Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.12.2010, 15:23   #1
Sputnik2
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Hallo,

ich poste nun nochmal mein HiJack-Logfile sowie ein GMER-Logfile.

Vielleicht koennte sich mal jemand die Prozesse ansehen. Ich hatte schon mal gepostet allerdings hat niemand mehr geantwortet.

Ich habe zuletzt noch festgestellt, dass Kerio seid geraumer Zeit immer Backdoor-Angriffe anzeigt, die mein Internet lahmlegen und auch Skype ungewoehnliche Verbindungen nach aussen ahn, was dann auch dazu fuehrt, dass sich das Programm nicht verbinden kann.

Da ich schon super viele Scans gemacht habe und selber nichts finde waere es gut wenn sich jeamand die Files ansehen koennte.

Vielen Dank

HiJack
-------------------------------------------------------------------------------------HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:40:42 AM, on 12/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Simone\My Documents\Downloads\HiJackThis204.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - - (no file)
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
 
--
End of file - 10157 bytes
         
--- --- ---


GMER
-------------------------------------------------------------------------------------GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2010-12-22 17:22:09
Windows 5.1.2600 Service Pack 3
 
 
---- System - GMER 1.0.15 ----
 
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9ECB6AE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9EA9A96]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9EA9D5E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9ECC04C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9ECC3D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9ECA8EC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB59C26C0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9ECC91A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9ECBA50]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB59C2770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB59C2810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB59C28B0]
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes JMP EA9D5EB9 
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[600] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
 
---- User IAT/EAT - GMER 1.0.15 ----
 
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 
Device \Driver\BTHUSB \Device\000000a0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
 
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 
Device \Driver\BTHUSB \Device\000000a2 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
 
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001ec2948f29 
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001ec2948f29 
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 30.12.2010, 16:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Zitat:
dass Kerio seid geraumer Zeit immer Backdoor-Angriffe anzeigt


Jaja die "tollen" Personal Firewalls, auch als bunte Desktop-Discos bekannt, melden so ziemlich jeden ungefährlichen Furz aus dem Internet. Poste mal die genaue Meldung, dann sehen wir weiter.
Kerio kannst du getrost in die Tonne treten, PFWs sind kontraproduktiv, besser einen DSL-Router in Kombination mit der Windows-Firewall verwenden.
__________________

__________________

Alt 30.12.2010, 16:56   #3
Sputnik2
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Ja ja ich habe schon gelesen, dass du ein totaler Gegner von den Firewalls bist.

Aber was heisst DSL-Router in Kombination mit Windows?

Aber super, dass sich hier jemand meldet. Danke.
__________________

Alt 30.12.2010, 16:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Zitat:
Aber was heisst DSL-Router in Kombination mit Windows?
Windows-Firewall

Wo ist die genaue Meldung dieser Blödsinns-Software?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 17:25   #5
Sputnik2
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Ja aus dieser bloedsinns Software laesst sich kein Log von der Seite mit den Angriffen erstellen.

Falls du eine Idee hast wie oder wo ich das finde, dann schicke ich es dir gerne!

Gruesse


Alt 30.12.2010, 17:39   #6
Sputnik2
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



