> ole32.dll: CoInitialize
> GDI32.dll: GetStockObject
> MSVCP60.dll: __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z
> MSVCRT.dll: sprintf, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _EH_prolog, memcpy, strcpy, _except_handler3, memset, __2@YAPAXI@Z, getenv, _stricmp, malloc, memmove, strcmp, strlen, __CxxFrameHandler

( 0 exports ) 
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
         
Anleitung Avenger (by swandog46)

Lade dir das Tool Avenger und speichere es auf dem Desktop:
  • Doppelklick auf das Avenger-Symbol
  • Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"
Code:
ATTFilter
Drivers to delete:
npggsvc
ICQ Service
JavaQuickStarterService

Files to delete:
C:\WINDOWS\system32\avruncm.exe

Folders to delete:
c:\rsit
         
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.
ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 12.09.2009, 23:07   #13
eUnDoO
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



So hab avenger meinen Rechner neu starten lassen und AntiVir meldet mir nun keine Viren-Meldungen mehr an, was bissher das einzige merkbare Zeichen für den Trojaner war.
Hier das Log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "mkgluz" found!
ImagePath: system32\drivers\bkdrj.sys
Start Type: 0 (Boot)

Rootkit scan completed.


Warning: Invalid contents in ServiceGroupOrder key!
There may be a driver loading earlier than Avenger!

Driver "npggsvc" deleted successfully.
Driver "ICQ Service" deleted successfully.
Driver "JavaQuickStarterService" deleted successfully.
File "C:\WINDOWS\system32\avruncm.exe" deleted successfully.
Folder "c:\rsit" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\npggsvc" not found!
Deletion of driver "npggsvc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ICQ Service" not found!
Deletion of driver "ICQ Service" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\JavaQuickStarterService" not found!
Deletion of driver "JavaQuickStarterService" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\avruncm.exe" not found!
Deletion of file "C:\WINDOWS\system32\avruncm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "c:\rsit" not found!
Deletion of folder "c:\rsit" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Alt 12.09.2009, 23:15   #14
john.doe
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



Zitat:
Hidden driver "mkgluz" found!
ImagePath: system32\drivers\bkdrj.sys
Start Type: 0 (Boot)

Warning: Invalid contents in ServiceGroupOrder key!
There may be a driver loading earlier than Avenger!
Was ist das denn für ein fieses Teil?

Da müssen wir genauer hinschauen.

1.) Rootkitsuche mit SysProt
  • Lade dir SysProt auf den Desktop und starte das Tool
  • Gehe dort auf den Reiter "Log"
  • Setze nun einen Haken bei:
    • Kernel Modules
    • Kernel Hooks
    • Hidden Files
    • Und unten bei "Hidden Objects Only"
  • Drücke nun auf "Create Log"
  • Es erscheint nach einem kurzen Scan die ein Dialogfenster. Wähle dort "Scan All Drives"
  • Wenn der Scan abgeschlossen ist, beende SysProt.
  • Poste den gesamten Inhalt der "SysProtLog.txt", die auf dem Desktop zu finden ist.

2.) Rootkitscan mit RootRepeal
  • Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
  • Entpacke die Datei auf Deinen Desktop.
  • Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
  • Klicke auf den Reiter Report und dann auf den Button Scan.
  • Mache einen Haken bei den folgenden Elementen und klicke Ok.
    .
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services

    .
  • Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
  • Wähle C:\ und klicke wieder Ok.
  • Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
  • Wenn der Suchlauf beendet ist, klicke auf Save Report.
  • Speichere das Logfile als RootRepeal.txt auf dem Desktop.
  • Kopiere den Inhalt hier in den Thread.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 12.09.2009, 23:40   #15
eUnDoO
 
TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Standard

TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts



SysProt:

Service Name: ---
Module Base: BA8B8000
Module End: BA8C7000
Hidden: Yes

Module Name: spvw.sys
Service Name: ---
Module Base: BA6A6000
Module End: BA7A7000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B53D6000
Module End: B53EE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BADD4000
Module End: BADD6000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM\UserData\???????????p????????
Status: Hidden

Object: C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM\UserData\???????????p???????????
Status: Hidden

Object: C:\Dokumente und Einstellungen\***\Eigene Dateien\TrackMania\Tracks\Replays\Autosaves\Alexander_????·??·LOL.Replay.gbx
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{5B4B78B1-C3D7-43F8-81C1-811742AB48B2}
Status: Access denied




