Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   W32/Rbot-DID (https://www.trojaner-board.de/29479-w32-rbot-did.html)

Christian_Th 25.05.2006 16:51
W32/Rbot-DID
 
Hallo!
Beim Starten des PCs kommt immer die Meldung 'msclt.exe' kann nicht gefunden werden.

Nach ein bisschen Suchen im Internet, hab ich herausgefunden, dass es sich wohl um einen Trojaner 'W32/Rbot-DID' handelt.

Wie kann ich den entfernen ohne die ganze Festplatte zu löschen?

Für jede Hilfe sehr dankbar!

BataAlexander 25.05.2006 16:58
Hallo,

sofern es sich wirklich um diesen handelt, hilft Dir nichts als eine Neuinstallation weiter.
Der Backdoor hat weitreichende Funktionen:
  • Ermöglicht Dritten den Zugriff auf den Computer
  • Verändert Daten auf dem Computer
  • Lädt Code aus dem Internet herunter
  • Speichert Tastenfolgen
  • Installiert sich in der Registrierung
  • Wird für DOS-Attacken verwendet
  • Hinterlässt nicht infizierte Dateien auf dem Computer
poste daher ein HijackThis Logfile, Anleitung in meiner Signatur verlinkt.

Gruß

Schrulli

Christian_Th 25.05.2006 17:11
Hey Schrulli

Vielen Dank für die Hilfe.
Habe das jetzt so gemacht wie Du es sagtest.

Dann kam folgendes heraus:

