|
Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht Hallo zusammen, ich habe folgendes Problem: Spybot findet auf meinem Rechner einige Trojaner-Dateien (Hupigon13, Win32.Delf.uv etc) (Das Log von Spybot ist unten angehängt). Antivir lässt sich nicht mehr starten, ebenso wenig Hijackthis. Mein System: Windows XP SP3. Wie kann ich vorgehen? Vielen Dank Log von Spybot (nur der Anfang, die anderen Sachen sind glaub ich nur Gebrauchsspurenhinweise): Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $B067B5B7] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explore r.exe Hupigon13: [SBI $D5A7DCB6] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe Hupigon13: [SBI $8D4AFC92] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com Hupigon13: [SBI $79919CB3] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe Hupigon13: [SBI $46DBB063] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe Win32.Delf.uv: [SBI $E73FD4D9] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE\Debugger Win32.Delf.uv: [SBI $9554BC9A] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE\Debugger Win32.Delf.uv: [SBI $C83CB234] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.EXE\Debugger Win32.Delf.uv: [SBI $4D759A7F] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE\Debugger Win32.Delf.uv: [SBI $F963F0F7] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE\Debugger Win32.Delf.uv: [SBI $83CDDB58] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.EXE\Debugger Win32.Delf.uv: [SBI $AB0D8EB4] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE\Debugger Win32.Delf.uv: [SBI $C53439DD] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE\Debugger Win32.Delf.uv: [SBI $0809137C] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE\Debugger Win32.Delf.uv: [SBI $95619944] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE\Debugger Win32.Delf.uv: [SBI $AE0ED1C1] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE\Debugger Online Content Ltd.: Lesezeichen (Firefox: default) (Lesezeichen, nothing done) Common Dialogs: History (178 files) (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU |
Hi, in dem Fall probieren wir mal MAM, runterladen und direkt im Downloadidalog umbenennen ggf. im abgesicherten Modus probieren (F8 beim Booten drücken). Malwarebytes Antimalware (MAM). Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Fullscan und alles bereinigen lassen! Log posten. Alternativer Download: http://filepony.de/download-malwarebytes_anti_malware/, http://www.gt500.org/malwarebytes/mbam.jsp chris Ps.: Diese Reg.-Einträge: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe verhindern das Starten der AV-Programme, wäre interessant auszuprobieren ob die vom Virus überwacht werden.... Hmmm... Lust auf ein Experiment? Lade Dir: http://www.chip.de/downloads/c1_downloads_12991462.html (RegCleaner) runter, navigiere zu dem Schlüssel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options und lösche dort den Eintrag "regedit.exe". Dann versuche Regedit zu starten (start->ausführen->regedit.exe) Wenn das geht, mache ich ein Script um den Rest weg zubekommen, damit Avira wieder läuft.... |
Hallo Chris, ich habe MAM ausgeführt, dieses hat auch eine ganze Reihe von Sachen gefunden, ich habs löschen lassen, und das Log gespeichert, ABER: Jetzt funktioniert der PC nicht mehr richtig, beim Laden der Taskleiste bleibt er irgendwie hängen, ich kann nichts in Startmenü, kann keine Programme öffnen und kein Kontextmenü anzeigen. Folglich kann ich dir auch nicht mehr die Logdatei geben, die ist zwar auf dem Desktop, aber ich kann sie nicht bearbeiten. Das einzige was zu gehen scheint ist der Taskmanager. Mir kommt ungewöhnlich vor, dass in der Prozessliste nur ein einziges Prozess SYSTEM als Benutzername hat, alle anderen haben keinen. Das war doch sonst anders...?! Hab ich jetzt irgendwelche Systemdateien gelöscht durch MAM? Vielen Dank und Grüße, Michael |
Hi, shit, dazu bräuchte ich das Log... Notfalls wie folgt vorgehen: TaskManager->Reiter "Anwendungen"->Neuer Task...->explorer.exe Startet die dann? Probiere das gleiche mit Notepad.exe, damit Du das Log mal Laden/posten kannst... Wenn gar nichts geht, versuchen über diesen Weg MAM aufzurufen (mbam.exe), dann auf Reiter Quarantäne, da lässt sich alles wiederherstellen... Wir schauen mal tiefer in das System (allerdings beschleicht mich das ungute Gefühl, dass wir ggf. Neuaufsetzen müssen...) RSIT Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile. * Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/) * speichere es auf Deinem Desktop. * Starte mit Doppelklick die RSIT.exe. * Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren. * Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren. * In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept". * Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen. * Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage. * Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet. * Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread. chris |
Hallo Chris, ich habe es nun doch geschafft den PC wieder lauffähig zu machen, nachdem ich im abgesichterten Modus avast deinstalliert habe, das hatte ich mir nämlich vor Tagen heruntergeladen, nachdem Antirvir nicht mehr ging. Nun folgt gleich erstmal das MAM log, und danach auch noch das RSIT log. Ich hab mir auch diesen RegCleaner heruntergeladen, weiß aber grad nicht, wie ich damit diesen Registryschlüssel von dir finde. Antivir läuft nämlich noch nicht. MAMlog: Malwarebytes' Anti-Malware 1.37 Datenbank Version: 2185 Windows 5.1.2600 Service Pack 3 27.05.2009 22:48:00 mbam-log-2009-05-27 (22-48-00).txt Scan-Methode: Vollständiger Scan (C:\|F:\|) Durchsuchte Objekte: 331590 Laufzeit: 3 hour(s), 10 minute(s), 31 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 97 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 0 Infizierte Dateien: 9 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{386a771c-e96a-421f-8ba7-32f1b706892f} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Dropper) -> Data: digiwet.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\dokumente und einstellungen\michael schultheis\lokale einstellungen\temporary internet files\Content.IE5\HAYLM7AB\load[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\system volume information\_restore{0ff17727-9f83-4d7c-919c-3a3eac40f985}\RP634\A0218322.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{0ff17727-9f83-4d7c-919c-3a3eac40f985}\RP636\A0218401.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\system volume information\_restore{0ff17727-9f83-4d7c-919c-3a3eac40f985}\RP641\A0219054.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\netsik.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\digiwet.dll (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Fortsetzung.... |
...folgt: RSIT-Log: Logfile of random's system information tool 1.06 (written by random/random) Run by Michael Schultheis at 2009-05-30 09:58:11 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 49 GB (43%) free of 114 GB Total RAM: 1023 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:58:31, on 30.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\oodag.exe C:\Programme\Sandboxie\SbieSvc.exe C:\Programme\Seagate\Sync\SeaSyncServices.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Programme\WZCBDL Service\WZCBDLS.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\D-Link\Air USB Utility\AirCFG.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\avmwlanstick\wlangui.exe C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\RSIT.exe C:\Programme\trend micro\Michael Schultheis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [HDDHealth] H:\HDD Health\hddhealth.exe -wl O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1088778804203 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABE8A3-616C-4193-A970-E9382778410C}: NameServer = 192.168.0.1 O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Avira AntiVir Planer (antivirschedulerservice) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: ATI Smart ATIusnsvc (ATIusnsvc) - Unknown owner - C:\WINDOWS\system32\AgCPanelFrenchb.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Programme\Seagate\Sync\SeaSyncServices.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programme\WZCBDL Service\WZCBDLS.exe -- End of file - 10283 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2275205704-1375463252-582915583-1006.job C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2009-01-20 134344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}] FG2CatchUrl - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] SearchSettings Class - C:\Programme\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Programme\Orbitdownloader\GrabPro.dll [2009-01-20 646264] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "D-Link Air USB Utility"=C:\Programme\D-Link\Air USB Utility\AirCFG.exe [2003-07-23 2695168] "ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968] "SpybotSnD"=C:\Programme\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 4891984] "AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2007-12-20 1748992] "WD Drive Manager"=C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272] "WD Anywhere Backup"=C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe [2008-11-07 197856] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "wininet.dll"= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "HDDHealth"=H:\HDD Health\hddhealth.exe -wl [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe [2005-05-25 188459] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Programme\MSN Messenger\MsnMsgr.Exe [2006-07-29 5354792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe [2007-10-23 214296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR] C:\Programme\Desktop Sidebar\dsidebar.