virus/rootkit verdacht [incl. hijackthis log]

Dieses Thema im Forum "Viren, Trojaner & Malware" wurde erstellt von ChillingStream, 17. Juni 2009 .

  1. 17. Juni 2009
    heo

    also kurz zu meinem system:

    vista x64 sp2
    intel i7 920 ( 2,7ghz)
    6gb ddr3 ram

    pc läuft schnell in spielen etc, aber der boot vorgang kommt mir so unverschämt lange vor, kann es sein dass da irgendein rootkit/virus geladen wird? :/

    defragmentiert ist auch.

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:55:57, on 17.06.2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    
    Running processes:
    F:\Program Files (x86)\MagicTune Premium\GammaTray.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    F:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
    F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    F:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    F:\Program Files (x86)\Skype\Phone\Skype.exe
    F:\Program Files (x86)\Miranda IM\miranda32.exe
    F:\mirc\mirc.exe
    F:\Program Files (x86)\Mozilla Firefox\firefox.exe
    f:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    F:\Program Files\FTPRush\FTPRush.exe
    F:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O1 - Hosts: ::1 ___id___.c.mystat-in.net
    O1 - Hosts: ::1 0.r.msn.com
    O1 - Hosts: ::1 00.eatgoogle.345.pl
    O1 - Hosts: ::1 00.eatgoogle.bee.pl
    O1 - Hosts: ::1 00.eatgoogle.bij.pl
    O1 - Hosts: ::1 00.eatgoogle.orge.pl
    O1 - Hosts: ::1 00.eatgoogle.osa.pl
    O1 - Hosts: ::1 00.googleeat.345.pl
    O1 - Hosts: ::1 00.googleeat.bee.pl
    O1 - Hosts: ::1 00.googleeat.bij.pl
    O1 - Hosts: ::1 00.googleeat.orge.pl
    O1 - Hosts: ::1 00.googleeat.osa.pl
    O1 - Hosts: ::1 00.moregoogle.345.pl
    O1 - Hosts: ::1 00.moregoogle.bee.pl
    O1 - Hosts: ::1 00.moregoogle.bij.pl
    O1 - Hosts: ::1 00.moregoogle.osa.pl
    O1 - Hosts: ::1 000007.ru
    O1 - Hosts: ::1 000dom.revenuedirect.com
    O1 - Hosts: ::1 000-search.net
    O1 - Hosts: ::1 000webhost.com
    O1 - Hosts: ::1 005.free-counter.co.uk
    O1 - Hosts: ::1 006.free-counter.co.uk
    O1 - Hosts: ::1 007.free-counter.co.uk
    O1 - Hosts: ::1 007guard.com
    O1 - Hosts: ::1 008.free-counter.co.uk
    O1 - Hosts: ::1 008527.cn
    O1 - Hosts: ::1 00fun.com
    O1 - Hosts: ::1 00hq.com
    O1 - Hosts: ::1 00inkjets.com
    O1 - Hosts: ::1 00pro.com
    O1 - Hosts: ::1 00web.com
    O1 - Hosts: ::1 01.eatgoogle.345.pl
    O1 - Hosts: ::1 01.eatgoogle.bee.pl
    O1 - Hosts: ::1 01.eatgoogle.orge.pl
    O1 - Hosts: ::1 01.eatgoogle.osa.pl
    O1 - Hosts: ::1 01.googleeat.345.pl
    O1 - Hosts: ::1 01.googleeat.bee.pl
    O1 - Hosts: ::1 01.googleeat.bij.pl
    O1 - Hosts: ::1 01.googleeat.orge.pl
    O1 - Hosts: ::1 01.googleeat.osa.pl
    O1 - Hosts: ::1 01.moregoogle.bee.pl
    O1 - Hosts: ::1 01.moregoogle.bij.pl
    O1 - Hosts: ::1 01.moregoogle.osa.pl
    O1 - Hosts: ::1 01.sharedsource.org
    O1 - Hosts: ::1 011707160008.c.mystat-in.net
    O1 - Hosts: ::1 0123hardcore.com
    O1 - Hosts: ::1 0190-dialer.com
    O1 - Hosts: ::1 0190-dialers.com
    O1 - Hosts: ::1 01computersoftwar.biz
