Virenseiten, Es werden keine Antivirusseiten aufgebaut Einstellungen

[Hareso]

Seit kurzem werden über welchen Browser auch immer keine Seiten von Antivirusprogrammen aufgebaut. Kann Seite nicht finden
Habe mit verschiedenen programmen einige Trackingcockies entdeckt und enfernt.
Geht aber noch immer nicht. Alle anderen Seiten gehen.
Habe auf dem Rechner VM Ware laufen und von einem Gastsystemk kann ich die Seiten sehr wohl öffnen. Also am Router kanns schon mal nicht liegen.
Bitte um durchsicht meines Log Files und eventuell ein wenig Hilfe was ich noch machen könnte.

Danke Hannes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:13, on 01.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\VMware\VMware Workstation\vmware-tray.exe
C:\Programme\VMware\VMware Workstation\hqtray.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\Curse\CurseClient.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programme\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Safari\Safari.exe
C:\Programme\VMware\VMware Workstation\vmware.exe
C:\Programme\VMware\VMware Workstation\bin\vmware-vmx.exe
C:\Programme\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programme\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Programme\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = soti.lokal
O17 - HKLM\Software\..\Telephony: DomainName = soti.lokal
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = soti.lokal
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 4864 bytes

[Hareso]

So nun is er fertig
Rootkit found

hab jetz über die vmware die signatur geladen mal schaun ob ichs hinbekomme.



GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-01 21:17:44
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xBA676818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xBA6767D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xBA66AA20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xBA66B2A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xBA676910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xBA676794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xBA66B2C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xBA676866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xBA6760B0]
SSDT spng.sys ZwSetValueKey [0xBA6C719A]
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB748CDF0]

INT 0x63 ? 8AF0ABF8
INT 0x63 ? 8AF0ABF8
INT 0x63 ? 8AF0ABF8
INT 0x63 ? 8AF0ABF8
INT 0x63 ? 8ACF6F00
INT 0x63 ? 8AF0ABF8
INT 0x73 ? 8AE9BF00
INT 0x94 ? 8ACF6F00
INT 0x94 ? 8ACF6F00
INT 0x94 ? 8ACF6F00
INT 0x94 ? 8ACF6F00
INT 0xA4 ? 8ACF6F00
INT 0xB4 ? 8ACF6F00

---- Kernel code sections - GMER 1.0.15 ----

? spng.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B9DDB8AC 5 Bytes JMP 8ACF64E0

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtQueryInformationProcess 7C91D7FE 5 Bytes JMP 018AADCD
.text C:\WINDOWS\system32\svchost.exe[964] NETAPI32.dll!NetpwPathCanonicalize 597DA3A9 5 Bytes JMP 018AAD64
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryInformationProcess 7C91D7FE 5 Bytes JMP 009AADCD
.text C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE[3288] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605629 C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spng.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spng.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spng.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spng.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spng.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spng.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AF081F8
Device \FileSystem\Ntfs \Ntfs 8AE3C9A0

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8ACF3500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AE991F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AE991F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AE991F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AE991F8
Device \Driver\usbehci \Device\USBPDO-1 8AD0D1F8
Device \Driver\usbuhci \Device\USBPDO-2 8ACF3500
Device \Driver\usbuhci \Device\USBPDO-3 8ACF3500
Device \Driver\usbuhci \Device\USBPDO-4 8ACF3500
Device \Driver\usbuhci \Device\USBPDO-5 8ACF3500
Device \Driver\usbehci \Device\USBPDO-6 8AD0D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF0B1F8
Device \Driver\usbuhci \Device\USBPDO-7 8ACF3500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AF0B1F8
Device \Driver\Cdrom \Device\CdRom0 8ABCC008
Device \FileSystem\Rdbss \Device\FsWrap 8A60C180
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AF0B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8AF0B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{61B4A153-B358-417E-BB73-46EB96473FA7} 8AA87500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AA87500
Device \Driver\usbhub \Device\00000083 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000078 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\NetBT \Device\NetbiosSmb 8AA87500
Device \Driver\usbhub \Device\00000079 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\Srv \Device\LanmanServer 8A4286D0
Device \Driver\usbuhci \Device\USBFDO-0 8ACF3500
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 8ACF3500
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000007a hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 8ACF3500
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A60B1F8
Device \Driver\usbhub \Device\0000007b hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-3 8AD0D1F8
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A60B1F8
Device \Driver\usbhub \Device\0000007c hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-4 8ACF3500
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\Npfs \Device\NamedPipe 8AB44168
Device \Driver\usbhub \Device\0000007d hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Ftdisk \Device\FtControl 8AF0B1F8
Device \Driver\usbuhci \Device\USBFDO-5 8ACF3500
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\Msfs \Device\Mailslot 8AA84EA8
Device \Driver\usbhub \Device\0000007e hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-6 8ACF3500
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000007f hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-7 8AD0D1F8
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target0Lun0 8ABCE750
Device \Driver\Pnp680 \Device\Scsi\Pnp6801Port4Path0Target1Lun0 8AE981F8
Device \Driver\Pnp680 \Device\Scsi\Pnp6801 8AE981F8
Device \Driver\Pnp680 \Device\Scsi\Pnp6801Port4Path0Target0Lun0 8AE981F8
Device \Driver\d347prt \Device\Scsi\d347prt1 8ABCE750
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A86EA88
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A86EA88
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A86EA88
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A86EA88
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A86EA88
Device \FileSystem\Cdfs \Cdfs 8A4191F8

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] evbzqj <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\evbzqj@DisplayName Windows Microsoft
Reg HKLM\SYSTEM\CurrentControlSet\Services\evbzqj@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\evbzqj@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\evbzqj@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\evbzqj@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\evbzqj@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\evbzqj@Description Endpunktzuordnung und andere verschiedene RPC-Dienste.
Reg HKLM\SYSTEM\CurrentControlSet\Services\evbzqj\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\evbzqj\Parameters@ServiceDll C:\WINDOWS\system32\gmoty.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet003\Services\evbzqj@DisplayName Windows Microsoft
Reg HKLM\SYSTEM\ControlSet003\Services\evbzqj@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\evbzqj@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\evbzqj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\evbzqj@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\evbzqj@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\evbzqj@Description Endpunktzuordnung und andere verschiedene RPC-Dienste.
Reg HKLM\SYSTEM\ControlSet003\Services\evbzqj\Parameters
Reg HKLM\SYSTEM\ControlSet003\Services\evbzqj\Parameters@ServiceDll C:\WINDOWS\system32\gmoty.dll

---- EOF - GMER 1.0.15 ----