Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Mozilla öffnet einfach Spam Seiten und will plugins runterladen (https://www.trojaner-board.de/92097-mozilla-oeffnet-einfach-spam-seiten-will-plugins-runterladen.html)

Bob003 22.10.2010 07:28
Mozilla öffnet einfach Spam Seiten und will plugins runterladen
 
Hallo,
wenn ich Firefox öffne und bei Google oder wo anders was suche und den link anklicke öffnen sich einfach andere Seiten die nicht gesucht und Mozilla will zuzätzlich nen plugin runterladen,mal geht die richtige seite auf mal nicht.Was kann ich dagegen tun?

Habe Gmer runtergeladen und es mal durchlaufen lassen hier mein Log.

Code:
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-22 08:24:31
Windows 5.1.2600 Service Pack 3
Running: 2mvotsh8.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kgeoykow.sys


---- User code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\Explorer.EXE[1464] kernel32.dll!CreateProcessInternalW                  7C81979C 5 Bytes  JMP 009E85CB
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] ntdll.dll!LdrLoadDll                7C9263A3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!closesocket              71A13E2B 5 Bytes  JMP 00156367
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!send                    71A14C27 5 Bytes  JMP 00155F60
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!WSARecv                  71A14CB5 5 Bytes  JMP 00156138
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!recv                    71A1676F 5 Bytes  JMP 00155FD3
.text  C:\Programme\Mozilla Firefox\firefox.exe[3032] WS2_32.dll!WSASend                  71A168FA 5 Bytes  JMP 0015609E
.text  C:\Programme\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!TrackPopupMenu  7E3B531E 5 Bytes  JMP 103FDDE0 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----

Bob003 22.10.2010 08:02
und hier Hijack

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:01:29, on 22.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Spybot - Search & Destroy\SpybotSD.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
D:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis204.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NMSAccess - Unknown owner - D:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Windows Media Connect-Dienst (WMConnectCDS) - Unknown owner - C:\Programme\Windows Media Connect 2\wmccds.exe (file missing)

--
End of file - 2819 bytes

Chris4You 22.10.2010 08:07
Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Bob003 22.10.2010 09:57
Malware


Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4907

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

22.10.2010 10:56:46
mbam-log-2010-10-22 (10-56-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 144561
Laufzeit: 48 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Bob003 22.10.2010 09:59
Code:
OTL logfile created on: 22.10.2010 10:54:42 - Run 1
OTL by OldTimer - Version 3.2.16.0    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 500 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 4,87 Gb Total Space | 0,43 Gb Free Space | 8,89% Space Free | Partition Type: FAT32
Drive D: | 32,37 Gb Total Space | 30,91 Gb Free Space | 95,49% Space Free | Partition Type: NTFS
 
Computer Name: CPMW-B7CD394AA2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Programme\WinRAR.exe ()
PRC - D:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (NMSAccess) -- D:\Programme\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\System32\DRIVERS\snp2sxp.sys File not found
DRV - (Cdrom) -- C:\WINDOWS\System32\DRIVERS\cdrom.sys File not found
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (FA312) -- C:\WINDOWS\system32\drivers\FA312nd5.sys (NETGEAR Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.18 16:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.29 19:29:38 | 000,000,000 | ---D | M]
 