    O1 - Hosts: ::1 01k0409-komplettpaket.tagesangebot-heimarbeit.eu
    O1 - Hosts: ::1 01sexe.com
    O1 - Hosts: ::1 01smith.com
    O1 - Hosts: ::1 02.main.ru
    O1 - Hosts: ::1 0-29.com
    O1 - Hosts: ::1 02kmky1xgzbmsdfx.com
    O1 - Hosts: ::1 02pmnzy5eo29bfk4.com
    O1 - Hosts: ::1 03.sharedsource.org
    O1 - Hosts: ::1 030.com
    O1 - Hosts: ::1 032439.com
    O1 - Hosts: ::1 04.fakesoft.345.pl
    O1 - Hosts: ::1 05.sharedsource.org
    O1 - Hosts: ::1 050101.com
    O1 - Hosts: ::1 0571ax.com
    O1 - Hosts: ::1 0571n.cn
    O1 - Hosts: ::1 0571z.cn
    O1 - Hosts: ::1 0576sf.com
    O1 - Hosts: ::1 05p.com
    O1 - Hosts: ::1 061606084448.c.mystat-in.net
    O1 - Hosts: ::1 070.us
    O1 - Hosts: ::1 070806142521.c.mystat-in.net
    O1 - Hosts: ::1 077.us
    O1 - Hosts: ::1 079.us
    O1 - Hosts: ::1 07ic5do2myz3vzpk.com
    O1 - Hosts: ::1 08.185.87.0.liveadvert.com
    O1 - Hosts: ::1 08.185.87.00.liveadvert.com
    O1 - Hosts: ::1 08.185.87.01.liveadvert.com
    O1 - Hosts: ::1 08.185.87.02.liveadvert.com
    O1 - Hosts: ::1 08.185.87.03.liveadvert.com
    O1 - Hosts: ::1 08.185.87.04.liveadvert.com
    O1 - Hosts: ::1 08.185.87.05.liveadvert.com
    O1 - Hosts: ::1 08.185.87.06.liveadvert.com
    O1 - Hosts: ::1 08.185.87.07.liveadvert.com
    O1 - Hosts: ::1 08.185.87.08.liveadvert.com
    O1 - Hosts: ::1 08.185.87.09.liveadvert.com
    O1 - Hosts: ::1 08.185.87.1.liveadvert.com
    O1 - Hosts: ::1 08.185.87.10.liveadvert.com
    O1 - Hosts: ::1 08.185.87.100.liveadvert.com
    O1 - Hosts: ::1 08.185.87.101.liveadvert.com
    O1 - Hosts: ::1 08.185.87.103.liveadvert.com
    O1 - Hosts: ::1 08.185.87.104.liveadvert.com
    O1 - Hosts: ::1 08.185.87.105.liveadvert.com
    O1 - Hosts: ::1 08.185.87.106.liveadvert.com
    O1 - Hosts: ::1 08.185.87.107.liveadvert.com
    O1 - Hosts: ::1 08.185.87.108.liveadvert.com
    O1 - Hosts: ::1 08.185.87.109.liveadvert.com
    O1 - Hosts: ::1 08.185.87.11.liveadvert.com
    O1 - Hosts: ::1 08.185.87.110.liveadvert.com
    O1 - Hosts: ::1 08.185.87.111.liveadvert.com
    O1 - Hosts: ::1 08.185.87.113.liveadvert.com
    O1 - Hosts: ::1 08.185.87.114.liveadvert.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Ai Nap] "f:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [QFan Help] "f:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
    O4 - HKLM\..\Run: [Cpu Level Up help] "f:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
    O4 - HKLM\..\Run: [avgnt] "F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - Global Startup: GammaTray.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O13 - Gopher Prefix: 
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84450991-CCD8-4F6C-AAF9-A44C20829974}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{84450991-CCD8-4F6C-AAF9-A44C20829974}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{84450991-CCD8-4F6C-AAF9-A44C20829974}: NameServer = 192.168.1.1
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MagicTuneEngine - Unknown owner - f:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Software Licensing (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 13234 bytes
    