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Reader - Schnellstart.lnk.disabled - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= :\WINDOWS\syste scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 "NoDispAppearancePage"=0 "NoColorChoice"=0 "NoSizeChoice"=0 "NoDispScrSavPage"=0 "NoDispCPL"=0 "NoVisualStyleChoice"=0 "NoDispSettingsPage"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 "NoActiveDesktop"=0 "NoThemesTab"=0 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] ""= "NoDriveTypeAutoRun"= "NoActiveDesktopChanges"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Trillian\trillian.exe"="C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian" "C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Programme\Maple 7\BIN.WNT\mserver.exe"="C:\Programme\Maple 7\BIN.WNT\mserver.exe:*:Enabled:mserver" "C:\Programme\IncrediMail\bin\IMApp.exe"="C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Programme\IncrediMail\bin\IncMail.exe"="C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Programme\IncrediMail\bin\ImpCnt.exe"="C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Programme\IncrediMail\bin\ImLc.exe"="C:\Programme\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail" "C:\Programme\Azureus\Azureus.exe"="C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Programme\Windows Media Player\wmplayer.exe"="C:\Programme\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Opera\Opera.exe"="C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "E:\fsetup.exe"="E:\fsetup.exe:*:Enabled:AVM FSetup Application" "C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\MUTE\fileSharingMUTE.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\MUTE\fileSharingMUTE.exe:*:Disabled:fileSharingMUTE" "C:\Programme\Half-Life 2\hl2.exe"="C:\Programme\Half-Life 2\hl2.exe:*:Disabled:hl2" "C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\HL 2\hl2.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\HL 2\hl2.exe:*:Disabled:hl2" "C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\Counter - Strike - Source [ PC ] ++ Crack\Counter-Strike Source\Counter-Strike Source\hl2.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\Counter - Strike - Source [ PC ] ++ Crack\Counter-Strike Source\Counter-Strike Source\hl2.exe:*:Disabled:hl2" "C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home" "C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe"="C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup" "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime" "C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" "C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\ChemDraw.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\ChemDraw.exe:*:Enabled:ChemDraw Ultra 10.0" "C:\Programme\OO Software\Defrag Professional\oodcnt.exe"="C:\Programme\OO Software\Defrag Professional\oodcnt.exe:LocalSubNet:Enabled:oodcnt.exe" "C:\Programme\OO Software\Defrag Professional\oodcmd.exe"="C:\Programme\OO Software\Defrag Professional\oodcmd.exe:*:Enabled:oodcmd.exe" "C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe"="C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\UT2004\System\UT2004.exe"="C:\UT2004\System\UT2004.exe:*:Enabled:UT2004" "C:\WINDOWS\SYSTEM32\javaw.exe"="C:\WINDOWS\SYSTEM32\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\WinHTTrack\WinHTTrack.exe"="C:\Programme\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes" "C:\Programme\FlashGet Network\FlashGet universal\flashget.exe"="C:\Programme\FlashGet Network\FlashGet universal\flashget.exe:*:Enabled:flashget" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\eMule.de\emule.exe"="C:\Programme\eMule.de\emule.exe:*:Enabled:eMule" "C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Disabled:IncrediMail Installer" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Disabled:iTunes" "C:\Programme\Unreal Tournament 3\Binaries\UT3.exe"="C:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*:Disabled:UT3" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.0" "C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)" "C:\WINDOWS\SYSTEM32\ati2evxx.exe"="C:\WINDOWS\SYSTEM32\ati2evxx.exe:*:Enabled:ENABLE" "C:\Programme\D-Link\Air USB Utility\AirCFG.exe"="C:\Programme\D-Link\Air USB Utility\AirCFG.exe:*:Enabled:ENABLE" "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe:*:Enabled:ENABLE" "C:\Programme\avmwlanstick\WLanGUI.exe"="C:\Programme\avmwlanstick\WLanGUI.exe:*:Enabled:ENABLE" "C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe"="C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe:*:Enabled:ENABLE" "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ENABLE" "C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe"="C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe:*:Enabled:ENABLE" "C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b07f7157-36ad-11dc-81d4-000f3ddf1f20}] shell\AutoRun\command - I:\setupSNK.exe ======File associations====== .js - open - "C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" ======List of files/folders created in the last 2 months====== 2009-05-30 09:58:10 ----D---- C:\rsit 2009-05-27 19:33:57 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Malwarebytes 2009-05-27 19:33:49 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-05-27 19:33:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-05-26 18:37:24 ----D---- C:\Programme\Alwil Software 2009-05-26 18:21:54 ----D---- C:\Programme\Avira 2009-05-26 18:21:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2009-05-25 21:03:53 ----D---- C:\Programme\Trend Micro 2009-05-25 20:24:46 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-19 22:48:18 ----RSH---- C:\WINDOWS\system32\AgCPanelFrenchb.exe 2009-04-15 23:39:02 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-15 23:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-15 23:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-15 23:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-15 23:28:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-15 23:28:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ Fortsetzung.... |
...folgt: RSIT-Log Teil 2 ======List of files/folders modified in the last 2 months====== 2009-05-30 09:57:51 ----D---- C:\WINDOWS\Prefetch 2009-05-30 09:57:16 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Orbit 2009-05-30 09:55:07 ----D---- C:\Programme\Orbitdownloader 2009-05-30 09:51:48 ----D---- C:\WINDOWS\temp 2009-05-30 09:51:44 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-30 09:48:25 ----D---- C:\WINDOWS\SYSTEM32 2009-05-30 09:48:14 ----D---- C:\WINDOWS\system32\DRIVERS 2009-05-27 22:52:34 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-27 22:51:52 ----D---- C:\WINDOWS 2009-05-27 19:36:22 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Azureus 2009-05-27 19:33:49 ----RD---- C:\Programme 2009-05-26 21:35:29 ----D---- C:\WINDOWS\system32\CONFIG 2009-05-26 18:32:30 ----D---- C:\WINDOWS\system32\oodag 2009-05-26 18:22:11 ----HD---- C:\WINDOWS\INF 2009-05-26 18:21:00 ----SHD---- C:\WINDOWS\Installer 2009-05-26 18:20:58 ----D---- C:\WINDOWS\WinSxS 2009-05-26 18:19:18 ----D---- C:\Programme\Spybot - Search & Destroy 2009-05-25 13:52:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-05-25 13:51:36 ----RSHD---- C:\WINDOWS\system32\DLLCACHE 2009-05-24 17:49:16 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-14 21:25:42 ----D---- C:\Programme\DVD Decrypter 2009-05-14 21:21:33 ----A---- C:\WINDOWS\cdplayer.ini 2009-05-07 09:16:30 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-04 17:30:37 ----SD---- C:\WINDOWS\Tasks 2009-04-21 16:16:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-16 09:20:58 ----D---- C:\WINDOWS\system32\WBEM 2009-04-16 09:20:58 ----D---- C:\WINDOWS\AppPatch 2009-04-15 23:39:13 ----A---- C:\WINDOWS\imsins.BAK 2009-04-15 23:37:57 ----D---- C:\WINDOWS\system32\de-de 2009-04-15 23:37:56 ----D---- C:\Programme\Internet Explorer 2009-04-15 23:29:41 ----HD---- C:\WINDOWS\$hf_mig$ 2009-04-15 14:22:42 ----RSD---- C:\WINDOWS\Fonts 2009-04-13 13:28:37 ----D---- C:\Programme\Azureus 2009-04-12 18:05:25 ----D---- C:\Programme\Postal2STP 2009-04-10 13:21:27 ----D---- C:\Programme\Trillian 2009-03-31 20:03:39 ----D---- C:\WINDOWS\system32\FxsTmp 2009-03-31 15:52:59 ----A---- C:\WINDOWS\SIERRA.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-03-28 5632] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192] R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-09-24 235840] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 NIOC;NIOC Service; \??\C:\WINDOWS\System32\NIOC.SYS [] R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 745984] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2003-09-22 130192] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604] R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\System32\Drivers\DynCal.sys [2001-05-21 8051] R3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-12-20 265088] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2003-09-22 178672] R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048] R3 SbieDrv;SbieDrv; \??