PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Hab ich jetzt ein Trojaner


Boarder
17.07.2009, 23:33
Grüßt euch,
Ich hab mri heute was runtergeladen und als ich ein Crack ausführen wollte kam eine Fehlermeldung. Dachte ich mir naja evt. Trojaner und hab mal mein Kaspersky rüber geschickt. Hat nichts angezeigt. Also hab ich es mal bei Virustotal und Novirus hochgeladen als Ergebnis kam folgendes
Bei VirusTotal
Antivirus Version letzte aktualisierung Ergebnis a-squared4.5.0.242009.07.17-
AhnLab-V35.0.0.22009.07.17-
AntiVir7.9.0.2202009.07.17-
Antiy-AVL2.0.3.72009.07.17-
Authentium5.1.2.42009.07.17W32/Heuristic-210!Eldorado
Avast4.8.1335.02009.07.17-
AVG8.5.0.3872009.07.17-
BitDefender7.22009.07.17-
CAT-QuickHeal10.002009.07.17(Suspicious) - DNAScan
ClamAV0.94.12009.07.17-
Comodo16842009.07.18-
DrWeb5.0.0.121822009.07.18-
eSafe7.0.17.02009.07.16-
eTrust-Vet31.6.66222009.07.17-
F-Prot4.4.4.562009.07.17W32/Heuristic-210!Eldorado
F-Secure8.0.14470.02009.07.17-
Fortinet3.120.0.02009.07.17-
GData192009.07.18-
IkarusT3.1.1.64.02009.07.17-
Jiangmin11.0.8002009.07.17-
K7AntiVirus7.10.7942009.07.16-
Kaspersky7.0.0.1252009.07.18-
McAfee56792009.07.17-
McAfee+Artemis56792009.07.17-
McAfee-GW-Edition6.8.52009.07.17Heuristic.LooksLike.Win32.Su spicious.
CMicrosoft1.48032009.07.17-
NOD3242552009.07.17-
Norman6.01.092009.07.17-
nProtect2009.1.8.02009.07.17-
Panda10.0.0.142009.07.17-
PCTools4.4.2.02009.07.17-
Prevx3.02009.07.18-
Rising21.38.44.002009.07.17-
Sophos4.43.02009.07.17-
Sunbelt3.2.1858.22009.07.17-
Symantec1.4.4.122009.07.18-
TheHacker6.3.4.3.3702009.07.17-
TrendMicro8.950.0.10942009.07.17-
VBA323.12.10.82009.07.17-
ViRobot2009.7.17.18412009.07.17-
VirusBuster4.6.5.02009.07.16-
weitere Informationen File size: 391168 bytesMD5...: 1d70863a08d2da239749ccdaf7af0c92SHA1..: 59cb406f1fcb9dc4f27346a84bb21897ae2e03d3SHA256: 3f07b439128ccfce405d83796ad9dfef9c94afc1242a79ed6e b9008ec61880bfssdeep: 6144:PVuBhyHS63BuE+7gCW3e0dZfFgCZTdsmnElE5MD+DtBdE 8LGlm:PVuPyHS6
xuE4O1dTdxGmnOEM+5B+8LUm
PEiD..: ASProtect v1.23 RC1TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6000
timedatestamp.....: 0x46446d74 (Fri May 11 13:19:48 2007)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
0x6000 0x3a000 0x17e00 8.00 d1c730ed6d8c5d1aab032ec122bbcaec
0x40000 0x13000 0x6a00 7.99 4a77dd0499e32944f397f80612d7bf80
0x53000 0x3000 0x400 7.82 75e1b5a1e2f497eb36d345bb6dde3c54
.rsrc 0x56000 0x4000 0xe00 7.37 c27fa5b1ffc0db332b48f53df78a1331
0x5a000 0x1000 0x200 7.60 f2bb9040d0991ee03b1fca91ef98385e
.data 0x5b000 0x3a000 0x39c00 7.90 caee73c297be458c8f734035a1f56dd7
.adata 0x95000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 13 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> winmm.dll: waveInGetDevCapsW
> user32.dll: GetMessageW
> advapi32.dll: RegOpenKeyA
> ole32.dll: CoInitialize
> oleaut32.dll: -
> msvcp71.dll: __4_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@ABV01@@Z
> shlwapi.dll: PathFileExistsW
> msvcr71.dll: _vsnwprintf
> raptra30u.dll: RTEnd
> version.dll: GetFileVersionInfoW
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