     
  2. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]

    Die Einträge in der hosts-Datei stammen ziemlich sicher nicht von dir, sondern sollten gefixt werden:
    Code:
    O1 - Hosts: ::1 localhost
    O1 - Hosts: ::1 ___id___.c.mystat-in.net
    O1 - Hosts: ::1 0.r.msn.com
    O1 - Hosts: ::1 00.eatgoogle.345.pl
    O1 - Hosts: ::1 00.eatgoogle.bee.pl
    O1 - Hosts: ::1 00.eatgoogle.bij.pl
    O1 - Hosts: ::1 00.eatgoogle.orge.pl
    O1 - Hosts: ::1 00.eatgoogle.osa.pl
    O1 - Hosts: ::1 00.googleeat.345.pl
    O1 - Hosts: ::1 00.googleeat.bee.pl
    O1 - Hosts: ::1 00.googleeat.bij.pl
    O1 - Hosts: ::1 00.googleeat.orge.pl
    O1 - Hosts: ::1 00.googleeat.osa.pl
    O1 - Hosts: ::1 00.moregoogle.345.pl
    O1 - Hosts: ::1 00.moregoogle.bee.pl
    O1 - Hosts: ::1 00.moregoogle.bij.pl
    O1 - Hosts: ::1 00.moregoogle.osa.pl
    O1 - Hosts: ::1 000007.ru
    O1 - Hosts: ::1 000dom.revenuedirect.com
    O1 - Hosts: ::1 000-search.net
    O1 - Hosts: ::1 000webhost.com
    O1 - Hosts: ::1 005.free-counter.co.uk
    O1 - Hosts: ::1 006.free-counter.co.uk
    O1 - Hosts: ::1 007.free-counter.co.uk
    O1 - Hosts: ::1 007guard.com
    O1 - Hosts: ::1 008.free-counter.co.uk
    O1 - Hosts: ::1 008527.cn
    O1 - Hosts: ::1 00fun.com
    O1 - Hosts: ::1 00hq.com
    O1 - Hosts: ::1 00inkjets.com
    O1 - Hosts: ::1 00pro.com
    O1 - Hosts: ::1 00web.com
    O1 - Hosts: ::1 01.eatgoogle.345.pl
    O1 - Hosts: ::1 01.eatgoogle.bee.pl
    O1 - Hosts: ::1 01.eatgoogle.orge.pl
    O1 - Hosts: ::1 01.eatgoogle.osa.pl
    O1 - Hosts: ::1 01.googleeat.345.pl
    O1 - Hosts: ::1 01.googleeat.bee.pl
    O1 - Hosts: ::1 01.googleeat.bij.pl
    O1 - Hosts: ::1 01.googleeat.orge.pl
    O1 - Hosts: ::1 01.googleeat.osa.pl
    O1 - Hosts: ::1 01.moregoogle.bee.pl
    O1 - Hosts: ::1 01.moregoogle.bij.pl
    O1 - Hosts: ::1 01.moregoogle.osa.pl
    O1 - Hosts: ::1 01.sharedsource.org
    O1 - Hosts: ::1 011707160008.c.mystat-in.net
    O1 - Hosts: ::1 0123hardcore.com
    O1 - Hosts: ::1 0190-dialer.com
    O1 - Hosts: ::1 0190-dialers.com
    O1 - Hosts: ::1 01computersoftwar.biz
    O1 - Hosts: ::1 01k0409-komplettpaket.tagesangebot-heimarbeit.eu
    O1 - Hosts: ::1 01sexe.com
    O1 - Hosts: ::1 01smith.com
    O1 - Hosts: ::1 02.main.ru
    O1 - Hosts: ::1 0-29.com
    O1 - Hosts: ::1 02kmky1xgzbmsdfx.com
    O1 - Hosts: ::1 02pmnzy5eo29bfk4.com
    O1 - Hosts: ::1 03.sharedsource.org
    O1 - Hosts: ::1 030.com
    O1 - Hosts: ::1 032439.com
    O1 - Hosts: ::1 04.fakesoft.345.pl
    O1 - Hosts: ::1 05.sharedsource.org
    O1 - Hosts: ::1 050101.com
    O1 - Hosts: ::1 0571ax.com
    O1 - Hosts: ::1 0571n.cn
    O1 - Hosts: ::1 0571z.cn
    O1 - Hosts: ::1 0576sf.com
    O1 - Hosts: ::1 05p.com
    O1 - Hosts: ::1 061606084448.c.mystat-in.net
    O1 - Hosts: ::1 070.us
    O1 - Hosts: ::1 070806142521.c.mystat-in.net
    O1 - Hosts: ::1 077.us
    O1 - Hosts: ::1 079.us
    O1 - Hosts: ::1 07ic5do2myz3vzpk.com
    O1 - Hosts: ::1 08.185.87.0.liveadvert.com
    O1 - Hosts: ::1 08.185.87.00.liveadvert.com
    O1 - Hosts: ::1 08.185.87.01.liveadvert.com
    O1 - Hosts: ::1 08.185.87.02.liveadvert.com
    O1 - Hosts: ::1 08.185.87.03.liveadvert.com
    O1 - Hosts: ::1 08.185.87.04.liveadvert.com
    O1 - Hosts: ::1 08.185.87.05.liveadvert.com
    O1 - Hosts: ::1 08.185.87.06.liveadvert.com
    O1 - Hosts: ::1 08.185.87.07.liveadvert.com
    O1 - Hosts: ::1 08.185.87.08.liveadvert.com
    O1 - Hosts: ::1 08.185.87.09.liveadvert.com
    O1 - Hosts: ::1 08.185.87.1.liveadvert.com
    O1 - Hosts: ::1 08.185.87.10.liveadvert.com
    O1 - Hosts: ::1 08.185.87.100.liveadvert.com
    O1 - Hosts: ::1 08.185.87.101.liveadvert.com
    O1 - Hosts: ::1 08.185.87.103.liveadvert.com
    O1 - Hosts: ::1 08.185.87.104.liveadvert.com
    O1 - Hosts: ::1 08.185.87.105.liveadvert.com
    O1 - Hosts: ::1 08.185.87.106.liveadvert.com
    O1 - Hosts: ::1 08.185.87.107.liveadvert.com
    O1 - Hosts: ::1 08.185.87.108.liveadvert.com
    O1 - Hosts: ::1 08.185.87.109.liveadvert.com
    O1 - Hosts: ::1 08.185.87.11.liveadvert.com
    O1 - Hosts: ::1 08.185.87.110.liveadvert.com
    O1 - Hosts: ::1 08.185.87.111.liveadvert.com
    O1 - Hosts: ::1 08.185.87.113.liveadvert.com
    O1 - Hosts: ::1 08.185.87.114.liveadvert.com
    