\C:\Programme\Sandboxie\SbieDrv.sys [] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [] S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-05-02 2432] S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-05-02 2560] S1 P3;Intel PentiumIII-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848] S3 aa00vdpi;aa00vdpi; C:\WINDOWS\system32\drivers\aa00vdpi.sys [] S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-12-20 4352] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000] S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220] S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776] S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS [] S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615] S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-08-23 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-08-23 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-08-23 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-08-23 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-08-23 83344] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS [] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-04-10 636416] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS [] S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 utblfilt;utblfilt; C:\WINDOWS\System32\drivers\utblfilt.sys [2001-05-23 12084] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504] S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 antivirschedulerservice;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] R2 antivirservice;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 376832] R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2007-12-20 364544] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2004-07-22 1433616] R2 Iprip;RIP-Überwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-10-21 303104] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2004-05-17 184320] R2 SbieSvc;Sandboxie Service; C:\Programme\Sandboxie\SbieSvc.exe [2008-09-02 48640] R2 Seagate Sync Service;Seagate Sync Service; C:\Programme\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120] R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496] R2 WZCBDLService;WZCBDL Service; C:\Programme\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864] S2 antivirupgradeservice;Avira Upgrade Service; C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe /TEMPSTART:C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE [] S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2004-05-15 516096] S2 ATIusnsvc;ATI Smart ATIusnsvc; C:\WINDOWS\system32\AgCPanelFrenchb.exe [2009-05-19 53248] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 MemeoBackgroundService;MemeoBackgroundService; C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2007-06-28 501048] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2007-04-19 68096] S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144] S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240] S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208] S3 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2005-04-05 206552] S3 usnsvc;Messenger Sharing USN Journal Reader-Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- Vielen Dank, Michael |
Hi, die startverhindernden Regeinträge sollten weg sein, ... Wir fixen erstmal nichts, bitte combofix... Lade Dir Avira neu runter http://www.free-av.de/de/download/1/...antivirus.html, erst mal nicht installieren. Offline gehen, combofix ausführen, danach weiterhin offline Avira deinstallieren und die neue Version installieren, online gehen, Avira updaten, Combofix-Log posten. Dann stelle Dein Antivir wie folgt ein, wie hier beschrieben: http://www.trojaner-board.de/54192-a...tellungen.html. Fullscan und auch dieses Log posten... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen. Weitere Anleitung unter:http://www.bleepingcomputer.com/comb...x-benutzt-wird Hinweis: unter : C:\WINDOWS\erdnt wird ein Backup angelegt. Alternative downloads: http://subs.geekstogo.com/ComboFix.exe chris |
Hallo, Wenn ich combofix starten will, kommt die Meldung, ich müsste erst Antivir deaktivieren. Aber ich weiß nicht wie...? Es ist in der Symbolleiste, und ich habs auch schon zu deinstallieren versucht, aber die Meldung kommt trotzdem. Was soll ich tun? Vg, Michael |
Hi, lösche ComboFix bzw. wenn Du ihn schon installiert hast wie folgt: Start->Ausführen->combofix /u Jetzt ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) neu runterladen (er wird täglich neu erstellt), ebenfalls dieses Tool runterladen (Avira 9 hast Du ja schon runtergeladen, oder): Avira-uninstall tool http://dl1.pro.antivir.de/down/windows/tool_de.exe Dann offline gehen, Avirauninstall-Tool starten, nach erfolgreicher Deinstallation Combofix laufen lassen, danach Avira 9 installieren... chris |
Hallo Chris, sorry dass ich es so kompliziert mache ;-), aber irgendwie hat noch nicht ganz geklappt. Habe das Tool laufen lassen (hat keine infizierte Datei gefunden), und Antivir steht auch nicht mehr in der Windows Software-Liste. Trotzdem - wenn ich Combofix starten will, kommt immer noch die Warnmeldung, dass Antivir noch aktiv sei. Außerdem behauptet das Windows Sicherheitscenter, dass mehrere Antivirenprogramme vorhanden seien, von denen mindestens eins aktiv ist...Soll ich einfach Combofix trotzdem mal laufen lassen? |
Hi, bitte noch mal ein neues HJ-Log... Ich möchte nachschauen, ob noch Teile von Avira aktiv sind, die wir ggf. fixen können... Eventuell brauche ich wegen den Treibern noch ein aktuelles RST-Log, da ist ein Eintrag der seltsam aussieht: S2 antivirupgradeservice;Avira Upgrade Service; C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb 9\basic\avupgsvc.exe /TEMPSTART:C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSET UP_4a1a9fb9\basic\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE [] Hast Du schon mal den upgrade probiert? Weiterhin läuft bei Dir noch Spybot, der muss unbedingt ebenfalls abgeschaltet bzw. deinstalliert werden (der Teatimer verhindert eine Bereinigung)... Bei den Treibern habe ich noch was gefunden: Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code: C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe <- das ist garantiert Malware
chris |
Hallo, Spybot habe ich mal deinstalliert. Hijackthis log folgt unten. Ich konnte das Programm nicht direkt ausführen, daher hab ich es umbenannt und diese Anleitung http://www.trojaner-board.de/51130-anleitung-hijackthis.html befolgt. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:16:36, on 02.06.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\oodag.exe C:\Programme\Sandboxie\SbieSvc.exe C:\Programme\Seagate\Sync\SeaSyncServices.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Programme\WZCBDL Service\WZCBDLS.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\D-Link\Air USB Utility\AirCFG.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\avmwlanstick\wlangui.exe C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\Michael Schultheis\Desktop\prüfung.com C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent O4 - HKCU\..\Run: [HDDHealth] H:\HDD Health\hddhealth.exe -wl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1088778804203 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABE8A3-616C-4193-A970-E9382778410C}: NameServer = 192.168.0.1 O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: ATI Smart ATIusnsvc (ATIusnsvc) - Unknown owner - C:\WINDOWS\system32\AgCPanelFrenchb.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Programme\Seagate\Sync\SeaSyncServices.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programme\WZCBDL Service\WZCBDLS.exe -- End of file - 9384 bytes RSIT habe ich nochmal ausgeführt: Logfile of random's system information tool 1.06 (written by random/random) Run by Michael Schultheis at 2009-06-02 10:56:59 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 49 GB (43%) free of 114 GB Total RAM: 1023 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:08, on 02.06.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\oodag.exe C:\Programme\Sandboxie\SbieSvc.exe C:\Programme\Seagate\Sync\SeaSyncServices.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Programme\WZCBDL Service\WZCBDLS.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\D-Link\Air USB Utility\AirCFG.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\avmwlanstick\wlangui.exe C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe C:\Programme\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Dokumente und Einstellungen\Michael Schultheis\Desktop\RSIT(1).exe C:\Programme\trend micro\Michael Schultheis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent O4 - HKCU\..\Run: [HDDHealth] H:\HDD Health\hddhealth.exe -wl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1088778804203 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABE8A3-616C-4193-A970-E9382778410C}: NameServer = 192.168.0.1 O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: ATI Smart ATIusnsvc (ATIusnsvc) - Unknown owner - C:\WINDOWS\system32\AgCPanelFrenchb.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Programme\Seagate\Sync\SeaSyncServices.