[2010.10.18 16:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.18 16:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\extensions
[2010.10.18 16:04:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.18 16:02:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.12 16:00:18 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 23:32:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.07.17 00:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.29 19:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.22 10:05:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\tpa
[2010.10.22 09:45:30 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010.10.22 09:38:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.10.22 09:37:44 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010.10.22 09:37:44 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010.10.22 09:37:44 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010.10.22 09:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.10.22 07:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.10.22 07:14:18 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010.10.22 06:59:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\backups
[2010.10.22 06:56:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis204.exe
[2010.10.22 06:39:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2010.10.19 21:08:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.19 20:42:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.10.19 20:42:09 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.10.19 20:41:41 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.10.19 11:56:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.10.18 16:02:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2010.10.18 15:46:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.10.18 15:13:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVG10
[2010.10.18 15:12:35 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010.10.18 15:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.10.18 15:00:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.10.18 14:35:18 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.10.18 14:30:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze
[2010.10.18 14:16:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Server
[2010.10.15 14:57:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Config.Msi
[2010.10.15 14:57:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.10.15 02:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Meine empfangenen Dateien
[2010.10.15 00:01:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM
[2010.10.14 23:55:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
[2010.10.14 23:55:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2010.10.12 18:55:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities
[2010.10.12 16:05:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.10.12 16:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.10.12 16:00:28 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.12 15:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2010.10.01 19:46:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2010.10.01 19:16:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
[2010.10.01 18:44:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.09.29 07:57:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2010.09.22 19:49:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OfficeRecovery
[2010.09.22 16:00:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.22 10:10:58 | 000,025,439 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\tpa.zip
[2010.10.22 09:48:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.10.22 09:48:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.10.22 09:48:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010.10.22 09:40:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.22 09:40:02 | 000,000,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Update Service.lnk
[2010.10.22 09:37:40 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010.10.22 09:37:40 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010.10.22 09:37:40 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010.10.22 08:42:28 | 000,269,857 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\attachment.pdf
[2010.10.22 06:56:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis204.exe
[2010.10.22 06:39:54 | 000,001,440 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.22 06:37:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.22 06:37:36 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\ECCZN.job
[2010.10.22 06:37:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.19 20:30:20 | 000,007,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.18 16:02:28 | 000,001,470 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.18 14:56:00 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.18 14:38:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.18 14:35:22 | 000,068,096 | ---- | M] () -- C:\WINDOWS\System32\weg48.f3d
[2010.10.18 14:35:22 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\fwe43g347347.w6
[2010.10.18 14:35:22 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\gs78.c3
[2010.10.18 14:35:18 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.10.18 14:26:14 | 000,000,690 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.10.14 21:52:06 | 000,045,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00035.JPG
[2010.10.14 14:37:22 | 000,060,193 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00032.JPG
[2010.10.12 16:00:18 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.01 19:46:00 | 000,000,408 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.10.01 19:28:36 | 000,000,166 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\trueburner.ini
[2010.10.01 18:43:46 | 000,416,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.01 18:43:46 | 000,401,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.01 18:43:46 | 000,075,392 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.01 18:43:46 | 000,062,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.01 18:31:10 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.29 19:57:08 | 000,000,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\achhenre.rtf
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.22 10:10:56 | 000,025,439 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\tpa.zip
[2010.10.22 10:07:22 | 048,413,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\W890_R1FA035_MAIN_GENERIC_AK_RED52.mbn
[2010.10.22 10:07:18 | 040,300,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\W890_R1FA035_FS_WESTERN-EUROPE_RED52.fbn
[2010.10.22 09:48:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.10.22 09:48:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.10.22 09:48:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010.10.22 09:40:01 | 000,000,720 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Update Service.lnk
[2010.10.22 08:42:26 | 000,269,857 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\attachment.pdf
[2010.10.22 06:39:52 | 000,001,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.18 16:02:26 | 000,001,470 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.10.18 14:55:58 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.18 14:38:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.18 14:35:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fwe43g347347.w6
[2010.10.18 14:35:21 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\gs78.c3
[2010.10.18 14:35:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\weg48.f3d
[2010.10.18 14:26:13 | 000,000,690 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.10.18 14:26:12 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.10.18 14:17:23 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\ECCZN.job
[2010.10.14 19:39:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010.10.14 17:09:13 | 000,045,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00035.JPG
[2010.10.14 17:05:25 | 000,060,193 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DSC00032.JPG
[2010.10.01 19:45:59 | 000,000,408 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.10.01 19:43:22 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.01 19:22:25 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\trueburner.ini
[2010.09.29 19:57:06 | 000,000,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\achhenre.rtf
[2010.08.31 20:01:53 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.08.31 20:01:53 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2C69BD85DE.sys
[2010.08.30 16:49:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2010.08.29 18:52:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >

Bob003 22.10.2010 10:00
Code:
OTL Extras logfile created on: 22.10.2010 10:54:42 - Run 1
OTL by OldTimer - Version 3.2.16.0    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 500 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 4,87 Gb Total Space | 0,43 Gb Free Space | 8,89% Space Free | Partition Type: FAT32
Drive D: | 32,37 Gb Total Space | 30,91 Gb Free Space | 95,49% Space Free | Partition Type: NTFS
 
Computer Name: CPMW-B7CD394AA2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"1064:TCP" = 1064:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- File not found
"D:\Programme\Sony Ericsson\Update Service\Update Service.exe" = D:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Recuva" = Recuva
"Update Service" = Sony Ericsson Update Service
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.09.2010 14:21:01 | Computer Name = CPMW-B7CD394AA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Recuva.exe, Version 1.38.0.504, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 01.10.2010 12:15:11 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:12 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:12 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:13 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:15 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:16 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:17 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:18 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 11335
Description = Produkt: Nero BurnLite 10 -- Fehler 1335. Die für die Installation
 erforderliche CAB-Datei "Data1.cab" ist beschädigt und kann nicht verwendet werden.
 Dies deutet auf einen Netzwerkfehler, einen CD-ROM-Lesefehler oder auf ein das
Paket betreffendes Problem hin.
 
Error - 01.10.2010 12:15:22 | Computer Name = CPMW-B7CD394AA2 | Source = MsiInstaller | ID = 1043
Description = Fehler beim Starten einer Windows Installer-Transaktion: . Beim Beenden
 der Transaktion ist Fehler 5 aufgetreten.
 
[ System Events ]
Error - 01.10.2010 13:16:51 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:16:57 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:04 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:20 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:17:26 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:18:14 | Computer Name = CPMW-B7CD394AA2 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 01.10.2010 13:18:18 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:18:25 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:30:44 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 01.10.2010 13:30:47 | Computer Name = CPMW-B7CD394AA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >

Bob003 22.10.2010 10:10
Code:
2010/10/22 11:09:19.0109        TDSS rootkit removing tool 2.4.4.0 Oct  4 2010 09:06:59
2010/10/22 11:09:19.0109        ================================================================================
2010/10/22 11:09:19.0109        SystemInfo:
2010/10/22 11:09:19.0109       
2010/10/22 11:09:19.0109        OS Version: 5.1.2600 ServicePack: 3.0
2010/10/22 11:09:19.0109        Product type: Workstation
2010/10/22 11:09:19.0109        ComputerName: CPMW-B7CD394AA2
2010/10/22 11:09:19.0109        UserName: Administrator
2010/10/22 11:09:19.0109        Windows directory: C:\WINDOWS
2010/10/22 11:09:19.0109        System windows directory: C:\WINDOWS
2010/10/22 11:09:19.0109        Processor architecture: Intel x86
2010/10/22 11:09:19.0109        Number of processors: 1
2010/10/22 11:09:19.0109        Page size: 0x1000
2010/10/22 11:09:19.0109        Boot type: Normal boot
2010/10/22 11:09:19.0109        ================================================================================
2010/10/22 11:09:19.0343        Initialize success
2010/10/22 11:09:22.0796        ================================================================================
2010/10/22 11:09:22.0796        Scan started
2010/10/22 11:09:22.0796        Mode: Manual;
2010/10/22 11:09:22.0796        ================================================================================
2010/10/22 11:09:24.0906        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/22 11:09:25.0000        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/22 11:09:25.0265        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/22 11:09:25.0390        AFD            (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2010/10/22 11:09:26.0187        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/22 11:09:26.0812        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/22 11:09:26.0921        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/22 11:09:27.0218        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/22 11:09:27.0375        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/22 11:09:27.0546        AVGIDSEH        (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/10/22 11:09:27.0609        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/22 11:09:27.0687        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/22 11:09:27.0781        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/22 11:09:28.0031        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/22 11:09:28.0093        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/22 11:09:28.0546        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/22 11:09:28.0843        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/22 11:09:29.0453        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/22 11:09:29.0609        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/22 11:09:29.0812        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/22 11:09:29.0875        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/22 11:09:30.0031        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/22 11:09:30.0359        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/22 11:09:30.0531        FA312          (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
2010/10/22 11:09:30.0656        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/22 11:09:30.0734        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/22 11:09:30.0859        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/22 11:09:31.0031        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/22 11:09:31.0187        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/22 11:09:31.0296        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/22 11:09:31.0343        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/22 11:09:31.0421        ggflt          (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/10/22 11:09:31.0515        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/10/22 11:09:31.0640        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/22 11:09:31.0953        HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/22 11:09:32.0453        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/22 11:09:32.0593        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/22 11:09:32.0875        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/22 11:09:32.0953        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/22 11:09:33.0109        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/22 11:09:33.0203        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/22 11:09:33.0296        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/22 11:09:33.0390        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/22 11:09:33.0546        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/22 11:09:33.0656        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/22 11:09:33.0781        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/22 11:09:33.0921        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/22 11:09:34.0078        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/22 11:09:34.0218        KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/22 11:09:34.0671        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/22 11:09:34.0812        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/22 11:09:34.0921        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/22 11:09:34.0984        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/22 11:09:35.0375        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/22 11:09:35.0531        MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/22 11:09:35.0750        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/22 11:09:35.0875        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/22 11:09:36.0000        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/22 11:09:36.0093        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/22 11:09:36.0265        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/22 11:09:36.0359        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/22 11:09:36.0500        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/22 11:09:36.0687        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/22 11:09:36.0765        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/22 11:09:36.0921        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/22 11:09:37.0109        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/22 11:09:37.0203        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/22 11:09:37.0250        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/22 11:09:37.0328        NDProxy        (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/22 11:09:37.0421        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/22 11:09:37.0640        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/22 11:09:37.0796        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/22 11:09:37.0937        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/22 11:09:38.0062        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/22 11:09:38.0281        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/22 11:09:38.0328        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/22 11:09:38.0375        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/22 11:09:38.0453        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/22 11:09:38.0500        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/22 11:09:38.0640        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/22 11:09:38.0718        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/22 11:09:38.0796        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/22 11:09:39.0031        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/10/22 11:09:39.0171        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/22 11:09:40.0031        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/22 11:09:40.0093        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/22 11:09:40.0125        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/22 11:09:40.0843        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/22 11:09:40.0937        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/22 11:09:41.0046        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/22 11:09:41.0078        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/22 11:09:41.0250        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/22 11:09:41.0343        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/22 11:09:41.0500        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/22 11:09:41.0671        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/22 11:09:41.0859        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/22 11:09:42.0015        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/22 11:09:42.0156        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/22 11:09:42.0296        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/22 11:09:42.0656        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/22 11:09:43.0281        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/22 11:09:43.0406        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/22 11:09:43.0562        Srv            (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/22 11:09:43.0734        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2010/10/22 11:09:43.0890        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/22 11:09:44.0140        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/22 11:09:44.0312        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/22 11:09:45.0203        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/22 11:09:45.0453        Tcpip          (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/22 11:09:45.0656        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/22 11:09:45.0812        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/22 11:09:45.0968        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/22 11:09:46.0453        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/22 11:09:46.0921        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/22 11:09:47.0140        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/22 11:09:47.0328        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/22 11:09:47.0468        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/22 11:09:47.0656        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/22 11:09:47.0781        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/22 11:09:47.0906        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/22 11:09:48.0453        VIAudio        (01c7ba100f06e3a221b4068682fd2a2f) C:\WINDOWS\system32\drivers\viaudios.sys
2010/10/22 11:09:48.0609        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/22 11:09:48.0781        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/22 11:09:48.0953        Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/22 11:09:49.0390        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/22 11:09:49.0765        WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/10/22 11:09:49.0953        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/22 11:09:50.0234        ================================================================================
2010/10/22 11:09:50.0234        Scan finished
2010/10/22 11:09:50.0234        ================================================================================

Chris4You 22.10.2010 11:20
Hi,

da ist was oberfaul!

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\WINDOWS\System32\weg48.f3d
C:\WINDOWS\System32\fwe43g347347.w6
C:\WINDOWS\System32\gs78.c3
C:\WINDOWS\tasks\ECCZN.job
C:\WINDOWS\System32\dllcache\user32.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!