Logfile of HijackThis v1.99.1
Scan saved at 18:08:45, on 25.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\eDonkey2000\eDonkey2000.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\a-squared\a2guard.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Lexmark 2200 Series\lxbvbmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HanseNet\Alice\app\TangoService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\HanseNet\Alice\app\TangoManager.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wisptis.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\Rar$EX00.969\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rgtkpwrnog.biz/WJUoYagRDUW86JX8zf1CE3T9Im4UrH3GtHzv42XxPdx_Kc1bKShW/1Tyok5QBJr3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.burmacampaign.org.uk/mtvaction.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toysrus.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toysrus.de/
F2 - REG:system.ini: Shell=Explorer.exe msclt.exe
O1 - Hosts: 141.94.188.128 avp.com
O1 - Hosts: 228.221.196.46 ca.com
O1 - Hosts: 238.89.187.84 customer.symantec.com
O1 - Hosts: 11.99.174.97 dispatch.mcafee.com
O1 - Hosts: 159.118.170.56 download.mcafee.com
O1 - Hosts: 147.1.212.87 downloads1.kaspersky-labs.com
O1 - Hosts: 97.52.61.67 downloads2.kaspersky-labs.com
O1 - Hosts: 189.172.69.148 downloads3.kaspersky-labs.com
O1 - Hosts: 138.36.164.208 downloads4.kaspersky-labs.com
O1 - Hosts: 251.62.113.110 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 48.51.164.42 downloads-eu2.kaspersky-labs.com
O1 - Hosts: 168.215.141.20 downloads-eu3.kaspersky-labs.com
O1 - Hosts: 88.196.177.116 downloads-eu4.kaspersky-labs.com
O1 - Hosts: 191.171.247.107 downloads-us1.kaspersky-labs.com
O1 - Hosts: 68.21.171.247 downloads-us2.kaspersky-labs.com
O1 - Hosts: 52.12.54.188 downloads-us3.kaspersky-labs.com
O1 - Hosts: 194.123.151.181 downloads-us4.kaspersky-labs.com
O1 - Hosts: 198.200.251.51 f-secure.com
O1 - Hosts: 28.230.246.75 ftp.avp.com
O1 - Hosts: 248.227.199.162 ftp.ca.com
O1 - Hosts: 130.65.41.39 ftp.customer.symantec.com
O1 - Hosts: 32.16.94.137 ftp.download.mcafee.com
O1 - Hosts: 135.122.118.33 ftp.downloads1.kaspersky-labs.com
O1 - Hosts: 37.115.26.97 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 106.252.153.201 ftp.downloads3.kaspersky-labs.com
O1 - Hosts: 114.232.194.105 ftp.downloads4.kaspersky-labs.com
O1 - Hosts: 65.123.109.105 ftp.downloads-eu1.kaspersky-labs.com
O1 - Hosts: 82.229.73.157 ftp.downloads-eu2.kaspersky-labs.com
O1 - Hosts: 120.48.35.159 ftp.downloads-eu3.kaspersky-labs.com
O1 - Hosts: 186.195.215.132 ftp.downloads-eu4.kaspersky-labs.com
O1 - Hosts: 160.181.38.21 ftp.downloads-us1.kaspersky-labs.com
O1 - Hosts: 39.240.148.188 ftp.downloads-us2.kaspersky-labs.com
O1 - Hosts: 206.234.165.243 ftp.downloads-us3.kaspersky-labs.com
O1 - Hosts: 250.2.121.104 ftp.downloads-us4.kaspersky-labs.com
O1 - Hosts: 13.38.176.181 ftp.f-secure.com
O1 - Hosts: 252.130.171.91 ftp.grisoft.com
O1 - Hosts: 87.45.95.196 ftp.kaspersky.com
O1 - Hosts: 91.162.121.37 ftp.kaspersky-labs.com
O1 - Hosts: 42.142.138.227 ftp.liveupdate.symantec.com
O1 - Hosts: 192.171.86.225 ftp.liveupdate.symantecliveupdate.com
O1 - Hosts: 162.187.29.103 ftp.mast.mcafee.com
O1 - Hosts: 125.79.113.223 ftp.mcafee.com
O1 - Hosts: 41.127.105.203 ftp.my-etrust.com
O1 - Hosts: 189.183.80.20 ftp.nai.com
O1 - Hosts: 180.55.19.138 ftp.networkassociates.com
O1 - Hosts: 76.114.13.94 ftp.norton.com
O1 - Hosts: 22.106.141.71 ftp.rads.mcafee.com
O1 - Hosts: 239.175.16.32 ftp.sandbox.norman.com
O1 - Hosts: 214.167.34.79 ftp.secure.nai.com