( 0 exports )
PDFiD.: -RDS...: NSRL Reference Data Set
-packers (Kaspersky): PE_Patch, ASProtectpackers (Authentium): PE_Patch, Aspack, Aspackpackers (F-Prot): PE_Patch, Aspack

bei NoVirus
File Info

Report generated: 18.7.2009 at 0.14.56 (GMT 1)
Filename: ScrambyServer.exe
File size: 382 KB
MD5 Hash: 1d70863a08d2da239749ccdaf7af0c92
SHA1 Hash: 59CB406F1FCB9DC4F27346A84BB21897AE2E03D3
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 2 on 22

Detections

a-squared - -
Avira AntiVir - -
Avast - -
AVG - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
Ewido - -
F-PROT6 - W32/Heuristic-210!Eldorado
Ikarus T3 - -
Kaspersky - -
McAfee - -
NOD32 v3 - -
Norman - -
Panda - -
QuickHeal - Suspicious
Solo Antivirus - -
Sophos - -
TrendMicro - -
VBA32 - -
VirusBuster - -

Scan report generated by
NoVirusThanks.org (http://novirusthanks.org)

Hier nochmal mein Hijack File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:19, on 18.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe
C:\Programme\Eraser\eraser.exe
C:\Programme\TrueCrypt\TrueCrypt.exe
C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Wireshark\wireshark.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Vidalia Bundle\Tor\tor.exe
C:\Dokumente und Einstellungen\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EE.EXE /F "C:\WINDOWS\TEMP\E_S78.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Privoxy.lnk = C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Security Suite CBE 09 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Programme\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe

--
End of file - 5649 bytes


Und hier von Shark als TxT gespeichert(ich weiß ja nicht inwieweit das was bringt):
+---------+---------------+----------+
21:07:37,011,193 ETHER
|0 |00|17|9a|fc|39|8d|00|11|d8|91|48|e9|08|00|45|00|0 0|46|fd|18|00|00|80|11|2c|82|c0|a8|00|bf|c3|32|8c| 72|e9|28|00|35|00|32|e7|ee|71|98|01|00|00|01|00|00 |00|00|00|00|06|64|6e|6c|2d|30|31|03|67|65|6f|09|6 b|61|73|70|65|72|73|6b|79|03|63|6f|6d|00|00|01|00| 01|

+---------+---------------+----------+
21:07:37,029,221 ETHER
|0 |00|11|d8|91|48|e9|00|17|9a|fc|39|8d|08|00|45|00|0 0|56|af|24|00|00|3e|11|bc|66|c3|32|8c|72|c0|a8|00| bf|00|35|e9|28|00|42|c5|e1|71|98|81|80|00|01|00|01 |00|00|00|00|06|64|6e|6c|2d|30|31|03|67|65|6f|09|6 b|61|73|70|65|72|73|6b|79|03|63|6f|6d|00|00|01|00| 01|c0|0c|00|01|00|01|00|00|00|1e|00|04|50|ef|90|4b |

+---------+---------------+----------+
21:07:37,246,971 ETHER
|0 |ff|ff|ff|ff|ff|ff|00|11|d8|91|48|e9|08|00|45|00|0 1|48|fd|1b|00|00|80|11|7b|22|c0|a8|00|bf|ff|ff|ff| ff|00|44|00|43|01|34|f1|20|01|01|06|00|0a|0a|44|e4 |00|00|00|00|c0|a8|00|bf|00|00|00|00|00|00|00|00|0 0|00|00|00|00|11|d8|91|48|e9|00|00|00|00|00|00|00| 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|0 0|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00| 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|0 0|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00| 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|0 0|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00| 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|0 0|00|00|00|00|00|00|00|00|00|00|00|63|82|53|63|35| 01|08|3d|07|01|00|11|d8|91|48|e9|0c|0b|62|6c|61|63 |6b|2d|62|6c|6f|63|6b|3c|08|4d|53|46|54|20|35|2e|3 0|37|0c|01|0f|03|06|2c|2e|2f|1f|21|f9|2b|fc|2b|03| dc|01|00|ff|00|00|00|00|00|