    Ansonsten seh ich da erstmal nichts weiter problematisches
     
  3. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]

    Die Einträge stammen alle durch MSN und sind Werbeeinträge. Hier gibt es einen MSN Webeblocker http://live-advert-remover.softonic.de/

    Mein Vorschlag: MSN neu installieren bzw. sich von 2k9 trennen und den Patch draufkloppen.
    Anschliessend nochmals einen HJT Log erstellen und erneut posten

    Gruß R0cka

    edit: dann hat es was mit miranda/irc/ oder mit Windows Live zu tun! Auf jeden Fall ein Chatprogramm mit Werbung.
     
  4. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]

    Doch die sind von mir, wie du sehen kannst zeigen die alle auf localhost und sind daher sicher

    EDiT:

    Jauuuuuuu hab nichtmals MSN drauf...
     
  5. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]

    Schon mit IceSword/GMER/RootkitRevealer auf Rootkits gecheckt?
     
  6. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]


    auf sowas hab ich gewartet ich google mal die progs

    Code:
    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-06-17 19:09:55
    Windows 6.0.6002 Service Pack 2
    
    
    ---- Registry - GMER 1.0.15 ----
    
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 f:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0x2B 0x68 0x22 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDB 0x39 0x1B 0x0A ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x50 0x08 0x4B ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 f:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0x2B 0x68 0x22 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDB 0x39 0x1B 0x0A ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x54 0xD3 0x37 0xC9 ...
    
    ---- EOF - GMER 1.0.15 ----
    
     
  7. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]

    also ein unbemerktes rootkit bei vista x64 sp2 ist eigentlich fast (zu 99%) unmöglich, da müsstest du schon ziemlich besoffen sein und sowas mit Absicht installieren. Es sei den natürlich du hast die Sicherheitsfeatures deaktiviert (z.b. Disable Driver Signature Enforcement ist ganz DUMM!)

    Der Rest erkennt eigentlich dein virenscanner

    -> Dein pc ist clean


    lahme hdd? nutzlose vista dienste noch aktiviert?

    noch ein tipp: deinstallier den adobe reader dreck und installier foxit reader...
     
  8. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]

    hab 2 HDDs drin eine alte 300gb seagate und mein system (c:\windows) läuft auf ner 650TB WD caviar black, sollte also ok sein.

    es ist halt nur der boot vorgang so langsam, könnten auch diesnte sein, die verzögert starten

    -> nutzlose vista dienste noch aktiviert?

    hast du dafür ne liste oder ein tool?
     
  9. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]

    klar nennt sich vispa
    http://www.chip.de/downloads/Vispa_27485280.html

    jo also an der hdd liegts dann auch nicht
     
  10. 17. Juni 2009
    Zuletzt von einem Moderator bearbeitet: 14. April 2017
    AW: virus/rootkit verdacht [incl. hijackthis log]

    vispa finde ich jetzt nicht so toll. da benutze ich lieber services.msc direkt...

    https://www.xup.in/pic,18215250/Untitled-1.jpg
    https://www.xup.in/pic,12602282/Untitled-2.jpg
    https://www.xup.in/pic,41790240/Untitled-3.jpg
    https://www.xup.in/pic,26452710/Untitled-4.jpg
     
  11. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]

    mit bootvis kann man den bootvorgang analysieren, gucken wann genau er hängt und dann entsprechend reagieren!

    ich find das sehr nützlich bei windowskisten.
    kannst danach google oder BootVis - Download - CHIP


    ansonsten, wenn du sagst, dass bei games alles butter, der boot vorgang aber längsam läuft -> evtl ist die "alte" festplatte nur zu langsam?!
     
  12. 17. Juni 2009
    AW: virus/rootkit verdacht [incl. hijackthis log]

    botvis geht unter vista nicht
     
  13. Video Script

    Videos zum Themenbereich

    * gefundene Videos auf YouTube, anhand der Überschrift.