Der Virenscanner (Meldungen) sind komplett abgeknippst:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris

Bob003 22.10.2010 18:51
File: weg48.f3d

Code:
File name:
weg48.f3d
Submission date:
2010-10-22 17:38:13 (UTC)
Current status:
queued (#7) queued (#7) analysing finished
Result:
3/ 42 (7.1%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.22.01        2010.10.22        -
AntiVir        7.10.13.27        2010.10.22        -
Antiy-AVL        2.0.3.7        2010.10.22        -
Authentium        5.2.0.5        2010.10.22        -
Avast        4.8.1351.0        2010.10.22        -
Avast5        5.0.594.0        2010.10.22        -
AVG        9.0.0.851        2010.10.22        -
BitDefender        7.2        2010.10.22        -
CAT-QuickHeal        11.00        2010.10.22        -
ClamAV        0.96.2.0-git        2010.10.22        -
Comodo        6479        2010.10.22        -
DrWeb        5.0.2.03300        2010.10.22        Win32.HLLW.Okamai.origin
Emsisoft        5.0.0.50        2010.10.22        -
eSafe        7.0.17.0        2010.10.21        -
eTrust-Vet        36.1.7928        2010.10.22        -
F-Prot        4.6.2.117        2010.10.22        -
F-Secure        9.0.16160.0        2010.10.22        -
Fortinet        4.2.249.0        2010.10.22        -
GData        21        2010.10.22        -
Ikarus        T3.1.1.90.0        2010.10.22        -
Jiangmin        13.0.900        2010.10.22        -
K7AntiVirus        9.66.2813        2010.10.22        -
Kaspersky        7.0.0.125        2010.10.22        -
McAfee        5.400.0.1158        2010.10.22        W32/Mariofev!enc
McAfee-GW-Edition        2010.1C        2010.10.22        W32/Mariofev!enc
Microsoft        1.6301        2010.10.22        -
NOD32        5555        2010.10.22        -
Norman        6.06.10        2010.10.22        -
nProtect        2010-10-22.01        2010.10.22        -
Panda        10.0.2.7        2010.10.22        -
PCTools        7.0.3.5        2010.10.22        -
Prevx        3.0        2010.10.22        -
Rising        22.70.03.04        2010.10.22        -
Sophos        4.58.0        2010.10.22        -
Sunbelt        7118        2010.10.22        -
SUPERAntiSpyware        4.40.0.1006        2010.10.22        -
TheHacker        6.7.0.1.064        2010.10.21        -
TrendMicro        9.120.0.1004        2010.10.22        -
TrendMicro-HouseCall        9.120.0.1004        2010.10.22        -
VBA32        3.12.14.1        2010.10.22        -
ViRobot        2010.9.25.4060        2010.10.22        -
VirusBuster        12.69.13.0        2010.10.22        -
Additional information
Show all
MD5  : a04a8553f9200ed8290f6f58c5c4b281
SHA1  : bcbe447eedbf8d6deded3d6b1c5d492dc83cb442
SHA256: bdcd5d36553919860f0bb43e9a72579a2f3c18e3c2fb7ca9a1da17d06db4a65b
ssdeep: 1536:SU6NsxvvE2/5IgZSwYD/TfxcY74b9K3V9dwcrsXrJ:qNsxXE2BI3fxva9SVHw0sXl
File size : 68096 bytes
First seen: 2010-10-22 17:38:13
Last seen : 2010-10-22 17:38:13
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Bob003 22.10.2010 18:52
File fwe43g347347.w6

Code:
File name:
fwe43g347347.w6
Submission date:
2010-10-22 17:48:14 (UTC)
Current status:
queued (#8) queued (#8) analysing finished
Result:
3/ 43 (7.0%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.22.01        2010.10.22        -
AntiVir        7.10.13.27        2010.10.22        -
Antiy-AVL        2.0.3.7        2010.10.22        -
Authentium        5.2.0.5        2010.10.22        -
Avast        4.8.1351.0        2010.10.22        -
Avast5        5.0.594.0        2010.10.22        -
AVG        9.0.0.851        2010.10.22        -
BitDefender        7.2        2010.10.22        -
CAT-QuickHeal        11.00        2010.10.22        -
ClamAV        0.96.2.0-git        2010.10.22        -
Comodo        6479        2010.10.22        -
DrWeb        5.0.2.03300        2010.10.22        Win32.HLLW.Okamai.12
Emsisoft        5.0.0.50        2010.10.22        -
eSafe        7.0.17.0        2010.10.21        -
eTrust-Vet        36.1.7928        2010.10.22        -
F-Prot        4.6.2.117        2010.10.22        -
F-Secure        9.0.16160.0        2010.10.22        -
Fortinet        4.2.249.0        2010.10.22        -
GData        21        2010.10.22        -
Ikarus        T3.1.1.90.0        2010.10.22        -
Jiangmin        13.0.900        2010.10.22        -
K7AntiVirus        9.66.2813        2010.10.22        -
Kaspersky        7.0.0.125        2010.10.22        -
McAfee        5.400.0.1158        2010.10.22        W32/Mariofev!enc
McAfee-GW-Edition        2010.1C        2010.10.22        W32/Mariofev!enc
Microsoft        1.6301        2010.10.22        -
NOD32        5555        2010.10.22        -
Norman        6.06.10        2010.10.22        -
nProtect        2010-10-22.01        2010.10.22        -
Panda        10.0.2.7        2010.10.22        -
PCTools        7.0.3.5        2010.10.22        -
Prevx        3.0        2010.10.22        -
Rising        22.70.03.04        2010.10.22        -
Sophos        4.58.0        2010.10.22        -
Sunbelt        7118        2010.10.22        -
SUPERAntiSpyware        4.40.0.1006        2010.10.22        -
Symantec        20101.2.0.161        2010.10.22        -
TheHacker        6.7.0.1.064        2010.10.21        -
TrendMicro        9.120.0.1004        2010.10.22        -
TrendMicro-HouseCall        9.120.0.1004        2010.10.22        -
VBA32        3.12.14.1        2010.10.22        -
ViRobot        2010.9.25.4060        2010.10.22        -
VirusBuster        12.69.13.0        2010.10.22        -
Additional information
Show all
MD5  : a1850c277e90ccc9c42388f441b7b6bf
SHA1  : 035b89c44a42d0dfbd5c10ad6cf1a781c4ecd670
SHA256: 62160ab1cbfbf90cf7b5bcbd6abc04c95ab67db93bfff856ebcab23c2a8c4425
ssdeep: 384:QdZlG895Aikt1uIKnKDLEHTaLyB4Z1Ru/CMBdz0WQ:QdfG89FIKnKPEHTaLOWLuKMBd0L
File size : 36864 bytes
First seen: 2010-10-22 17:48:14
Last seen : 2010-10-22 17:48:14
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Bob003 22.10.2010 18:56
File gs78.c3