O1 - Hosts: 73.193.227.156 ftp.securityresponse.symantec.com
O1 - Hosts: 168.180.17.99 ftp.sophos.com
O1 - Hosts: 83.249.28.49 ftp.symantec.com
O1 - Hosts: 100.17.178.212 ftp.symantecliveupdate.com
O1 - Hosts: 222.207.64.88 ftp.symatec.com
O1 - Hosts: 150.194.58.115 ftp.trendmicro.com
O1 - Hosts: 179.92.214.252 ftp.uk.trendmicro-europe.com
O1 - Hosts: 32.125.123.73 ftp.update.symantec.com
O1 - Hosts: 175.30.241.160 ftp.updates.symantec.com
O1 - Hosts: 225.139.198.165 ftp.updates1.kaspersky-labs.com
O1 - Hosts: 127.148.211.82 ftp.updates2.kaspersky-labs.com
O1 - Hosts: 126.147.86.123 ftp.updates3.kaspersky-labs.com
O1 - Hosts: 101.168.161.235 ftp.updates4.kaspersky-labs.com
O1 - Hosts: 165.38.193.140 ftp.us.mcafee.com
O1 - Hosts: 18.101.36.45 ftp.viruslist.com
O1 - Hosts: 120.159.17.103 grisoft.com
O1 - Hosts: 5.251.28.159 kaspersky.com
O1 - Hosts: 237.217.79.178 kaspersky-labs.com
O1 - Hosts: 219.43.185.74 liveupdate.symantecliveupdate.com
O1 - Hosts: 184.191.166.167 mast.mcafee.com
O1 - Hosts: 127.179.123.42 mcafee.com
O1 - Hosts: 147.209.85.159 my-etrust.com
O1 - Hosts: 155.132.241.174 nai.com
O1 - Hosts: 164.202.73.2 networkassociates.com
O1 - Hosts: 171.12.142.29 norton.com
O1 - Hosts: 188.157.158.148 pandasoftware.com
O1 - Hosts: 157.87.61.1 rads.mcafee.com
O1 - Hosts: 52.172.166.79 sandbox.norman.com
O1 - Hosts: 34.34.220.218 secure.nai.com
O1 - Hosts: 195.126.44.112 securityresponse.symantec.com
O1 - Hosts: 139.181.207.154 sophos.com
O1 - Hosts: 234.72.69.100 symantec.com
O1 - Hosts: 188.160.146.236 symantecliveupdate.com
O1 - Hosts: 230.194.52.118 symatec.com
O1 - Hosts: 38.173.227.85 trendmicro.com
O1 - Hosts: 182.88.223.88 uk.trendmicro-europe.com
O1 - Hosts: 210.57.133.32 update.symantec.com
O1 - Hosts: 180.27.77.117 updates.symantec.com
O1 - Hosts: 142.83.2.25 updates1.kaspersky-labs.com
O1 - Hosts: 186.10.187.23 updates2.kaspersky-labs.com
O1 - Hosts: 8.171.8.27 updates3.kaspersky-labs.com
O1 - Hosts: 90.174.61.216 updates4.kaspersky-labs.com
O1 - Hosts: 155.85.213.109 us.mcafee.com
O1 - Hosts: 164.4.240.109 viruslist.com
O1 - Hosts: 154.88.53.236 virusscan.jotti.org
O1 - Hosts: 121.171.195.181 virustotal.com
O1 - Hosts: 171.13.127.138 www.avp.com
O1 - Hosts: 247.122.64.30 www.ca.com
O1 - Hosts: 182.210.193.153 www.customer.symantec.com
O1 - Hosts: 239.81.242.220 www.dispatch.mcafee.com
O1 - Hosts: 107.139.223.102 www.download.mcafee.com
O1 - Hosts: 228.64.95.237 www.downloads1.kaspersky-labs.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {62538B16-6A8F-06A4-A64E-C82798392D14} - C:\DOKUME~1\Claudia\ANWEND~1\KEEPPO~1\LiteName.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\HanseNet\Alice\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [eDonkey2000] "C:\Programme\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mess option save move] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\About download mess option\adminamok.exe
O4 - HKCU\..\Run: [1Dog] C:\DOKUME~1\CHRIST~1\ANWEND~1\ROAMID~1\DALE LONG BALL.exe
O4 - HKCU\..\Run: [a-squared] "C:\Programme\a-squared\a2guard.exe"
O4 - HKCU\..\RunServices: [Microsoft client for NT] msclt.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.de/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/087bff41050150d5d618/netzip/RdxIE601_de.cab
O16 - DPF: {6F0A8298-9DFC-4124-A6A3-804AE037665C} (IPSUploader Control) - http://ips.poi.de/ips-opdata/95434711/activex/IPSUploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Programme\HanseNet\Alice\app\TangoService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