+---------+---------------+----------+
21:07:41,247,362 ETHER
|0 |ff|ff|ff|ff|ff|ff|00|11|d8|91|48|e9|08|00|45|00|0 1|48|fd|26|00|00|80|11|7b|17|c0|a8|00|bf|ff|ff|ff| ff|00|44|00|43|01|34|ed|20|01|01|06|00|0a|0a|44|e4 |04|00|00|00|c0|a8|00|bf|00|00|00|00|00|00|00|00|0 0|00|00|00|00|11|d8|91|48|e9|00|00|00|00|00|00|00| 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|0 0|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00| 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|0 0|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00| 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|0 0|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00| 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|0 0|00|00|00|00|00|00|00|00|00|00|00|63|82|53|63|35| 01|08|3d|07|01|00|11|d8|91|48|e9|0c|0b|62|6c|61|63 |6b|2d|62|6c|6f|63|6b|3c|08|4d|53|46|54|20|35|2e|3 0|37|0c|01|0f|03|06|2c|2e|2f|1f|21|f9|2b|fc|2b|03| dc|01|00|ff|00|00|00|00|00|

+---------+---------------+----------+
21:07:49,481,152 ETHER
|0 |ff|ff|ff|ff|ff|ff|00|11|d8|91|48|e9|08|00|45|00|0 0|4e|fd|39|00|00|80|11|ba|56|c0|a8|00|bf|c0|a8|00| ff|00|89|00|89|00|3a|b8|d1|81|19|01|10|00|01|00|00 |00|00|00|00|20|46|48|46|41|45|42|45|45|43|41|43|4 1|43|41|43|41|43|41|43|41|43|41|43|41|43|41|43|41| 43|41|41|41|00|00|20|00|01|

+---------+---------------+----------+
21:07:50,230,933 ETHER
|0 |ff|ff|ff|ff|ff|ff|00|11|d8|91|48|e9|08|00|45|00|0 0|4e|fd|3c|00|00|80|11|ba|53|c0|a8|00|bf|c0|a8|00| ff|00|89|00|89|00|3a|b8|d1|81|19|01|10|00|01|00|00 |00|00|00|00|20|46|48|46|41|45|42|45|45|43|41|43|4 1|43|41|43|41|43|41|43|41|43|41|43|41|43|41|43|41| 43|41|41|41|00|00|20|00|01|

+---------+---------------+----------+
21:07:50,980,963 ETHER
|0 |ff|ff|ff|ff|ff|ff|00|11|d8|91|48|e9|08|00|45|00|0 0|4e|fd|3d|00|00|80|11|ba|52|c0|a8|00|bf|c0|a8|00| ff|00|89|00|89|00|3a|b8|d1|81|19|01|10|00|01|00|00 |00|00|00|00|20|46|48|46|41|45|42|45|45|43|41|43|4 1|43|41|43|41|43|41|43|41|43|41|43|41|43|41|43|41| 43|41|41|41|00|00|20|00|01|

+---------+---------------+----------+
21:07:51,799,462 ETHER
|0 |00|17|9a|fc|39|8d|00|11|d8|91|48|e9|08|00|45|00|0 0|46|fd|40|00|00|80|11|2c|5a|c0|a8|00|bf|c3|32|8c| 72|e4|8a|00|35|00|32|88|b5|d5|6f|01|00|00|01|00|00 |00|00|00|00|06|64|6e|6c|2d|30|31|03|67|65|6f|09|6 b|61|73|70|65|72|73|6b|79|03|63|6f|6d|00|00|01|00| 01|

+---------+---------------+----------+
21:07:51,816,716 ETHER
|0 |00|11|d8|91|48|e9|00|17|9a|fc|39|8d|08|00|45|00|0 0|56|8e|7b|00|00|3e|11|dd|0f|c3|32|8c|72|c0|a8|00| bf|00|35|e4|8a|00|42|66|b6|d5|6f|81|80|00|01|00|01 |00|00|00|00|06|64|6e|6c|2d|30|31|03|67|65|6f|09|6 b|61|73|70|65|72|73|6b|79|03|63|6f|6d|00|00|01|00| 01|c0|0c|00|01|00|01|00|00|00|10|00|04|50|ef|90|4b |

+---------+---------------+----------+
21:07:51,818,702 ETHER
|0 |00|17|9a|fc|39|8d|00|11|d8|91|48|e9|08|00|45|00|0 0|30|fd|41|40|00|80|06|5a|e4|c0|a8|00|bf|50|ef|90| 4b|07|28|00|50|78|1e|67|fa|00|00|00|00|70|02|ff|ff |f8|ec|00|00|02|04|05|b4|01|01|04|02|

+---------+---------------+----------+
21:07:51,844,470 ETHER
|0 |00|11|d8|91|48|e9|00|17|9a|fc|39|8d|08|00|45|00|0 0|30|47|74|40|00|39|06|57|b2|50|ef|90|4b|c0|a8|00| bf|00|50|07|28|10|2d|3a|d2|78|1e|67|fb|70|12|20|00 |8e|e5|00|00|02|04|05|ac|04|02|00|00|