Code:
File name:
gs78.c3
Submission date:
2010-10-22 17:53:54 (UTC)
Current status:
queued (#5) queued (#5) analysing finished
Result:
3/ 43 (7.0%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.22.01        2010.10.22        -
AntiVir        7.10.13.27        2010.10.22        -
Antiy-AVL        2.0.3.7        2010.10.22        -
Authentium        5.2.0.5        2010.10.22        -
Avast        4.8.1351.0        2010.10.22        -
Avast5        5.0.594.0        2010.10.22        -
AVG        9.0.0.851        2010.10.22        -
BitDefender        7.2        2010.10.22        -
CAT-QuickHeal        11.00        2010.10.22        -
ClamAV        0.96.2.0-git        2010.10.22        -
Comodo        6479        2010.10.22        -
DrWeb        5.0.2.03300        2010.10.22        Trojan.Rvz.10
Emsisoft        5.0.0.50        2010.10.22        -
eSafe        7.0.17.0        2010.10.21        -
eTrust-Vet        36.1.7928        2010.10.22        -
F-Prot        4.6.2.117        2010.10.22        -
F-Secure        9.0.16160.0        2010.10.22        -
Fortinet        4.2.249.0        2010.10.22        -
GData        21        2010.10.22        -
Ikarus        T3.1.1.90.0        2010.10.22        -
Jiangmin        13.0.900        2010.10.22        -
K7AntiVirus        9.66.2813        2010.10.22        -
Kaspersky        7.0.0.125        2010.10.22        -
McAfee        5.400.0.1158        2010.10.22        W32/Mariofev!enc
McAfee-GW-Edition        2010.1C        2010.10.22        W32/Mariofev!enc
Microsoft        1.6301        2010.10.22        -
NOD32        5555        2010.10.22        -
Norman        6.06.10        2010.10.22        -
nProtect        2010-10-22.01        2010.10.22        -
Panda        10.0.2.7        2010.10.22        -
PCTools        7.0.3.5        2010.10.22        -
Prevx        3.0        2010.10.22        -
Rising        22.70.03.04        2010.10.22        -
Sophos        4.58.0        2010.10.22        -
Sunbelt        7118        2010.10.22        -
SUPERAntiSpyware        4.40.0.1006        2010.10.22        -
Symantec        20101.2.0.161        2010.10.22        -
TheHacker        6.7.0.1.064        2010.10.21        -
TrendMicro        9.120.0.1004        2010.10.22        -
TrendMicro-HouseCall        9.120.0.1004        2010.10.22        -
VBA32        3.12.14.1        2010.10.22        -
ViRobot        2010.9.25.4060        2010.10.22        -
VirusBuster        12.69.13.0        2010.10.22        -
Additional information
Show all
MD5  : 982a389c6156435989e02df2348e938c
SHA1  : 87fd43b0032cb931058cbc328d2752bc3c03cf01
SHA256: 5ecabf51038bd18c326ba32a5714cafd57797093d5517d258ccb010b76d524d3
ssdeep: 384:4cmGBux7z4yOIFAGe5TP5PJI+SEiTNQtyEiAEqzeP7G/GI:WmuLid5JO1/AEX7G/GI
File size : 21504 bytes
First seen: 2010-10-22 17:53:54
Last seen : 2010-10-22 17:53:54
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Bob003 22.10.2010 19:00
File ECCN.job,nix gefunden.

Code:
File name:
ECCZN.job
Submission date:
2010-10-22 17:57:15 (UTC)
Current status:
queued (#2) queued (#2) analysing finished
Result:
0/ 43 (0.0%)

Bob003 22.10.2010 19:04
File user32.dll

Hier scheint jee menge faul zu sein :(

Code:
File name:
user32.dll
Submission date:
2010-10-22 18:00:47 (UTC)
Current status:
queued (#2) queued (#2) analysing finished
Result:
32/ 43 (74.4%)
       