Uff, kann damit gar nichts anfangen.
Du??

BataAlexander 25.05.2006 17:13
Hallo,

leider hat sich der Verdacht bestätigt, daher kann man Dir nur raten den Rechner neu aufzusetzten und dannach alle Zugangspasswörter (ebay, Webmailer etc) zu ändern.

Was Backdooors können liest Du hier.

edit: Dazu kommen noch andere Infektionen, den Messenger Plus solltest Du Dir dann auch noch mal überlegen oder ihn zumindest ohne die Ads installieren. /edit

Gruß

Schrulli

Christian_Th 25.05.2006 17:15
Nicht die erhoffte Antwort, aber vielen Dank!!
Woran kannst du das Sehen? Nur Interesse...

BataAlexander 25.05.2006 17:28
Hallo,


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rgtkpwrnog.biz/ Hijacker
WJUoYagRDUW86JX8zf1CE3T9Im4UrH3GtHzv42XxPdx_Kc1bKShW/1Tyok5QBJr3.html Hijacker
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.burmacampaign.org.uk/mtvaction.html Hijacker
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toysrus.de/ gewollt?
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toysrus.de/ gewollt?
F2 - REG:system.ini: Shell=Explorer.exe msclt.exe W32/Rbot-DID
O1 - Hosts: 141.94.188.128 avp.com W32/Rbot-DID
O1 - Hosts: 228.221.196.46 ca.com W32/Rbot-DID
O1 - Hosts: 238.89.187.84 customer.symantec.com W32/Rbot-DID
O1 - Hosts: 11.99.174.97 dispatch.mcafee.com W32/Rbot-DID
O1 - Hosts: 159.118.170.56 download.mcafee.com W32/Rbot-DID
O1 - Hosts: 147.1.212.87 downloads1.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 97.52.61.67 downloads2.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 189.172.69.148 downloads3.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 138.36.164.208 downloads4.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 251.62.113.110 downloads-eu1.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 48.51.164.42 downloads-eu2.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 168.215.141.20 downloads-eu3.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 88.196.177.116 downloads-eu4.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 191.171.247.107 downloads-us1.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 68.21.171.247 downloads-us2.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 52.12.54.188 downloads-us3.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 194.123.151.181 downloads-us4.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 198.200.251.51 f-secure.com W32/Rbot-DID
O1 - Hosts: 28.230.246.75 ftp.avp.com W32/Rbot-DID
O1 - Hosts: 248.227.199.162 ftp.ca.com W32/Rbot-DID
O1 - Hosts: 130.65.41.39 ftp.customer.symantec.com W32/Rbot-DID
O1 - Hosts: 32.16.94.137 ftp.download.mcafee.com W32/Rbot-DID
O1 - Hosts: 135.122.118.33 ftp.downloads1.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 37.115.26.97 ftp.downloads2.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 106.252.153.201 ftp.downloads3.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 114.232.194.105 ftp.downloads4.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 65.123.109.105 ftp.downloads-eu1.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 82.229.73.157 ftp.downloads-eu2.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 120.48.35.159 ftp.downloads-eu3.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 186.195.215.132 ftp.downloads-eu4.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 160.181.38.21 ftp.downloads-us1.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 39.240.148.188 ftp.downloads-us2.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 206.234.165.243 ftp.downloads-us3.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 250.2.121.104 ftp.downloads-us4.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 13.38.176.181 ftp.f-secure.com W32/Rbot-DID
O1 - Hosts: 252.130.171.91 ftp.grisoft.com W32/Rbot-DID
O1 - Hosts: 87.45.95.196 ftp.kaspersky.com W32/Rbot-DID
O1 - Hosts: 91.162.121.37 ftp.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 42.142.138.227 ftp.liveupdate.symantec.com W32/Rbot-DID
O1 - Hosts: 192.171.86.225 ftp.liveupdate.symantecliveupdate.com W32/Rbot-DID
O1 - Hosts: 162.187.29.103 ftp.mast.mcafee.com W32/Rbot-DID
O1 - Hosts: 125.79.113.223 ftp.mcafee.com W32/Rbot-DID
O1 - Hosts: 41.127.105.203 ftp.my-etrust.com W32/Rbot-DID
O1 - Hosts: 189.183.80.20 ftp.nai.com W32/Rbot-DID
O1 - Hosts: 180.55.19.138 ftp.networkassociates.com W32/Rbot-DID
O1 - Hosts: 76.114.13.94 ftp.norton.com W32/Rbot-DID