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programme\WZCBDL Service\WZCBDLS.exe -- End of file - 9648 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2275205704-1375463252-582915583-1006.job C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2009-01-20 134344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}] FG2CatchUrl - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] SearchSettings Class - C:\Programme\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Programme\Orbitdownloader\GrabPro.dll [2009-01-20 646264] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "D-Link Air USB Utility"=C:\Programme\D-Link\Air USB Utility\AirCFG.exe [2003-07-23 2695168] "ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968] "SpybotSnD"=C:\Programme\Spybot - Search & Destroy\SpybotSD.exe [] "AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2007-12-20 1748992] "WD Drive Manager"=C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272] "WD Anywhere Backup"=C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe [2008-11-07 197856] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "wininet.dll"= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HDDHealth"=H:\HDD Health\hddhealth.exe -wl [] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe [2005-05-25 188459] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Programme\MSN Messenger\MsnMsgr.Exe [2006-07-29 5354792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe [2007-10-23 214296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR] C:\Programme\Desktop Sidebar\dsidebar.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Reader - Schnellstart.lnk.disabled - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] |
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= :\WINDOWS\syste scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 "NoDispAppearancePage"=0 "NoColorChoice"=0 "NoSizeChoice"=0 "NoDispScrSavPage"=0 "NoDispCPL"=0 "NoVisualStyleChoice"=0 "NoDispSettingsPage"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 "NoActiveDesktop"=0 "NoThemesTab"=0 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] ""= "NoDriveTypeAutoRun"= "NoActiveDesktopChanges"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Trillian\trillian.exe"="C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian" "C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Programme\Maple 7\BIN.WNT\mserver.exe"="C:\Programme\Maple 7\BIN.WNT\mserver.exe:*:Enabled:mserver" "C:\Programme\IncrediMail\bin\IMApp.exe"="C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Programme\IncrediMail\bin\IncMail.exe"="C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Programme\IncrediMail\bin\ImpCnt.exe"="C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Programme\IncrediMail\bin\ImLc.exe"="C:\Programme\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail" "C:\Programme\Azureus\Azureus.exe"="C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Programme\Windows Media Player\wmplayer.exe"="C:\Programme\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Opera\Opera.exe"="C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "E:\fsetup.exe"="E:\fsetup.exe:*:Enabled:AVM FSetup Application" "C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\MUTE\fileSharingMUTE.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\MUTE\fileSharingMUTE.exe:*:Disabled:fileSharingMUTE" "C:\Programme\Half-Life 2\hl2.exe"="C:\Programme\Half-Life 2\hl2.exe:*:Disabled:hl2" "C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\HL 2\hl2.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\HL 2\hl2.exe:*:Disabled:hl2" "C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\Counter - Strike - Source [ PC ] ++ Crack\Counter-Strike Source\Counter-Strike Source\hl2.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\Counter - Strike - Source [ PC ] ++ Crack\Counter-Strike Source\Counter-Strike Source\hl2.exe:*:Disabled:hl2" "C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home" "C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe"="C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup" "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime" "C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" "C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\ChemDraw.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Eigene Dateien\Downloads\ChemDraw.exe:*:Enabled:ChemDraw Ultra 10.0" "C:\Programme\OO Software\Defrag Professional\oodcnt.exe"="C:\Programme\OO Software\Defrag Professional\oodcnt.exe:LocalSubNet:Enabled:oodcnt.exe" "C:\Programme\OO Software\Defrag Professional\oodcmd.exe"="C:\Programme\OO Software\Defrag Professional\oodcmd.exe:*:Enabled:oodcmd.exe" "C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe"="C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\UT2004\System\UT2004.exe"="C:\UT2004\System\UT2004.exe:*:Enabled:UT2004" "C:\WINDOWS\SYSTEM32\javaw.exe"="C:\WINDOWS\SYSTEM32\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\WinHTTrack\WinHTTrack.exe"="C:\Programme\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes" "C:\Programme\FlashGet Network\FlashGet universal\flashget.exe"="C:\Programme\FlashGet Network\FlashGet universal\flashget.exe:*:Enabled:flashget" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\eMule.de\emule.exe"="C:\Programme\eMule.de\emule.exe:*:Enabled:eMule" "C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Disabled:IncrediMail Installer" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Disabled:iTunes" "C:\Programme\Unreal Tournament 3\Binaries\UT3.exe"="C:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*:Disabled:UT3" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.0" "C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)" "C:\WINDOWS\SYSTEM32\ati2evxx.exe"="C:\WINDOWS\SYSTEM32\ati2evxx.exe:*:Enabled:ENABLE" "C:\Programme\D-Link\Air USB Utility\AirCFG.exe"="C:\Programme\D-Link\Air USB Utility\AirCFG.exe:*:Enabled:ENABLE" "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe:*:Enabled:ENABLE" "C:\Programme\avmwlanstick\WLanGUI.exe"="C:\Programme\avmwlanstick\WLanGUI.exe:*:Enabled:ENABLE" "C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe"="C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe:*:Enabled:ENABLE" "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ENABLE" "C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe"="C:\Programme\WD\WD Anywhere Backup\MemeoBackup.exe:*:Enabled:ENABLE" "C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe"="C:\Dokumente und Einstellungen\Michael Schultheis\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b07f7157-36ad-11dc-81d4-000f3ddf1f20}] shell\AutoRun\command - I:\setupSNK.exe ======File associations====== .js - open - "C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2009-06-02 09:57:41 ----D---- C:\ComboFix 2009-06-02 09:57:41 ----A---- C:\WINDOWS\system32\CF32321.exe 2009-06-01 17:23:00 ----A---- C:\WINDOWS\system32\CF1258.exe 2009-06-01 17:22:47 ----A---- C:\Bug.txt 2009-06-01 17:22:45 ----A---- C:\WINDOWS\system32\cmd.execf 2009-06-01 17:11:41 ----A---- C:\WINDOWS\system32\CF31822.exe 2009-06-01 17:01:57 ----A---- C:\WINDOWS\system32\CF29905.exe 2009-06-01 16:54:15 ----A---- C:\WINDOWS\system32\CF28377.exe 2009-06-01 16:40:10 ----A---- C:\WINDOWS\system32\CF25532.exe 2009-05-30 20:11:55 ----A---- C:\WINDOWS\system32\CF13424.exe 2009-05-30 16:05:36 ----D---- C:\WINDOWS\ERDNT 2009-05-30 16:05:34 ----A---- C:\WINDOWS\system32\CF11373.exe 2009-05-30 16:04:09 ----D---- C:\Qoobox 2009-05-30 10:02:18 ----D---- C:\Programme\RegCleaner 2009-05-30 09:58:10 ----D---- C:\rsit 2009-05-27 19:33:57 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Malwarebytes 2009-05-27 19:33:49 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-05-27 19:33:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-05-26 18:37:24 ----D---- C:\Programme\Alwil Software 2009-05-25 21:03:53 ----D---- C:\Programme\Trend Micro 2009-05-25 20:24:46 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-19 22:48:18 ----RSH---- C:\WINDOWS\system32\AgCPanelFrenchb.exe ======List of files/folders modified in the last 1 months====== 2009-06-02 10:56:33 ----D---- C:\WINDOWS\Prefetch 2009-06-02 10:32:49 ----D---- C:\WINDOWS\system32\CatRoot2 2009-06-02 10:14:56 ----D---- C:\WINDOWS\temp 2009-06-02 10:11:49 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-02 10:11:31 ----D---- C:\WINDOWS 2009-06-02 10:11:24 ----D---- C:\Programme\Spybot - Search & Destroy 2009-06-02 10:11:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-06-02 09:57:41 ----D---- C:\WINDOWS\SYSTEM32 2009-05-30 16:09:30 ----RD---- C:\Programme 2009-05-30 16:07:03 ----D---- C:\WINDOWS\system32\DRIVERS 2009-05-30 15:38:40 ----D---- C:\WINDOWS\Minidump 2009-05-30 15:37:11 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Azureus 2009-05-30 13:50:35 ----D---- C:\Programme\Orbitdownloader 2009-05-30 11:19:35 ----A---- C:\WINDOWS\PhotoSnapViewer.INI 2009-05-30 10:02:30 ----D---- C:\Dokumente und Einstellungen\Michael Schultheis\Anwendungsdaten\Orbit 2009-05-26 21:35:29 ----D---- C:\WINDOWS\system32\CONFIG 2009-05-26 18:32:30 ----D---- C:\WINDOWS\system32\oodag 2009-05-26 18:22:11 ----HD---- C:\WINDOWS\INF 2009-05-26 18:21:00 ----SHD---- C:\WINDOWS\Installer 2009-05-26 18:20:58 ----D---- C:\WINDOWS\WinSxS 2009-05-25 13:52:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-05-25 13:51:36 ----RSHD---- C:\WINDOWS\system32\DLLCACHE 2009-05-24 17:49:16 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-14 21:25:42 ----D---- C:\Programme\DVD Decrypter 2009-05-14 21:21:33 ----A---- C:\WINDOWS\cdplayer.ini 2009-05-07 09:16:30 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-04 17:30:37 ----SD---- C:\WINDOWS\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-03-28 5632] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192] R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-09-24 235840] R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 NIOC;NIOC Service; \??