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2010.10.22.01        2010.10.22        Win-Trojan/User32Hk
AntiVir        7.10.13.27        2010.10.22        TR/Patched.Gen2
Antiy-AVL        2.0.3.7        2010.10.22        Trojan/Win32.Patched.gen
Authentium        5.2.0.5        2010.10.22        W32/User32Hk.A!Generic
Avast        4.8.1351.0        2010.10.22        Win32:SysPatch
Avast5        5.0.594.0        2010.10.22        Win32:SysPatch
AVG        9.0.0.851        2010.10.22        -
BitDefender        7.2        2010.10.22        Win32.MarioForever.Patched
CAT-QuickHeal        11.00        2010.10.22        Trojan.Patched.AP
ClamAV        0.96.2.0-git        2010.10.22        -
Comodo        6479        2010.10.22        TrojWare.Win32.Patched.F
DrWeb        5.0.2.03300        2010.10.22        -
Emsisoft        5.0.0.50        2010.10.22        Trojan.Win32.Patched!IK
eSafe        7.0.17.0        2010.10.21        -
eTrust-Vet        36.1.7928        2010.10.22        Win32/Pruserinf
F-Prot        4.6.2.117        2010.10.22        W32/User32Hk.A!Generic
F-Secure        9.0.16160.0        2010.10.22        Win32.MarioForever.Patched
Fortinet        4.2.249.0        2010.10.22        W32/Patched.D!tr
GData        21        2010.10.22        Win32.MarioForever.Patched
Ikarus        T3.1.1.90.0        2010.10.22        Trojan.Win32.Patched
Jiangmin        13.0.900        2010.10.22        Win32/PatchFile.bk
K7AntiVirus        9.66.2813        2010.10.22        Trojan
Kaspersky        7.0.0.125        2010.10.22        Trojan.Win32.Patched.gq
McAfee        5.400.0.1158        2010.10.22        Patched User32
McAfee-GW-Edition        2010.1C        2010.10.22        Patched User32
Microsoft        1.6301        2010.10.22        Virus:Win32/Mariofev.A
NOD32        5555        2010.10.22        Win32/Pinit
Norman        6.06.10        2010.10.22        -
nProtect        2010-10-22.01        2010.10.22        Virus/W32.Patched.Q
Panda        10.0.2.7        2010.10.22        W32/Patched.H
PCTools        7.0.3.5        2010.10.22        Trojan.Patched!sd5
Prevx        3.0        2010.10.22        -
Rising        22.70.03.04        2010.10.22        -
Sophos        4.58.0        2010.10.22        Troj/User32Hk-A
Sunbelt        7118        2010.10.22        Trojan.Win32.Patched.dr (v)
SUPERAntiSpyware        4.40.0.1006        2010.10.22        -
Symantec        20101.2.0.161        2010.10.22        -
TheHacker        6.7.0.1.064        2010.10.21        -
TrendMicro        9.120.0.1004        2010.10.22        Possible_Patch-1
TrendMicro-HouseCall        9.120.0.1004        2010.10.22        Possible_Patch-1
VBA32        3.12.14.1        2010.10.22        Trojan.Win32.Patched.gq
ViRobot        2010.9.25.4060        2010.10.22        Win32.Patched.X
VirusBuster        12.69.13.0        2010.10.22        -
Additional information
Show all
MD5  : 2628fb678cc34f42b4e98244075f74c1
SHA1  : 981714086c649fd3e7cf64e3d7b30911b0e3ac0b
SHA256: 686f0fd8e1df7031338f041ad7e00dbc7914c715970d8d4e2567bb800a927814
ssdeep: 6144:QXtUG2qbvmfPYjo6QK86tQGdscawPX10BhTruuGVuKtNYmLlLyUTuyGEDSu3ZmDt:s2++f
sZ86q5caW0VhG86xxcEPZm2nG
File size : 580096 bytes
First seen: 2010-04-01 12:50:03
Last seen : 2010-10-22 18:00:47
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Alle Rechte vorbehalten.
product......: Betriebssystem Microsoft_ Windows_
description..: Client-DLL f_r Windows XP USER-API
original name: user32
internal name: user32
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xB217
timedatestamp....: 0x4802BFB7 (Mon Apr 14 02:21:43 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5F283, 0x5F400, 6.66, f747b131a21761b59fd7b2a066b48e2d
.data, 0x61000, 0x1180, 0xC00, 2.37, 775119e98796af9b8a849dd1f6e4f377
.rsrc, 0x63000, 0x2A7BC, 0x2A800, 5.00, ab0716ca00fe22c6cb46856e79f46656
.reloc, 0x8E000, 0x2DE4, 0x2E00, 6.77, 68ebe5a2d822be0663a3e935b39d0bae