+---------+---------------+----------+
21:07:51,844,521 ETHER
|0 |00|17|9a|fc|39|8d|00|11|d8|91|48|e9|08|00|45|00|0 0|28|fd|42|40|00|80|06|5a|eb|c0|a8|00|bf|50|ef|90| 4b|07|28|00|50|78|1e|67|fb|10|2d|3a|d3|50|10|ff|ff |a2|bc|00|00|

+---------+---------------+----------+
21:07:51,844,829 ETHER
|0 |00|17|9a|fc|39|8d|00|11|d8|91|48|e9|08|00|45|00|0 0|28|fd|43|40|00|80|06|5a|ea|c0|a8|00|bf|50|ef|90| 4b|07|28|00|50|78|1e|67|fb|10|2d|3a|d3|50|11|ff|ff |a2|bc|00|00|

+---------+---------------+----------+
21:07:51,872,262 ETHER
|0 |00|11|d8|91|48|e9|00|17|9a|fc|39|8d|08|00|45|00|0 0|28|48|bc|40|00|39|06|56|72|50|ef|90|4b|c0|a8|00| bf|00|50|07|28|10|2d|3a|d3|78|1e|67|fc|50|10|22|08 |b8|97|00|00|aa|aa|00|00|aa|aa|

+---------+---------------+----------+
21:07:51,872,339 ETHER
|0 |00|11|d8|91|48|e9|00|17|9a|fc|39|8d|08|00|45|00|0 0|28|48|bd|40|00|39|06|56|71|50|ef|90|4b|c0|a8|00| bf|00|50|07|28|10|2d|3a|d3|78|1e|67|fc|50|11|22|08 |b8|96|00|00|aa|aa|00|00|aa|aa|

+---------+---------------+----------+
21:07:51,872,365 ETHER
|0 |00|17|9a|fc|39|8d|00|11|d8|91|48|e9|08|00|45|00|0 0|28|fd|44|40|00|80|06|5a|e9|c0|a8|00|bf|50|ef|90| 4b|07|28|00|50|78|1e|67|fc|10|2d|3a|d4|50|10|ff|ff |a2|bc|00|00|

+---------+---------------+----------+
21:08:08,614,815 ETHER
|0 |00|17|9a|fc|39|8d|00|11|d8|91|48|e9|08|00|45|00|0 0|32|fd|6d|40|00|80|06|e2|c4|c0|a8|00|bf|40|0c|19| 20|0c|54|14|46|19|e2|11|f9|90|cf|fa|f0|50|18|fc|a8 |1a|b8|00|00|2a|05|52|66|00|04|00|00|00|3c|

+---------+---------------+----------+
21:08:08,725,438 ETHER
|0 |00|11|d8|91|48|e9|00|17|9a|fc|39|8d|08|00|45|00|0 0|28|01|3e|40|00|70|06|ee|fe|40|0c|19|20|c0|a8|00| bf|14|46|0c|54|90|cf|fa|f0|19|e2|12|03|50|10|40|00 |7d|01|00|00|aa|aa|00|00|aa|aa|



Hab ich nun ein Trojaner udn wenn aj wie bekomme ich ihn weg?
Danke für eure Hilfe
Clode
17.07.2009, 23:36
kannst mir den filelink ja mal per pm schicken, ich scanns dann mal
CurRy
17.07.2009, 23:57
Auf HiJackThis Homepage konnte ich keinen Eintrag finden der nicht gut aussieht.
Kannst ja mal in deinen Autostart schauen
Boarder
18.07.2009, 00:13
Mh also das was ich gedownloadet habe ist im februar hochgeladen wurden. Also wenn es ein Trojaner ist müsste der doch von Kaspersky doch erkannt werden nach den Monaten die dazwischen liegen?
Clode du hast eine PM
Publix
18.07.2009, 00:22
Wieso checkst du die files nicht bevor du sie zulässt ?
Boarder
18.07.2009, 00:26
Das frag ich mich im Nachhinein auch. Habe ja Kaspersky drübersuchen lassen bevor ich geklickt habe und es kam ja nix.
MakaZ
18.07.2009, 01:29
Ich würd dir empfehlen nächstes mal ne VM zu benutzen.
Ansonsten mal mit Wireshark Packete prüfen bzw. die File ma auf ner VM ausführn und sniffen.
Vielleicht, wenn die Datei nicht gecryptet ist, mit dem Hexeditor durchlesen.