\C:\WINDOWS\System32\NIOC.SYS [] R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 745984] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2003-09-22 130192] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2003-09-22 178672] R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048] R3 SbieDrv;SbieDrv; \??\C:\Programme\Sandboxie\SbieDrv.sys [] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [] S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-05-02 2432] S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-05-02 2560] S1 P3;Intel PentiumIII-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848] S3 aq3kruqc;aq3kruqc; C:\WINDOWS\system32\drivers\aq3kruqc.sys [] S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-12-20 4352] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000] S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220] S3 DynCal;Dynamic Calibration Service; C:\WINDOWS\System32\Drivers\DynCal.sys [2001-05-21 8051] S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776] S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS [] S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-12-20 265088] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615] S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-08-23 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-08-23 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-08-23 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-08-23 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-08-23 83344] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS [] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-04-10 636416] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS [] S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 utblfilt;utblfilt; C:\WINDOWS\System32\drivers\utblfilt.sys [2001-05-23 12084] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504] S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 376832] R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2007-12-20 364544] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2004-07-22 1433616] R2 Iprip;RIP-Überwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-10-21 303104] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2004-05-17 184320] R2 SbieSvc;Sandboxie Service; C:\Programme\Sandboxie\SbieSvc.exe [2008-09-02 48640] R2 Seagate Sync Service;Seagate Sync Service; C:\Programme\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120] R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496] R2 WZCBDLService;WZCBDL Service; C:\Programme\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864] S2 antivirupgradeservice;Avira Upgrade Service; C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe /TEMPSTART:C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE [] S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2004-05-15 516096] S2 ATIusnsvc;ATI Smart ATIusnsvc; C:\WINDOWS\system32\AgCPanelFrenchb.exe [2009-05-19 53248] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 MemeoBackgroundService;MemeoBackgroundService; C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2007-06-28 501048] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2007-04-19 68096] S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144] S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240] S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208] S3 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2005-04-05 206552] S3 usnsvc;Messenger Sharing USN Journal Reader-Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- Ich wollte auch die beiden Dateien hochladen, die du angegebn hast, aber sie waren nicht da ("Alle Dateien anzeigen" war aktiviert). >>Hast Du schon mal den upgrade probiert?<< Sorry, wie meinst du das? Antivir hab ich ja deinstalliert, dann müsste ich ja erst wieder installieren oder? Vg, Michael |
Hi, hmm,... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code: C:\WINDOWS\system32\AgCPanelFrenchb.exe
Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop: http://saved.im/mzi3ndg3nta0/aven.jpg 2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code: Files to delete:4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code: O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dllchris |
Hallo Chris, zunächst die Auswertung von Virustotal: Prüfung von Virustotal: - C:\Windows\system32\AgCPanelFrenchb.exe INternal server error - Datei MemeoBackgroundService.exe empfangen 2009.03.09 16:01:06 (UTC) Status: Beendet Ergebnis: 0/38 (0.00%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.03.09 - AhnLab-V3 5.0.0.2 2009.02.27 - AntiVir 7.9.0.107 2009.03.09 - Authentium 5.1.0.4 2009.03.08 - Avast 4.8.1335.0 2009.03.09 - AVG 8.0.0.237 2009.03.09 - BitDefender 7.2 2009.03.09 - CAT-QuickHeal 10.00 2009.03.09 - ClamAV 0.94.1 2009.03.06 - Comodo 1039 2009.03.09 - DrWeb 4.44.0.09170 2009.03.09 - eSafe 7.0.17.0 2009.03.09 - eTrust-Vet 31.6.6386 2009.03.06 - F-Prot 4.4.4.56 2009.03.08 - F-Secure 8.0.14470.0 2009.03.09 - Fortinet 3.117.0.0 2009.03.09 - GData 19 2009.03.09 - Ikarus T3.1.1.45.0 2009.03.09 - K7AntiVirus 7.10.664 2009.03.09 - Kaspersky 7.0.0.125 2009.03.09 - McAfee 5547 2009.03.08 - McAfee+Artemis 5547 2009.03.08 - Microsoft 1.4405 2009.03.09 - NOD32 3921 2009.03.09 - Norman 6.00.06 2009.03.06 - nProtect 2009.1.8.0 2009.03.09 - Panda 10.0.0.10 2009.03.09 - PCTools 4.4.2.0 2009.03.09 - Prevx1 V2 2009.03.09 - Rising 21.20.02.00 2009.03.09 - SecureWeb-Gateway 6.7.6 2009.03.09 - Sophos 4.39.0 2009.03.09 - Sunbelt 3.2.1858.2 2009.03.08 - Symantec 1.4.4.12 2009.03.09 - TheHacker 6.3.3.0.277 2009.03.09 - TrendMicro 8.700.0.1004 2009.03.09 - ViRobot 2009.3.9.1641 2009.03.09 - VirusBuster 4.5.11.0 2009.03.09 - weitere Informationen File size: 25824 bytes MD5 : ed6235c93981d8658fa433092a809303 SHA1 : 8dbcb53fcb1c59e05bc1989c461da83e00a27590 SHA256: da61f67f5ddb731920e087484298c6c2a4cad872b648f28f75ec8fbe3fe8d88f PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x365E timedatestamp.....: 0x48EA636C (Mon Oct 6 21:13:48 2008) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x2000 0x1664 0x2000 4.04 69eedbf3f6114e54de1d49e46bbe8f00 .rsrc 0x4000 0x3B0 0x1000 0.97 64361d258a0cca538dbc9741ea146c4e .reloc 0x6000 0xC 0x1000 0.01 7bc88186bd13ccc3a4ae424983d9513a ( 0 imports ) ( 0 exports ) TrID : File type identification Win64 Executable Generic (85.4%) Win32 Executable Generic (8.5%) Win16/32 Executable Delphi generic (2.0%) Generic Win/DOS Executable (1.9%) DOS Executable Generic (1.9%) ssdeep: 192:TDUMjo+xqu654r7L5f/Zw0dx1MHWlbUjhsb2yowJL/aMjGwP7rMiR7+ebMKtMKUj:TDUMjbxq5c7L5XRdIQ4jhq2YJLWmtb2j PEiD : - RDS : NSRL Reference Data Set - Datei Macromedia_Licensing.exe empfangen 2009.05.27 12:05:08 (UTC) Status: Beendet Ergebnis: 0/35 (0.00%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.05.27 - AhnLab-V3 5.0.0.2 2009.05.27 - AntiVir 7.9.0.168 2009.05.27 - Antiy-AVL 2.0.3.1 2009.05.27 - Authentium 5.1.2.4 2009.05.27 - Avast 4.8.1335.0 2009.05.26 - BitDefender 7.2 2009.05.27 - CAT-QuickHeal 10.00 2009.05.27 - ClamAV 0.94.1 2009.05.27 - Comodo 1203 2009.05.26 - eSafe 7.0.17.0 2009.05.27 - eTrust-Vet 31.6.6524 2009.05.27 - F-Prot 4.4.4.56 2009.05.27 - GData 19 2009.05.27 - Ikarus T3.1.1.57.0 2009.05.27 - K7AntiVirus 7.10.745 2009.05.26 - Kaspersky 7.0.0.125 2009.05.27 - McAfee 5627 2009.05.26 - McAfee+Artemis 5627 2009.05.26 - McAfee-GW-Edition 6.7.6 2009.05.27 - Microsoft 1.4701 2009.05.27 - NOD32 4108 2009.05.27 - Norman 6.01.05 2009.05.26 - nProtect 2009.1.8.0 2009.05.27 - Panda 10.0.0.14 2009.05.26 - PCTools 4.4.2.0 2009.05.21 - Prevx 3.0 2009.05.27 - Rising 21.31.21.00 2009.05.27 - Sophos 4.42.0 2009.05.27 - Sunbelt 3.2.1858.2 2009.05.27 - Symantec 1.4.4.12 2009.05.27 - TheHacker 6.3.4.3.332 2009.05.26 - TrendMicro 8.950.0.1092 2009.05.27 - ViRobot 2009.5.27.1757 2009.05.27 - VirusBuster 4.6.5.0 2009.05.26 - weitere Informationen File size: 68096 bytes MD5 : 04d3a71875699098af856ee5f9f72ac3 SHA1 : 33e1a9fa46e14f1b18865be4de0f62271687ba91 SHA256: b7eb995882cb2f4fe24f9df516583c428840e878d5416965196ba2e2c5943edb PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4AC0 timedatestamp.....: 0x3FFBDAC2 (Wed Jan 7 11:09:06 2004) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xB526 0xB600 6.62 4780c0778a6efd2f7679079c924bae6a .rdata 0xD000 0x14D8 0x1600 5.26 4a676530334aaf67698db04c23c381d1 .data 0xF000 0x4CC8 0x3600 1.53 5babcb5864ef60a8716def6459fdda0e .rsrc 0x14000 0x248 0x400 2.03 882edf91479ee55186688d7f35f651c4 ( 3 imports ) > advapi32.dll: RegDeleteValueA, QueryServiceConfigA, RegEnumKeyExA, RegCloseKey, RegOpenKeyExA, RegisterEventSourceA, ReportEventA, RegDeleteKeyA, SetServiceStatus, RegisterServiceCtrlHandlerA, DeregisterEventSource, OpenServiceA, CloseServiceHandle, OpenSCManagerA, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherA, InitializeSecurityDescriptor, RegSetValueExA, GetLengthSid, RegCreateKeyExA, QueryServiceStatus, OpenServiceW, StartServiceW, RegQueryValueExA, OpenSCManagerW > kernel32.dll: ConnectNamedPipe, FindClose, FindNextFileA, FindFirstFileA, CreateDirectoryA, GetProcAddress, LeaveCriticalSection, EnterCriticalSection, WaitForSingleObject, WaitForMultipleObjectsEx, ReleaseMutex, QueryDosDeviceA, CreateFileW, GetExitCodeThread, GetModuleHandleA, lstrcpyW, lstrlenW, QueryDosDeviceW, SetWaitableTimer, CreateWaitableTimerA, DisconnectNamedPipe, GetOverlappedResult, GetTickCount, SetEvent, ResumeThread, SuspendThread, CreateEventA, InitializeCriticalSection, LoadLibraryA, CreateThread, CreateMutexA, CreateNamedPipeA, WriteFile, FreeLibrary, WaitForSingleObjectEx, GetSystemDirectoryA, GetVersionExA, GetLastError, lstrlenA, SetFilePointer, ReadFile, OpenProcess, DeviceIoControl, TlsAlloc, CloseHandle, CreateFileA, SetLastError, SetEnvironmentVariableA, CompareStringA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, HeapFree, HeapAlloc, RtlUnwind, InterlockedDecrement, InterlockedIncrement, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetCommandLineA, GetVersion, ExitProcess, GetModuleFileNameA, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, DeleteCriticalSection, TerminateProcess, GetCurrentProcess, HeapSize, GetCurrentThreadId, TlsSetValue, CompareStringW, GetStdHandle, TlsGetValue, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetCPInfo, GetACP, GetOEMCP, SetStdHandle > user32.dll: wsprintfA, DestroyWindow, DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassA, DefWindowProcA ( 0 exports ) TrID : File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) ssdeep: 1536:exJBQsGcBTJwKogS+Oiag8yTzxeroxhs:8Ji9McgSzTg8yTzxeroxhs PEiD : Armadillo v1.71 RDS : NSRL Reference Data Set Datei CF15184.exe empfangen 2009.04.29 12:53:18 (UTC) Status: Beendet Ergebnis: 0/40 (0.00%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.04.29 - AhnLab-V3 5.0.0.2 2009.04.29 - AntiVir 7.9.0.156 2009.04.29 - Antiy-AVL 2.0.3.1 2009.04.29 - Authentium 5.1.2.4 2009.04.29 - Avast 4.8.1335.0 2009.04.28 - AVG 8.5.0.287 2009.04.29 - BitDefender 7.2 2009.04.29 - CAT-QuickHeal 10.00 2009.04.29 - ClamAV 0.94.1 2009.04.29 - Comodo 1141 2009.04.29 - DrWeb 4.44.0.09170 2009.04.29 - eSafe 7.0.17.0 2009.04.27 - eTrust-Vet 31.6.6482 2009.04.29 - F-Prot 4.4.4.56 2009.04.29 - F-Secure 8.0.14470.0 2009.04.29 - Fortinet 3.117.0.0 2009.04.29 - GData 19 2009.04.29 - Ikarus T3.1.1.49.0 2009.04.29 - K7AntiVirus 7.10.719 2009.04.29 - Kaspersky 7.0.0.125 2009.04.29 - McAfee 5599 2009.04.28 - McAfee+Artemis 5599 2009.04.28 - McAfee-GW-Edition 6.7.6 2009.04.29 - Microsoft 1.4602 2009.04.29 - NOD32 4042 2009.04.29 - Norman 6.00.06 2009.04.28 - nProtect 2009.1.8.0 2009.04.29 - Panda 10.0.0.14 2009.04.28 - PCTools 4.4.2.0 2009.04.29 - Prevx1 3.0 2009.04.29 - Rising 21.27.22.00 2009.04.29 - Sophos 4.41.0 2009.04.29 - Sunbelt 3.2.1858.2 2009.04.28 - Symantec 1.4.4.12 2009.04.29 - TheHacker 6.3.4.1.317 2009.04.29 - TrendMicro 8.950.0.1092 2009.04.29 - VBA32 3.12.10.3 2009.04.29 - ViRobot 2009.4.29.1715 2009.04.29 - VirusBuster 4.6.5.0 2009.04.28 - weitere Informationen File size: 401920 bytes MD5 : 5c0105e6265558b4ebda18b635d26500 SHA1 : 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025BAF (Sun Apr 13 21:14:55 2008) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1F620 0x1F800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1CA24 0x1CA00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3E000 0x25AA0 0x25C00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 0 imports ) ( 0 exports ) TrID : File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ThreatExpert: http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500 ssdeep: 3072:NhRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxIbU+qwlTMbxrCsmqwju5HeEUcWj2:bkF5oXpcFb5DRsNxIbUNaM9+KNGA PEiD : - RDS : NSRL Reference Data Set - Datei CF15184.exe empfangen 2009.04.29 12:53:18 (UTC) Status: Beendet Ergebnis: 0/40 (0.00%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.04.29 - AhnLab-V3 5.0.0.2 2009.04.29 - AntiVir 7.9.0.156 2009.04.29 - Antiy-AVL 2.0.3.1 2009.04.29 - Authentium 5.1.2.4 2009.04.29 - Avast 4.8.1335.0 2009.04.28 - AVG 8.5.0.287 2009.04.29 - BitDefender 7.2 2009.04.29 - CAT-QuickHeal 10.00 2009.04.29 - ClamAV 0.94.1 2009.04.29 - Comodo 1141 2009.04.29 - DrWeb 4.44.0.09170 2009.04.29 - eSafe 7.0.17.0 2009.04.27 - eTrust-Vet 31.6.6482 2009.04.29 - F-Prot 4.4.4.56 2009.04.29 - F-Secure 8.0.14470.0 2009.04.29 - Fortinet 3.117.0.0 2009.04.29 - GData 19 2009.04.29 - Ikarus T3.1.1.49.0 2009.04.29 - K7AntiVirus 7.10.719 2009.04.29 - Kaspersky 7.0.0.125 2009.04.29 - McAfee 5599 2009.04.28 - McAfee+Artemis 5599 2009.04.28 - McAfee-GW-Edition 6.7.6 2009.04.29 - Microsoft 1.4602 2009.04.29 - NOD32 4042 2009.04.29 - Norman 6.00.06 2009.04.28 - nProtect 2009.1.8.0 2009.04.29 - Panda 10.0.0.14 2009.04.28 - PCTools 4.4.2.0 2009.04.29 - Prevx1 3.0 2009.04.29 - Rising 21.27.22.00 2009.04.29 - Sophos 4.41.0 2009.04.29 - Sunbelt 3.2.1858.2 2009.04.28 - Symantec 1.4.4.12 2009.04.29 - TheHacker 6.3.4.1.317 2009.04.29 - TrendMicro 8.950.0.1092 2009.04.29 - VBA32 3.12.10.3 2009.04.29 - ViRobot 2009.4.29.1715 2009.04.29 - VirusBuster 4.6.5.0 2009.04.28 - weitere Informationen File size: 401920 bytes MD5 : 5c0105e6265558b4ebda18b635d26500 SHA1 : 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025BAF (Sun Apr 13 21:14:55 2008) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1F620 0x1F800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1CA24 0x1CA00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3E000 0x25AA0 0x25C00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 0 imports ) ( 0 exports ) TrID : File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ThreatExpert: http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500 ssdeep: 3072:NhRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxIbU+qwlTMbxrCsmqwju5HeEUcWj2:bkF5oXpcFb5DRsNxIbUNaM9+KNGA PEiD : - RDS : NSRL Reference Data Set Datei CF15184.exe empfangen 2009.04.29 12:53:18 (UTC) Status: Beendet Ergebnis: 0/40 (0.00%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.04.29 - AhnLab-V3 5.0.0.2 2009.04.29 - AntiVir 7.9.0.156 2009.04.29 - Antiy-AVL 2.0.3.1 2009.04.29 - Authentium 5.1.2.4 2009.04.29 - Avast 4.8.1335.0 2009.04.28 - AVG 8.5.0.287 2009.04.29 - BitDefender 7.2 2009.04.29 - CAT-QuickHeal 10.00 2009.04.29 - ClamAV 0.94.1 2009.04.29 - Comodo 1141 2009.04.29 - DrWeb 4.44.0.09170 2009.04.29 - eSafe 7.0.17.0 2009.04.27 - eTrust-Vet 31.6.6482 2009.04.29 - F-Prot 4.4.4.56 2009.04.29 - F-Secure 8.0.14470.0 2009.04.29 - Fortinet 3.117.0.0 2009.04.29 - GData 19 2009.04.29 - Ikarus T3.1.1.49.0 2009.04.29 - K7AntiVirus 7.10.719 2009.04.29 - Kaspersky 7.0.0.125 2009.04.29 - McAfee 5599 2009.04.28 - McAfee+Artemis 5599 2009.04.28 - McAfee-GW-Edition 6.7.6 2009.04.29 - Microsoft 1.4602 2009.04.29 - NOD32 4042 2009.04.29 - Norman 6.00.06 2009.04.28 - nProtect 2009.1.8.0 2009.04.29 - Panda 10.0.0.14 2009.04.28 - PCTools 4.4.2.0 2009.04.29 - Prevx1 3.0 2009.04.29 - Rising 21.27.22.00 2009.04.29 - Sophos 4.41.0 2009.04.29 - Sunbelt 3.2.1858.2 2009.04.28 - Symantec 1.4.4.12 2009.04.29 - TheHacker 6.3.4.1.317 2009.04.29 - TrendMicro 8.950.0.1092 2009.04.29 - VBA32 3.12.10.3 2009.04.29 - ViRobot 2009.4.29.1715 2009.04.29 - VirusBuster 4.6.5.0 2009.04.28 - weitere Informationen File size: 401920 bytes MD5 : 5c0105e6265558b4ebda18b635d26500 SHA1 : 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025BAF (Sun Apr 13 21:14:55 2008) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1F620 0x1F800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1CA24 0x1CA00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3E000 0x25AA0 0x25C00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 0 imports ) ( 0 exports ) TrID : File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ThreatExpert: http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500 ssdeep: 3072:NhRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxIbU+qwlTMbxrCsmqwju5HeEUcWj2:bkF5oXpcFb5DRsNxIbUNaM9+KNGA PEiD : - RDS : NSRL Reference Data Set - Datei CF15195.exe empfangen 2009.06.02 12:17:26 (UTC) Status: Beendet Ergebnis: 0/40 (0%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.06.02 - AhnLab-V3 5.0.0.2 2009.06.02 - AntiVir 7.9.0.180 2009.06.02 - Antiy-AVL 2.0.3.1 2009.06.02 - Authentium 5.1.2.4 2009.06.02 - Avast 4.8.1335.0 2009.06.01 - AVG 8.5.0.339 2009.06.02 - BitDefender 7.2 2009.06.02 - CAT-QuickHeal 10.00 2009.06.02 - ClamAV 0.94.1 2009.06.02 - Comodo 1233 2009.06.02 - DrWeb 5.0.0.12182 2009.06.02 - eSafe 7.0.17.0 2009.06.01 - eTrust-Vet 31.6.6535 2009.06.02 - F-Prot 4.4.4.56 2009.06.02 - F-Secure 8.0.14470.0 2009.06.02 - Fortinet 3.117.0.0 2009.06.02 - GData 19 2009.06.02 - Ikarus T3.1.1.57.0 2009.06.02 - K7AntiVirus 7.10.749 2009.05.29 - Kaspersky 7.0.0.125 2009.06.02 - McAfee 5633 2009.06.01 - McAfee+Artemis 5633 2009.06.01 - McAfee-GW-Edition 6.7.6 2009.05.29 - Microsoft 1.4701 2009.06.02 - NOD32 4122 2009.06.02 - Norman 6.01.05 2009.06.01 - nProtect 2009.1.8.0 2009.06.02 - Panda 10.0.0.14 2009.06.01 - PCTools 4.4.2.0 2009.06.02 - Prevx 3.0 2009.06.02 - Rising 21.32.13.00 2009.06.02 - Sophos 4.42.0 2009.06.02 - Sunbelt 3.2.1858.2 2009.06.02 - Symantec 1.4.4.12 2009.06.02 - TheHacker 6.3.4.3.335 2009.06.01 - TrendMicro 8.950.0.1092 2009.06.02 - VBA32 3.12.10.6 2009.06.02 - ViRobot 2009.6.2.1765 2009.06.02 - VirusBuster 4.6.5.0 2009.06.01 - weitere Informationen File size: 401920 bytes MD5...: 5c0105e6265558b4ebda18b635d26500 SHA1..: 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab ssdeep: - PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 3 imports ) > KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime > msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper > USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500</a> |