O1 - Hosts: 22.106.141.71 ftp.rads.mcafee.com W32/Rbot-DID
O1 - Hosts: 239.175.16.32 ftp.sandbox.norman.com W32/Rbot-DID
O1 - Hosts: 214.167.34.79 ftp.secure.nai.com W32/Rbot-DID
O1 - Hosts: 73.193.227.156 ftp.securityresponse.symantec.com W32/Rbot-DID
O1 - Hosts: 168.180.17.99 ftp.sophos.com W32/Rbot-DID
O1 - Hosts: 83.249.28.49 ftp.symantec.com W32/Rbot-DID
O1 - Hosts: 100.17.178.212 ftp.symantecliveupdate.com W32/Rbot-DID
O1 - Hosts: 222.207.64.88 ftp.symatec.com W32/Rbot-DID
O1 - Hosts: 150.194.58.115 ftp.trendmicro.com W32/Rbot-DID
O1 - Hosts: 179.92.214.252 ftp.uk.trendmicro-europe.com W32/Rbot-DID
O1 - Hosts: 32.125.123.73 ftp.update.symantec.com W32/Rbot-DID
O1 - Hosts: 175.30.241.160 ftp.updates.symantec.com W32/Rbot-DID
O1 - Hosts: 225.139.198.165 ftp.updates1.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 127.148.211.82 ftp.updates2.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 126.147.86.123 ftp.updates3.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 101.168.161.235 ftp.updates4.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 165.38.193.140 ftp.us.mcafee.com W32/Rbot-DID
O1 - Hosts: 18.101.36.45 ftp.viruslist.com W32/Rbot-DID
O1 - Hosts: 120.159.17.103 grisoft.com W32/Rbot-DID
O1 - Hosts: 5.251.28.159 kaspersky.com W32/Rbot-DID
O1 - Hosts: 237.217.79.178 kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 219.43.185.74 liveupdate.symantecliveupdate.com W32/Rbot-DID
O1 - Hosts: 184.191.166.167 mast.mcafee.com W32/Rbot-DID
O1 - Hosts: 127.179.123.42 mcafee.com W32/Rbot-DID
O1 - Hosts: 147.209.85.159 my-etrust.com W32/Rbot-DID
O1 - Hosts: 155.132.241.174 nai.com W32/Rbot-DID
O1 - Hosts: 164.202.73.2 networkassociates.com W32/Rbot-DID
O1 - Hosts: 171.12.142.29 norton.com W32/Rbot-DID
O1 - Hosts: 188.157.158.148 pandasoftware.com W32/Rbot-DID
O1 - Hosts: 157.87.61.1 rads.mcafee.com W32/Rbot-DID
O1 - Hosts: 52.172.166.79 sandbox.norman.com W32/Rbot-DID
O1 - Hosts: 34.34.220.218 secure.nai.com W32/Rbot-DID
O1 - Hosts: 195.126.44.112 securityresponse.symantec.com W32/Rbot-DID
O1 - Hosts: 139.181.207.154 sophos.com W32/Rbot-DID
O1 - Hosts: 234.72.69.100 symantec.com W32/Rbot-DID
O1 - Hosts: 188.160.146.236 symantecliveupdate.com W32/Rbot-DID
O1 - Hosts: 230.194.52.118 symatec.com W32/Rbot-DID
O1 - Hosts: 38.173.227.85 trendmicro.com W32/Rbot-DID
O1 - Hosts: 182.88.223.88 uk.trendmicro-europe.com W32/Rbot-DID
O1 - Hosts: 210.57.133.32 update.symantec.com W32/Rbot-DID
O1 - Hosts: 180.27.77.117 updates.symantec.com W32/Rbot-DID
O1 - Hosts: 142.83.2.25 updates1.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 186.10.187.23 updates2.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 8.171.8.27 updates3.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 90.174.61.216 updates4.kaspersky-labs.com W32/Rbot-DID
O1 - Hosts: 155.85.213.109 us.mcafee.com W32/Rbot-DID
O1 - Hosts: 164.4.240.109 viruslist.com W32/Rbot-DID
O1 - Hosts: 154.88.53.236 virusscan.jotti.org W32/Rbot-DID
O1 - Hosts: 121.171.195.181 virustotal.com W32/Rbot-DID
O1 - Hosts: 171.13.127.138 www.avp.com W32/Rbot-DID
O1 - Hosts: 247.122.64.30 www.ca.com W32/Rbot-DID
O1 - Hosts: 182.210.193.153 www.customer.symantec.com W32/Rbot-DID
O1 - Hosts: 239.81.242.220 www.dispatch.mcafee.com W32/Rbot-DID
O1 - Hosts: 107.139.223.102 www.download.mcafee.com W32/Rbot-DID
O1 - Hosts: 228.64.95.237 www.downloads1.kaspersky-labs.com W32/Rbot-DID
O2 - BHO: (no name) - {62538B16-6A8F-06A4-A64E-C82798392D14} - C:\DOKUME~1\Claudia\ANWEND~1\KEEPPO~1\LiteName.exe Swizzor
O4 - HKLM\..\Run: [mess option save move] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\About download mess option\adminamok.exe Swizzor
O4 - HKCU\..\Run: [1Dog] C:\DOKUME~1\CHRIST~1\ANWEND~1\ROAMID~1\DALE LONG BALL.exe Swizzor
O4 - HKCU\..\RunServices: [Microsoft client for NT] msclt.exe W32/Rbot-DID
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.de/ Gewollt?
O16 - DPF: {6F0A8298-9DFC-4124-A6A3-804AE037665C} (IPSUploader Control) - http://ips.poi.de/ips-opdata/95434711/activex/IPSUploader.cab fragwürdig

Wenn Du in Zukuft nicht alles aufmachst, was man so als eMail Anhang bekommt, bleibt Dir ein Neususetzen vlt. länger erspart. Von eDonkey solltest Du auch wegkommen, viele der angebotenen Dateien sind verseucht.

Gruß

Schrulli

Gruß

Schrulli


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:42 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129