[25/Sep/2010 18:57:48] "Ids" action = 'detected', raddr = '74.125.77.99', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[28/Sep/2010 00:52:39] "Ids" action = 'detected', raddr = '81.169.145.247', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[28/Sep/2010 15:02:56] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:02:59] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:03:05] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:03:17] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:03:41] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:04:29] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:06:05] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:23:01] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:23:02] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:23:04] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:23:10] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:55:50] "Ids" action = 'detected', raddr = '81.169.145.247', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[28/Sep/2010 20:56:11] "Ids" action = 'detected', raddr = '81.169.145.247', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[07/Oct/2010 10:58:20] "Ids" action = 'detected', raddr = '212.34.180.28', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[12/Oct/2010 16:50:22] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:50:25] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:50:31] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:50:43] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:51:07] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:51:55] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:53:31] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[13/Oct/2010 23:03:27] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 03:08:55] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 03:08:59] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 06:50:46] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 06:50:49] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 10:10:14] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[15/Oct/2010 10:47:28] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:00:45] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:00:48] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:00:54] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:01:06] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:01:29] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:02:18] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:03:54] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:39:42] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:39:46] Last message repeated 3 times
[17/Oct/2010 20:39:54] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:40:03] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:40:27] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:41:15] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:42:51] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[27/Oct/2010 13:34:09] "Ids" action = 'detected', raddr = '217.72.192.84', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[27/Oct/2010 13:35:14] "Ids" action = 'deny', raddr = '217.72.204.230', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[27/Oct/2010 13:35:19] Last message repeated 7 times
[27/Oct/2010 13:35:20] "Ids" action = 'deny', raddr = '217.72.204.230', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[27/Oct/2010 13:35:45] "Ids" action = 'detected', raddr = '217.72.192.84', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[27/Oct/2010 13:36:28] "Ids" action = 'detected', raddr = '192.67.198.33', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[27/Oct/2010 13:36:49] "Ids" action = 'detected', raddr = '192.67.198.33', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[27/Oct/2010 13:37:51] "Ids" action = 'detected', raddr = '192.67.198.33', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[02/Nov/2010 21:29:12] "Ids" action = 'detected', raddr = '72.21.211.171', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[17/Nov/2010 12:45:26] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:28] Last message repeated 12 times
[17/Nov/2010 12:45:28] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:34] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:34] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:42] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:52] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:46:02] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:37:00] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:37:04] Last message repeated 5 times
[23/Nov/2010 13:37:09] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:37:21] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:37:44] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:38:33] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:04:49] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:04:52] Last message repeated 9 times
[23/Nov/2010 17:04:53] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:04:58] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:05:03] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:05:19] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:05:46] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:06:44] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:08:38] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:01] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:04] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:10] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:22] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:46] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:03:34] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:05:10] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 00:06:01] "Ids" action = 'detected', raddr = '192.168.1.66', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[07/Dec/2010 11:48:16] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:48:19] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:48:25] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:48:37] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:49:01] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:49:49] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:51:25] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[10/Dec/2010 01:07:14] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:17] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:43] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:45] "Ids" action = 'deny', raddr = '142.68.93.148', msg = 'BACKDOOR trojan active theprayer1', url = 'hxxp://www.whitehats.com/info/IDS48', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:46] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:48] "Ids" action = 'deny', raddr = '142.68.93.148', msg = 'BACKDOOR trojan active theprayer1', url = 'hxxp://www.whitehats.com/info/IDS48', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:50] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:54] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:54] "Ids" action = 'deny', raddr = '142.68.93.148', msg = 'BACKDOOR trojan active theprayer1', url = 'hxxp://www.whitehats.com/info/IDS48', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:56] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:08:05] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:08:08] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:08:50] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:19] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:22] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:26] Last message repeated 3 times
[10/Dec/2010 01:09:29] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:32] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:41] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:44] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:05] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:08] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:34] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:38] Last message repeated 3 times
[10/Dec/2010 01:13:41] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:44] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:50] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:56] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:14:02] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:43:15] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:43:18] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:43:24] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:45:08] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:45:11] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:45:17] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:49:58] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:50:06] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:50:09] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:50:15] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:21:32] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:21:35] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:21:41] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:22:38] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:22:41] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:22:47] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:23:19] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:23:23] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:23:28] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:24:24] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:24:29] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:24:33] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:28:12] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:28:17] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:28:21] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:29:06] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:29:11] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:29:15] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:30:34] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:30:37] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:30:43] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:32:31] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:32:35] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:32:40] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[15/Dec/2010 18:37:44] "Ids" action = 'detected', raddr = '95.101.182.161', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[15/Dec/2010 18:38:22] "Ids" action = 'detected', raddr = '95.101.182.161', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[20/Dec/2010 17:07:57] "Ids" action = 'detected', raddr = '2.20.30.161', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[21/Dec/2010 18:14:02] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:06] Last message repeated 3 times
[21/Dec/2010 18:14:07] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:12] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:13] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:18] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:26] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:30] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:50] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:54] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:15:38] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:15:42] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:14] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:15] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:16] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:16] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:17] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:19] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:19] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:23] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:23] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:25] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:25] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:31] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:32] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[28/Dec/2010 17:33:43] "Ids" action = 'detected', raddr = '209.85.229.118', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan

Alt 30.12.2010, 17:48   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Code:
ATTFilter
[21/Dec/2010 21:47:32] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[28/Dec/2010 17:33:43] "Ids" action = 'detected', raddr = '209.85.229.118', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
         
Was Kerio da macht ist mir schleierhaft.
ich seh da nur eine IP-Nummer plus zugehörige URL dazu, aber was das ganze mit "BACKDOOR" zu tun haben soll ergibt sich so nicht. Und genau das hast du immer wieder bei PFWs, da ist das Interpretieren der Logs schon eine Wissenschaft für sich, selbst wenn man Protokoll- und Netzwerkkenntnisse hat.

Portscans sind völlig harmlos. Warum eine PFW das meldet hab ich auch nicht begfriffen, ich kann mir nur erklären, dass die sich oberwichtig machen will, um dem User, der so Bezahl-PFW gekauft hat, das schöne Gefühl bekommt das Geld gut investiert zu haben

Ich würde diesen Kerio-Schrott ersatzlos streichen. Aktiviere die fest im Betriebssystem verankerte Windows-Firewall.