[[ 3 import(s) ]]
GDI32.dll: GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, GdiGetBitmapBitsSize, CreatePen, Ellipse, CreateEllipticRgn, GdiFixUpHandle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, bInitSystemAndFontsDirectoriesW, bMakePathNameW, cGetTTFFromFOT, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, CreateFontIndirectW, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiGetCodePage, GetTextCharset, GdiPrinterThunk, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetObjectType, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, CreateSolidBrush, GetStockObject, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetLayoutWidth, PatBlt, TextOutA, TextOutW, BitBlt, GdiConvertAndCheckDC, StretchBlt, SetRectRgn, GdiReleaseDC, GdiConvertEnhMetaFile, GdiConvertMetaFilePict, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, GetDIBColorTable, GetDeviceCaps, StretchDIBits, GetLayout, SetBkColor, SetTextColor, GetObjectW, GetBkColor, SetBkMode, SelectObject, IntersectClipRect, GetTextAlign, SetTextAlign, GdiProcessSetup
KERNEL32.dll: LocalSize, SizeofResource, LoadResource, FindResourceExW, FindResourceExA, GetModuleHandleW, DisableThreadLibraryCalls, GetCurrentThreadId, IsDBCSLeadByteEx, SearchPathW, ExpandEnvironmentStringsW, LoadLibraryExW, GlobalAddAtomW, GetSystemDirectoryW, GetComputerNameW, GetCurrentProcess, GetCurrentThread, ExitThread, GetExitCodeThread, CreateThread, HeapReAlloc, GlobalHandle, FoldStringW, Sleep, GetStringTypeW, GetStringTypeA, GetCPInfo, HeapSize, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetFileSize, ReadFile, SetFileTime, GetFileTime, GetSystemWindowsDirectoryW, CopyFileW, MoveFileW, DeleteFileW, CreateProcessW, AddAtomA, AddAtomW, GetAtomNameW, GetAtomNameA, IsValidLocale, ConvertDefaultLocale, CompareStringW, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetLogicalDrives, FindClose, FindNextFileW, FindFirstFileW, GetThreadLocale, ProcessIdToSessionId, GetCurrentProcessId, InterlockedCompareExchange, IsDBCSLeadByte, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, lstrlenA, GlobalFindAtomA, GetModuleFileNameA, GetModuleHandleA, GlobalAddAtomA, DelayLoadFailureHook, LoadLibraryA, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LocalUnlock, LocalLock, LocalReAlloc, GetACP, GetOEMCP, InterlockedIncrement, InterlockedDecrement, SetLastError, GlobalFindAtomW, GlobalAlloc, MultiByteToWideChar, GlobalReAlloc, GetLastError, GetProcAddress, LoadLibraryW, FreeLibrary, lstrcpynW, CreateFileW, WritePrivateProfileStringW, lstrcmpiW, SetEvent, WaitForMultipleObjectsEx, WideCharToMultiByte, GlobalFlags, GetLocaleInfoW, GlobalFree, GetModuleFileNameW, GlobalGetAtomNameW, GlobalGetAtomNameA, InterlockedExchange, DeleteAtom, LocalAlloc, GlobalDeleteAtom, LocalFree, GlobalSize, GlobalLock, GlobalUnlock, GetUserDefaultLCID, HeapAlloc, HeapFree, lstrcpyW, lstrcatW, GetPrivateProfileStringW, RegisterWaitForInputIdle
ntdll.dll: NtQueryVirtualMemory, RtlUnwind, RtlNtStatusToDosError, NlsAnsiCodePage, RtlAllocateHeap, qsort, RtlMultiByteToUnicodeSize, LdrFlushAlternateResourceModules, RtlPcToFileHeader, wcsrchr, NtRaiseHardError, RtlIsNameLegalDOS8Dot3, strrchr, sscanf, NtQueryKey, NtEnumerateValueKey, RtlRunEncodeUnicodeString, RtlRunDecodeUnicodeString, _wcsicmp, CsrAllocateCaptureBuffer, CsrCaptureMessageBuffer, CsrFreeCaptureBuffer, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken, CsrClientCallServer, memmove, NtCallbackReturn, RtlUnicodeToMultiByteSize, RtlActivateActivationContextUnsafeFast, RtlDeactivateActivationContextUnsafeFast, RtlInitializeCriticalSection, NtQuerySystemInformation, swprintf, RtlDeleteCriticalSection, RtlImageNtHeader, CsrClientConnectToServer, NtYieldExecution, NtCreateKey, NtSetValueKey, NtDeleteValueKey, RtlQueryInformationActiveActivationContext, RtlReleaseActivationContext, RtlFreeHeap, wcsncpy, wcscmp, wcstoul, wcscat, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlCreateUnicodeStringFromAsciiz, RtlFreeUnicodeString, NtOpenDirectoryObject, _chkstk, wcscpy, wcsncat, NtSetSecurityObject, NtQuerySecurityObject, NtQueryInformationProcess, wcstol, wcslen, RtlFindActivationContextSectionString, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlOpenCurrentUser, NtEnumerateKey, NtOpenKey, NtClose, NtQueryValueKey, RtlInitUnicodeString, RtlUnicodeStringToInteger

[[ 732 export(s) ]]
ActivateKeyboardLayout, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseWindow, CloseWindowStation, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGuiResources, GetIconInfo, GetInputDesktop, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopWindow, GetUpdateRect, GetUpdateRgn, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowContextHelpId, GetWindowDC, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InitializeWin32EntryTable, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsRectEmpty, IsServerSideWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowUnicode, IsWindowVisible, IsZoomed, KillSystemTimer, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateSetDbgTag, PrivateSetRipFlags, PtInRect, QuerySendMessage, QueryUserCounters, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterRawInputDevices, RegisterServicesProcess, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetConsoleReserveKeys, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetLogonNotifyWindow, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetParent, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetSystemTimer, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowContextHelpId, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowWindow, ShowWindowAsync, SoftModalMessageBox, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterUserApiHook, UpdateLayeredWindow, UpdatePerUserSystemParameters, UpdateWindow, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, Win32PoolAllocationStats, WinHelpA, WinHelpW, WindowFromDC, WindowFromPoint, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 390144
CompanyName: Microsoft Corporation
EntryPoint: 0xb217
FileDescription: Client-DLL f r Windows XP USER-API
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 566 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 5.1.2600.5512 (xpsp.080413-2105)
FileVersionNumber: 5.1.2600.5512
ImageVersion: 5.1
InitializedDataSize: 188928
InternalName: user32
LanguageCode: German
LegalCopyright: Microsoft Corporation. Alle Rechte vorbehalten.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Dynamic link library
OriginalFilename: user32
PEType: PE32
ProductName: Betriebssystem Microsoft Windows
ProductVersion: 5.1.2600.5512
ProductVersionNumber: 5.1.2600.5512
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:04:14 04:21:43+02:00
UninitializedDataSize: 0
Warning: Possibly corrupt Version resource