-------------------------------------------------------------------------------------------
RootRepeal:




ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/13 00:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: aajifnrh.sys
Image Path: aajifnrh.sys
Address: 0xBA8B8000 Size: 61440 File Visible: No Signed: -
Status: -

Name: bkdrj.sys
Image Path: bkdrj.sys
Address: 0xBA8A8000 Size: 61440 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB53D6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADD4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP0252
Image Path: \Driver\PCI_PNP0252
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBAAA8000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spvw.sys
Image Path: spvw.sys
Address: 0xBA6A6000 Size: 1052672 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Dokumente und Einstellungen\***\Recent\Mega Typ!.jpg.lnk
Status: Could not get file information (Error 0xc0000008)

Path: c:\dokumente und einstellungen\***\anwendungsdaten\skype\***\etilqs_agwy3mxx6tibhneosfzn
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\dokumente und einstellungen\***\anwendungsdaten\skype\***\etilqs_kghlqtaawu9ofihmybua
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\dokumente und einstellungen\***\anwendungsdaten\skype\***\etilqs_ntefdedvaye4kpnchmx5
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\dokumente und einstellungen\***\anwendungsdaten\skype\***\etilqs_wexe6hhwei6bsjt13gc1
Status: Allocation size mismatch (API: 4096, Raw: 0)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spvw.sys" at address 0xba6a70e0

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xbaf042d4

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spvw.sys" at address 0xba6c5ca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spvw.sys" at address 0xba6c6032

#: 119 Function Name: NtOpenKey
Status: Hooked by "spvw.sys" at address 0xba6a70c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xbaf042c0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xbaf042c5

#: 160 Function Name: NtQueryKey
Status: Hooked by "spvw.sys" at address 0xba6c610a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spvw.sys" at address 0xba6c5f8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spvw.sys" at address 0xba6c619c

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xbaf042cf

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xbaf042ca

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89b9f1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x87949500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89b0b1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x89b041f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x89b041f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b041f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b041f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x89b041f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b041f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x89b041f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89c111f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8880f1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8880f1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8880f1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8880f1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8880f1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8880f1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x89a121f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x89a121f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a121f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a121f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x89a121f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a121f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x89a121f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8880e1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_CREATE]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_CLOSE]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_READ]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_SHUTDOWN]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_CLEANUP]
Process: System Address: 0x887dd500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఝ浍瑓䴨覊, IRP_MJ_PNP]
Process: System Address: 0x887dd500 Size: 121

==EOF==

Geändert von eUnDoO (13.09.2009 um 00:40 Uhr)

Antwort

Themen zu TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts
ahnung, brauche, c:\windows, chat, direkt, erstellt, freund, fund, funktioniert, immer wieder, infos, kontaktiert, liste, meldung, msn, neu, personen, pferd, problem, sekunden, system, system32, tr/antihosts.gen, trojanische, trojanische pferd, virus, windows



Ähnliche Themen: TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts


  1. C:\Windows\System32\Drivers\spxi.sys
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (2)
  2. C:\Windows\System32\drivers\Wdf01000.sys - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (3)
  3. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  4. Hijackthis erkennt ein problem in C:\Windows\System32\drivers\etc\hosts .
    Log-Analyse und Auswertung - 16.01.2011 (1)
  5. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  6. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  7. Datei aus windows/system32/drivers entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (21)
  8. TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys
    Plagegeister aller Art und deren Bekämpfung - 17.06.2010 (11)
  9. TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (16)
  10. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  11. Datei C:\Windows\System32\drivers\mhpccj.sys
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (19)
  12. virus in windows/system32/drivers und svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (1)
  13. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)
  14. TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys
    Plagegeister aller Art und deren Bekämpfung - 09.04.2010 (8)
  15. Plage in C:\WINXP\system32\drivers\etc\hosts
    Log-Analyse und Auswertung - 10.12.2009 (25)
  16. Problem mit "C:\WINDOWS\system32\drivers\etc\hosts"
    Plagegeister aller Art und deren Bekämpfung - 15.06.2008 (5)
  17. Hosts Datei in windows/system32/drivers
    Plagegeister aller Art und deren Bekämpfung - 19.09.2006 (3)

Zum Thema TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts - Hey, Da ich sogut wie keine Ahnung habe brauche ich Hilfe und wäre für diese auch sehr dankbar. Beim chatten in MSN ist wohl, wie ich nachher Erfahren habe, an - TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts...
Archiv
Du betrachtest: TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.