Lies auch nochmal hier warum PFWs nicht zu empfehlen sind, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de
NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de
microsoft.public.de.security.heimanwender FAQ

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 18:01   #8
Sputnik2
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Ja ich habe das im Vorfeld schon alles gelesen.

Trotzdem bleibt mein Problem, dass seid einem Jahr irgendwo ein Fehler in meinem System sein muss - wurde mehrfach darauf hingewiesen.

Ich habe auch schon den Rechner neu bespielt und diverse Programme laufen lassen. Kerio war eher eine moegliche Info fuer die Helfer hier.

Schoene Gruesse

Alt 30.12.2010, 18:11   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Die Interverbindungsprobleme sind auch auf einem frischen XP mit allen Updates - ohne Kerio oder andere sinnfreie PFW?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 18:20   #10
Sputnik2
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Nein, das mit dem lahm gelegten Internet ist eher neu.

Alt 30.12.2010, 18:34   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Lässt sich das zeitlich eingrenzen? Oder eine Programminstallation / Systemänderung als mögliche Ursache zu benennen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 18:44   #12
Sputnik2
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Genau sagen kann ich das nicht, dass meine Emails irgendwie public waren (und immer noch sind) liegt ungefaehr ein knappes Jahr zurueck - rueckblickend kann es aber auch sein, dass mein System schon davor veraendert wurde.

Den Computer neu aufgesetzt habe ich im Juni oder Juli - sowohl OsX als auch Windows.

Alt 30.12.2010, 18:56   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



So ohne Anhaltspunkte wird es schwierig bis unmöglich die Ursache ausfindig zu machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 19:06   #14
Sputnik2
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Tja, Anhaltspunkte.

Ich habe die Festplatte nicht komplett platt gemacht also, will heissen der Name der alten Windowspartition taucht immer noch in Manchen Prozessen auf.

Ich kann es nicht sagen - wie was wo, ob Desktop Mirror oder Remoteueberwachung oder sonstiges? Bios Virus....eingebautes Mikro.........

Alt 30.12.2010, 19:26   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Standard

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.



Du hast nicht formatiert??
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.
adobe, avg, bho, bonjour, browser, driver./avg, excel, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, keine funde, mozilla, ntdll.dll, programm, prozesse, registry, rundll, security, server, shell32.dll, software, super, system, udp, windows, windows xp



Ähnliche Themen: HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.


  1. über 1000 Funde mit Malewarebytes
    Plagegeister aller Art und deren Bekämpfung - 16.06.2014 (33)
  2. Malewarebytes zeigt Viren!
    Log-Analyse und Auswertung - 15.03.2014 (8)
  3. Win7: Avira Fund: Java/Dldr.Obfshlp.JC, Malwarbytes Funde: Hijack.SearchPage in Quarantäne - 35 Funde insgesamt
    Log-Analyse und Auswertung - 06.10.2013 (5)
  4. Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an
    Log-Analyse und Auswertung - 02.10.2013 (7)
  5. Funde Malewarebytes
    Plagegeister aller Art und deren Bekämpfung - 01.10.2013 (5)
  6. 30 Funde bei suchlauf von Malewarebytes !
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (10)
  7. werbetrojaner windows 8; malewarebytes über 100 funde
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (18)
  8. GUV Virus weiterhin auf dem Rechner? Malewarebytes = keine Funde/ Antivir = 2 Funde
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (3)
  9. Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt
    Log-Analyse und Auswertung - 21.08.2012 (27)
  10. Erpresserischer Trojaner Funde bei Malewarebytes Logfile
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (4)
  11. Malewarebytes 16 Funde
    Log-Analyse und Auswertung - 17.08.2011 (1)
  12. Bitte HiJack Log mal nach auffälligkeiten durchsehen.
    Log-Analyse und Auswertung - 29.09.2009 (2)
  13. kann bitte jemand meinen hijack-log durchsehen?
    Log-Analyse und Auswertung - 16.10.2008 (3)
  14. könntet ihr bitte meinen hijack log mal durchsehen?!
    Log-Analyse und Auswertung - 31.01.2007 (2)
  15. könntet ihr bitte meinen hijack log mal durchsehen?!
    Log-Analyse und Auswertung - 30.01.2007 (2)
  16. hijack-log - browser zeigt keine seiten mehr an
    Log-Analyse und Auswertung - 02.03.2006 (1)
  17. Bittee bitte HiJack Log durchsehen
    Log-Analyse und Auswertung - 28.08.2004 (5)

Zum Thema HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. - Hallo, ich poste nun nochmal mein HiJack-Logfile sowie ein GMER-Logfile. Vielleicht koennte sich mal jemand die Prozesse ansehen. Ich hatte schon mal gepostet allerdings hat niemand mehr geantwortet. Ich habe - HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde....
Archiv
Du betrachtest: HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.