Bob003 22.10.2010 19:19
Code:
ComboFix 10-10-22.02 - Administrator 22.10.2010  20:06:46.1.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1527.1125 [GMT 2:00]
ausgeführt von:: d:\downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Dokumente\Server\admin.txt
c:\dokumente und einstellungen\All Users\Dokumente\Server\server.dat
C:\Thumbs.db

Infizierte Kopie von c:\windows\system32\winlogon.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ServicePackFiles\i386\winlogon.exe wurde wiederhergestellt

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt

c:\windows\system32\drivers\cdrom.sys fehlte
Kopie von - c:\windows\ServicePackFiles\i386\cdrom.sys wurde wiederhergestellt

.
(((((((((((((((((((((((  Dateien erstellt von 2010-09-22 bis 2010-10-22  ))))))))))))))))))))))))))))))
.

2010-10-22 18:11 . 2008-04-13 22:10        62976        ----a-w-        c:\windows\system32\drivers\cdrom.sys
2010-10-22 07:45 . 2008-03-21 11:57        14640        ------w-        c:\windows\system32\spmsgXP_2k3.dll
2010-10-22 07:37 . 2010-10-22 07:37        25512        ----a-w-        c:\windows\system32\drivers\ggsemc.sys
2010-10-22 07:37 . 2010-10-22 07:37        13224        ----a-w-        c:\windows\system32\drivers\ggflt.sys
2010-10-22 07:37 . 2010-10-22 07:37        1112288        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2010-10-22 07:37 . 2010-10-22 07:37        --------        d-----w-        c:\windows\system32\DRVSTORE
2010-10-22 04:39 . 2010-10-22 04:39        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe
2010-10-19 18:42 . 2010-10-19 18:42        --------        d-----w-        c:\programme\Microsoft
2010-10-19 18:42 . 2010-10-19 18:42        --------        d-----w-        c:\programme\Windows Live SkyDrive
2010-10-19 18:41 . 2010-10-19 18:41        --------        d-----w-        c:\programme\Windows Live
2010-10-19 09:56 . 2010-10-19 09:56        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-10-18 13:46 . 2010-10-18 13:46        --------        d-----w-        C:\$AVG
2010-10-18 13:13 . 2010-10-18 13:13        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\AVG10
2010-10-18 13:12 . 2010-10-18 13:12        --------        d--h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2010-10-18 13:10 . 2010-10-18 13:10        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG10
2010-10-18 13:00 . 2010-10-18 13:00        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2010-10-18 12:35 . 2010-10-18 12:35        580096        ----a-w-        c:\windows\system32\dllcache\user32.dll
2010-10-18 12:30 . 2010-10-18 12:30        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze
2010-10-18 12:26 . 2009-11-12 12:48        7168        ----a-w-        c:\windows\system32\drivers\StarOpen.sys
2010-10-15 12:57 . 2010-10-15 12:57        --------        d-----w-        c:\windows\SxsCaPendDel
2010-10-14 22:01 . 2010-10-14 22:01        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\skypePM
2010-10-14 21:55 . 2010-10-14 21:55        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Skype
2010-10-14 21:55 . 2010-10-14 21:55        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2010-10-14 17:39 . 2007-02-12 12:50        20480        ----a-w-        c:\windows\FixCamera.exe
2010-10-12 16:55 . 2010-10-12 16:55        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities
2010-10-12 14:05 . 2010-10-12 14:05        --------        d-----w-        c:\windows\Sun
2010-10-12 14:00 . 2010-10-12 14:00        423656        ----a-w-        c:\windows\system32\deployJava1.dll
2010-10-12 14:00 . 2010-10-12 14:00        423656        ----a-w-        c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-01 17:46 . 2010-10-01 17:46        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\vlc
2010-10-01 17:16 . 2010-10-01 17:16        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
2010-10-01 16:44 . 2010-10-01 16:44        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Canneverbe Limited

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 10:21 . 2010-08-31 18:01        2516        --sha-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2010-09-17 10:20 . 2010-08-31 18:01        88        --sh--r-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\2C69BD85DE.sys
2010-09-13 14:27 . 2010-09-13 14:27        25680        ----a-w-        c:\windows\system32\drivers\AVGIDSEH.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 2DD94551294E8E9BD086DAF840D8AB27 . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2006-07-16 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 45CE0641FC476C7C21AEF5CEE58E3F33 . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2006-07-16 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="d:\programme\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 25680]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [22.10.2010 09:37 13224]
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\frpay4z7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: d:\programme\Reader\browser\nppdf32.dll
FF - plugin: d:\vlc\npvlc.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-22 20:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\msi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\rundll32.exe
d:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-22  20:17:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-22 18:17

Vor Suchlauf: 538.050.560 Bytes frei
Nach Suchlauf: 503.377.920 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 01E23C7E9BD01E9F0F6D9BDB523E9815

Chris4You 22.10.2010 19:42
Hi,

sofort Cureit hinter jagen und den JOB (ECCZN.job) umgehend löschen (der ist mit hoher Wahrscheinlichkeit da, das Teil neu zu installieren)...
(Achtung, das Teil ist hidden!)

Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

Danach bitte ein neues OTL-Log posten...
  • Starte bitte die OTL.exe
  • Vista/Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button
  • Klick auf OK
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread



chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:43 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22