Fortsetzung 1: Datei CF25532.exe empfangen 2009.06.02 12:20:54 (UTC) Status: Beendet Ergebnis: 0/40 (0%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.06.02 - AhnLab-V3 5.0.0.2 2009.06.02 - AntiVir 7.9.0.180 2009.06.02 - Antiy-AVL 2.0.3.1 2009.06.02 - Authentium 5.1.2.4 2009.06.02 - Avast 4.8.1335.0 2009.06.01 - AVG 8.5.0.339 2009.06.02 - BitDefender 7.2 2009.06.02 - CAT-QuickHeal 10.00 2009.06.02 - ClamAV 0.94.1 2009.06.02 - Comodo 1233 2009.06.02 - DrWeb 5.0.0.12182 2009.06.02 - eSafe 7.0.17.0 2009.06.01 - eTrust-Vet 31.6.6535 2009.06.02 - F-Prot 4.4.4.56 2009.06.02 - F-Secure 8.0.14470.0 2009.06.02 - Fortinet 3.117.0.0 2009.06.02 - GData 19 2009.06.02 - Ikarus T3.1.1.57.0 2009.06.02 - K7AntiVirus 7.10.749 2009.05.29 - Kaspersky 7.0.0.125 2009.06.02 - McAfee 5633 2009.06.01 - McAfee+Artemis 5633 2009.06.01 - McAfee-GW-Edition 6.7.6 2009.05.29 - Microsoft 1.4701 2009.06.02 - NOD32 4122 2009.06.02 - Norman 6.01.05 2009.06.01 - nProtect 2009.1.8.0 2009.06.02 - Panda 10.0.0.14 2009.06.01 - PCTools 4.4.2.0 2009.06.02 - Prevx 3.0 2009.06.02 - Rising 21.32.13.00 2009.06.02 - Sophos 4.42.0 2009.06.02 - Sunbelt 3.2.1858.2 2009.06.02 - Symantec 1.4.4.12 2009.06.02 - TheHacker 6.3.4.3.335 2009.06.01 - TrendMicro 8.950.0.1092 2009.06.02 - VBA32 3.12.10.6 2009.06.02 - ViRobot 2009.6.2.1765 2009.06.02 - VirusBuster 4.6.5.0 2009.06.01 - weitere Informationen File size: 401920 bytes MD5...: 5c0105e6265558b4ebda18b635d26500 SHA1..: 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab ssdeep: - PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 3 imports ) > KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime > msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper > USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500</a> Datei CF28377.exe empfangen 2009.06.02 12:23:22 (UTC) Status: Beendet Ergebnis: 0/40 (0%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.06.02 - AhnLab-V3 5.0.0.2 2009.06.02 - AntiVir 7.9.0.180 2009.06.02 - Antiy-AVL 2.0.3.1 2009.06.02 - Authentium 5.1.2.4 2009.06.02 - Avast 4.8.1335.0 2009.06.01 - AVG 8.5.0.339 2009.06.02 - BitDefender 7.2 2009.06.02 - CAT-QuickHeal 10.00 2009.06.02 - ClamAV 0.94.1 2009.06.02 - Comodo 1233 2009.06.02 - DrWeb 5.0.0.12182 2009.06.02 - eSafe 7.0.17.0 2009.06.01 - eTrust-Vet 31.6.6535 2009.06.02 - F-Prot 4.4.4.56 2009.06.02 - F-Secure 8.0.14470.0 2009.06.02 - Fortinet 3.117.0.0 2009.06.02 - GData 19 2009.06.02 - Ikarus T3.1.1.57.0 2009.06.02 - K7AntiVirus 7.10.749 2009.05.29 - Kaspersky 7.0.0.125 2009.06.02 - McAfee 5633 2009.06.01 - McAfee+Artemis 5633 2009.06.01 - McAfee-GW-Edition 6.7.6 2009.05.29 - Microsoft 1.4701 2009.06.02 - NOD32 4122 2009.06.02 - Norman 6.01.05 2009.06.01 - nProtect 2009.1.8.0 2009.06.02 - Panda 10.0.0.14 2009.06.01 - PCTools 4.4.2.0 2009.06.02 - Prevx 3.0 2009.06.02 - Rising 21.32.13.00 2009.06.02 - Sophos 4.42.0 2009.06.02 - Sunbelt 3.2.1858.2 2009.06.02 - Symantec 1.4.4.12 2009.06.02 - TheHacker 6.3.4.3.335 2009.06.01 - TrendMicro 8.950.0.1092 2009.06.02 - VBA32 3.12.10.6 2009.06.02 - ViRobot 2009.6.2.1765 2009.06.02 - VirusBuster 4.6.5.0 2009.06.01 - weitere Informationen File size: 401920 bytes MD5...: 5c0105e6265558b4ebda18b635d26500 SHA1..: 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab ssdeep: - PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 3 imports ) > KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime > msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper > USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500</a> Datei CF29905.exe empfangen 2009.06.02 15:22:10 (UTC) Status: Beendet Ergebnis: 0/40 (0%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.06.02 - AhnLab-V3 5.0.0.2 2009.06.02 - AntiVir 7.9.0.180 2009.06.02 - Antiy-AVL 2.0.3.1 2009.06.02 - Authentium 5.1.2.4 2009.06.02 - Avast 4.8.1335.0 2009.06.01 - AVG 8.5.0.339 2009.06.02 - BitDefender 7.2 2009.06.02 - CAT-QuickHeal 10.00 2009.06.02 - ClamAV 0.94.1 2009.06.02 - Comodo 1236 2009.06.02 - DrWeb 5.0.0.12182 2009.06.02 - eSafe 7.0.17.0 2009.06.02 - eTrust-Vet 31.6.6535 2009.06.02 - F-Prot 4.4.4.56 2009.06.02 - F-Secure 8.0.14470.0 2009.06.02 - Fortinet 3.117.0.0 2009.06.02 - GData 19 2009.06.02 - Ikarus T3.1.1.57.0 2009.06.02 - K7AntiVirus 7.10.752 2009.06.02 - Kaspersky 7.0.0.125 2009.06.02 - McAfee 5634 2009.06.02 - McAfee+Artemis 5633 2009.06.01 - McAfee-GW-Edition 6.7.6 2009.05.29 - Microsoft 1.4701 2009.06.02 - NOD32 4123 2009.06.02 - Norman 6.01.05 2009.06.02 - nProtect 2009.1.8.0 2009.06.02 - Panda 10.0.0.14 2009.06.01 - PCTools 4.4.2.0 2009.06.02 - Prevx 3.0 2009.06.02 - Rising 21.32.14.00 2009.06.02 - Sophos 4.42.0 2009.06.02 - Sunbelt 3.2.1858.2 2009.06.02 - Symantec 1.4.4.12 2009.06.02 - TheHacker 6.3.4.3.335 2009.06.01 - TrendMicro 8.950.0.1092 2009.06.02 - VBA32 3.12.10.6 2009.06.02 - ViRobot 2009.6.2.1765 2009.06.02 - VirusBuster 4.6.5.0 2009.06.02 - weitere Informationen File size: 401920 bytes MD5...: 5c0105e6265558b4ebda18b635d26500 SHA1..: 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab ssdeep: - PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 3 imports ) > KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime > msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper > USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - Datei CF29905.exe empfangen 2009.06.02 15:26:05 (UTC) Status: Beendet Ergebnis: 0/40 (0%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.06.02 - AhnLab-V3 5.0.0.2 2009.06.02 - AntiVir 7.9.0.180 2009.06.02 - Antiy-AVL 2.0.3.1 2009.06.02 - Authentium 5.1.2.4 2009.06.02 - Avast 4.8.1335.0 2009.06.01 - AVG 8.5.0.339 2009.06.02 - BitDefender 7.2 2009.06.02 - CAT-QuickHeal 10.00 2009.06.02 - ClamAV 0.94.1 2009.06.02 - Comodo 1236 2009.06.02 - DrWeb 5.0.0.12182 2009.06.02 - eSafe 7.0.17.0 2009.06.02 - eTrust-Vet 31.6.6535 2009.06.02 - F-Prot 4.4.4.56 2009.06.02 - F-Secure 8.0.14470.0 2009.06.02 - Fortinet 3.117.0.0 2009.06.02 - GData 19 2009.06.02 - Ikarus T3.1.1.57.0 2009.06.02 - K7AntiVirus 7.10.752 2009.06.02 - Kaspersky 7.0.0.125 2009.06.02 - McAfee 5634 2009.06.02 - McAfee+Artemis 5633 2009.06.01 - McAfee-GW-Edition 6.7.6 2009.05.29 - Microsoft 1.4701 2009.06.02 - NOD32 4123 2009.06.02 - Norman 6.01.05 2009.06.02 - nProtect 2009.1.8.0 2009.06.02 - Panda 10.0.0.14 2009.06.01 - PCTools 4.4.2.0 2009.06.02 - Prevx 3.0 2009.06.02 - Rising 21.32.14.00 2009.06.02 - Sophos 4.42.0 2009.06.02 - Sunbelt 3.2.1858.2 2009.06.02 - Symantec 1.4.4.12 2009.06.02 - TheHacker 6.3.4.3.335 2009.06.01 - TrendMicro 8.950.0.1092 2009.06.02 - VBA32 3.12.10.6 2009.06.02 - ViRobot 2009.6.2.1765 2009.06.02 - VirusBuster 4.6.5.0 2009.06.02 - weitere Informationen File size: 401920 bytes MD5...: 5c0105e6265558b4ebda18b635d26500 SHA1..: 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab ssdeep: - PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 3 imports ) > KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime > msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper > USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - |
Fortsetzung 2: Datei CF31822.exe empfangen 2009.06.02 15:28:14 (UTC) Status: Beendet Ergebnis: 0/39 (0%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.06.02 - AhnLab-V3 5.0.0.2 2009.06.02 - AntiVir 7.9.0.180 2009.06.02 - Antiy-AVL 2.0.3.1 2009.06.02 - Authentium 5.1.2.4 2009.06.02 - Avast 4.8.1335.0 2009.06.01 - AVG 8.5.0.339 2009.06.02 - BitDefender 7.2 2009.06.02 - CAT-QuickHeal 10.00 2009.06.02 - ClamAV 0.94.1 2009.06.02 - Comodo 1236 2009.06.02 - DrWeb 5.0.0.12182 2009.06.02 - eSafe 7.0.17.0 2009.06.02 - eTrust-Vet 31.6.6535 2009.06.02 - F-Prot 4.4.4.56 2009.06.02 - F-Secure 8.0.14470.0 2009.06.02 - Fortinet 3.117.0.0 2009.06.02 - GData 19 2009.06.02 - Ikarus T3.1.1.57.0 2009.06.02 - K7AntiVirus 7.10.752 2009.06.02 - Kaspersky 7.0.0.125 2009.06.02 - McAfee 5634 2009.06.02 - McAfee+Artemis 5633 2009.06.01 - McAfee-GW-Edition 6.7.6 2009.05.29 - Microsoft 1.4701 2009.06.02 - NOD32 4123 2009.06.02 - Norman 6.01.05 2009.06.02 - nProtect 2009.1.8.0 2009.06.02 - Panda 10.0.0.14 2009.06.01 - PCTools 4.4.2.0 2009.06.02 - Prevx 3.0 2009.06.02 - Rising 21.32.14.00 2009.06.02 - Sophos 4.42.0 2009.06.02 - Sunbelt 3.2.1858.2 2009.06.02 - Symantec 1.4.4.12 2009.06.02 - TheHacker 6.3.4.3.335 2009.06.01 - TrendMicro 8.950.0.1092 2009.06.02 - VBA32 3.12.10.6 2009.06.02 - ViRobot 2009.6.2.1765 2009.06.02 - weitere Informationen File size: 401920 bytes MD5...: 5c0105e6265558b4ebda18b635d26500 SHA1..: 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab ssdeep: - PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 3 imports ) > KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime > msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper > USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set Datei CF32321.exe empfangen 2009.06.02 15:30:34 (UTC) Status: Beendet Ergebnis: 0/39 (0%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.06.02 - AhnLab-V3 5.0.0.2 2009.06.02 - AntiVir 7.9.0.180 2009.06.02 - Antiy-AVL 2.0.3.1 2009.06.02 - Authentium 5.1.2.4 2009.06.02 - Avast 4.8.1335.0 2009.06.01 - AVG 8.5.0.339 2009.06.02 - CAT-QuickHeal 10.00 2009.06.02 - ClamAV 0.94.1 2009.06.02 - Comodo 1236 2009.06.02 - DrWeb 5.0.0.12182 2009.06.02 - eSafe 7.0.17.0 2009.06.02 - eTrust-Vet 31.6.6535 2009.06.02 - F-Prot 4.4.4.56 2009.06.02 - F-Secure 8.0.14470.0 2009.06.02 - Fortinet 3.117.0.0 2009.06.02 - GData 19 2009.06.02 - Ikarus T3.1.1.57.0 2009.06.02 - K7AntiVirus 7.10.752 2009.06.02 - Kaspersky 7.0.0.125 2009.06.02 - McAfee 5634 2009.06.02 - McAfee+Artemis 5633 2009.06.01 - McAfee-GW-Edition 6.7.6 2009.05.29 - Microsoft 1.4701 2009.06.02 - NOD32 4123 2009.06.02 - Norman 6.01.05 2009.06.02 - nProtect 2009.1.8.0 2009.06.02 - Panda 10.0.0.14 2009.06.01 - PCTools 4.4.2.0 2009.06.02 - Prevx 3.0 2009.06.02 - Rising 21.32.14.00 2009.06.02 - Sophos 4.42.0 2009.06.02 - Sunbelt 3.2.1858.2 2009.06.02 - Symantec 1.4.4.12 2009.06.02 - TheHacker 6.3.4.3.335 2009.06.01 - TrendMicro 8.950.0.1092 2009.06.02 - VBA32 3.12.10.6 2009.06.02 - ViRobot 2009.6.2.1765 2009.06.02 - VirusBuster 4.6.5.0 2009.06.02 - weitere Informationen File size: 401920 bytes MD5...: 5c0105e6265558b4ebda18b635d26500 SHA1..: 2c166211f44866ec9243373809faad1ab3532e81 SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab ssdeep: - PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5046 timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd .data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336 .rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22 ( 3 imports ) > KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime > msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper > USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500</a> Eine Datei konnte nicht hochgeladen werden: - C:\Windows\system32\AgCPanelFrenchb.exe Es erschien die Meldung "Internal Serval Error" und man solle den webmaster kontaktieren,was ich aber noch nicht gemacht hab. Die Datei ist als versteckt/unsichtbar gekennzeichnet und ich kann sie nicht kopieren, weil sie in Benutzung sei. Diese Datei konnte ich nicht finden: C:\WINDOWS\system32\drivers\aq3kruqc.sys |
Fortsetzung 3: Nun folgt das Avengerlog: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Programme\Search Settings\kb127\SearchSettings.dll" deleted successfully. Folder "C:\Programme\Search Settings\kb127" deleted successfully. Folder "C:\Programme\Search Settings" deleted successfully. Completed script processing. ******************* Finished! Terminate. Dann das HJ-log nach dem Fixen der angebenen Einträge: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:20:06, on 02.06.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\SYSTEM32\ati2sgag.exe C:\WINDOWS\system32\AgCPanelFrenchb.exe C:\WINDOWS\system32\svchost.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\oodag.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Sandboxie\SbieSvc.exe C:\Programme\Seagate\Sync\SeaSyncServices.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Programme\WZCBDL Service\WZCBDLS.exe C:\WINDOWS\system32\fxssvc.exe C:\Programme\D-Link\Air USB Utility\AirCFG.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\avmwlanstick\wlangui.exe C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\Michael Schultheis\Desktop\prüfung.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent O4 - HKCU\..\Run: [HDDHealth] H:\HDD Health\hddhealth.exe -wl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1088778804203 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABE8A3-616C-4193-A970-E9382778410C}: NameServer = 192.168.0.1 O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: ATI Smart ATIusnsvc (ATIusnsvc) - Unknown owner - C:\WINDOWS\system32\AgCPanelFrenchb.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Programme\Seagate\Sync\SeaSyncServices.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programme\WZCBDL Service\WZCBDLS.exe -- End of file - 9170 bytes Combofix nochmal runtergeladen und so starten versucht, aber er warnt mich wieder sofort, es sei noch Avira-Wächter aktiv. Vg, Michael |
Ach so, wenn ich irgendwas im abgesicherten Modus laufen lassen muss, dann sag bitte, bisher hab ich das immer im normalen gemacht, weiß ja nicht, ob das wichtig ist. Vg |
Hi, hast Du mit HJ wie angegeben die Einträge gefixt? Hardcore: Start->Ausführen->cmd Dort reinschreiben: sc stop "AntiVirScheduler" (Enter-Taste drücken, dann so weiter machen ;o) sc delete "AntiVirScheduler" sc stop "AntiVirService" sc delete "AntiVirService" sc stop "AntiVirUpgradeService" sc delete "AntiVirUpgradeService" Lösche dann das Avira-Directory in C:\Programme\Avira... Rechner neu starten... Fixe dann die Einträge mit HJ noch mal (siehe vorangegangenes Posting) Damit wird Avira gestoppt und dann gelöscht... Dann probiere bitte noch mal combofix, ev. im abgesicherten Modus (F8 beim Booten) Wenn er immer noch Avira meldet dann: http://forum.avira.com/wbb/index.php...threadid=13095 Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser beendet, wähle Copy und füge den Bericht ein. chris Ps.: Bin morgen den ganzen Tag unterwegs, daher nicht erreichbar... Das Teil hat einiges "umgebogen"... S2 ATIusnsvc;ATI Smart ATIusnsvc; C:\WINDOWS\system32\AgCPanelFrenchb.exe [2009-05-19 53248] Hast Du am 19.05. die Treiber der ATI-Grafikarte upgedatet... Dazu findet sich absolut nichts, das ist normalerweise kein gutes Zeichen... Notfalls gehen wir dann von aussen auf den Rechner: (Wenn Du eine ATI-Grafikkarte hast, geht die AIR-BootCD leider nicht, daher:) G Data-Rettungs-CD, Größe ca. 110 MB: http://www.gdata.de/typo3conf/ext/da....php?docID=826 Runterladen und dann auf CD brennen, von CD booten (im Bios die Bootreihenfolge umstellen, gilt auch für AVIRA).... |
So, hallo, Die angebenen HJ-Dinger hatte ich schon beim letzten Mal gefixt, hab nochmal nachgesehen, drei von denen waren wieder da, hab ich nochmal gefixt. Trotzdem, COmbofix macht immer noch FEhlermeldung, auch im abgesichterten Modus. Ich hab mal nachgesehen, ich hab einen Combofix-Ordner unter C. Wenn ich das combofix \u unter ausführen eingebe, geht der aber nicht weg, sondern es öffnet sich auch dieses Fenster von Combofix mit der Warnung. Mach ich was falsch? Habe versucht auch nach der Avira-Seite vorzugehen, aber ohne Erfolg. Ich kann übrigens im normalen Modus nicht die Registry aufrufen, im abgesicherten gehts. Habe GMER runtergeladen und laufen lassen. Nach der ersten Meldung hat er dann abgebrochen, weil du ja gesagt hast, ich soll nein klicken. Soll er keinen kompletten Scan machen? Hier ist das Log was bis dahin erstellt wurde: GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-03 10:50:48 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwEnumerateKey [0xF756CE2C] SSDT sptd.sys ZwEnumerateValueKey [0xF756D1BA] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 761caa00.sys Device \FileSystem\Ntfs \Ntfs 873641E8 Device \FileSystem\Fastfat \Fat 86FB57A0 AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip 761caa00.sys AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp 761caa00.sys AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp 761caa00.sys AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp 761caa00.sys ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\System32\drivers\761caa00.sys (*** hidden *** ) [SYSTEM] 761caa00 <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- An ein Update von ATI kann ich mich nicht erinnern, zumindest hab ich aktiv keins durchgeführt, automatisch weiß ich natürlich nich. Das mit der RettungsCD hab ich noch nicht durchgeführt, müsstest du mir nochmal genau erklären, was du mit der Bootreihenfolge meinst. Danke, Michael |
Du hast einiges an "Resten" auf den Rechner, onealarm, Symantec/Norton usw. Auch hast du AGP-Treiber von Via und SIS installiert, sowie Software von Seagate und western digital. Meldet Conbofix Aviras "Antivir" als schuldigen, oder generell ein AV-Programm... Erstelle bitte einmal eine uninstall liste mit Hijackthis Starte Hijackthis, waehle "Open the Misc Tools section", oeffne "Open Uninstall Manager", drücke dort "Save list...". Sobald die Liste gespeichert wird, öffnet sich ein Fenster mit den entsprechenden Eintraegen. Bitte diese auch in den eigenen Thread kopieren. |
Hallo, ah ich kriege noch Verstärkung, wie schön. Combofix meldet explizit AviraAntivirClassic als Schuldigen (und zwar direkt dreimal untereinander). Norton hatte ich mal ganz früher drauf, Seagate und Western Digital gehören zu meinen externen Festplatten, die sind also gewollt. Hier ist das Uninstalllog: 4shared Uploader 7-Zip 4.65 ACD/Labs Software 5 (C:\ACDFREE5) ACD/Labs Software in C:\Programme\ACDFREE11\ Adobe Download Manager 2.0 (Nur entfernen) Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Photoshop 7.0 Adobe Reader 7.0.8 - Deutsch Adobe Shockwave Player 11 AFPL Ghostscript 8.51 AFPL Ghostscript Fonts AGEIA PhysX v7.09.13 Air USB Utility Alcatech BPM Studio Professional v4.9.1 Antioch Anvil Studio Arensus Crossword Puzzle Editor 1.1.8 ATI - Dienstprogramm zur Deinstallation der Software ATI Control Panel ATI Display Driver ATI RADEON 9700 Bacteria Screen Saver v1.1 Audacity 1.2.6 AutostartAdministrator 2.0 AVI Splitter AviSynth 2.5 AVM FRITZ!Box Dokumentation AVM FRITZ!Box Druckeranschluss AVM FRITZ!WLAN Azureus BadCopy Pro blaxxun Contact Canon MP Navigator EX 2.0 CanoScan LiDE 200 Scanner Driver capella 2008 CCleaner (remove only) Computerkolleg Musik - Gehörbildung CUE Splitter dBpoweramp AAC Encoder dBpoweramp FLAC Codec dBpoweramp m4a Codec dBpoweramp m4a Utilities dBpoweramp Monkeys Audio Codec dBpoweramp mp3 (Fraunhofer IIS) Codec dBpoweramp Music Converter dBpoweramp Windows Media Audio 10 Codec Dell Solution Center Direct MIDI to MP3 Converter 1.1 Dolet for Finale Dolet Light for Finale 2006 DVD Decrypter (Remove Only) DVD Shrink 3.2 deutsch DVDSentry ElsterFormular 2007/2008 Eraser 5.82 EVEREST Home Edition v2.20 FairStars Audio Converter 1.55 Finale 2006 FlashGet 2.0 FLV Player 1.3.3 Free FLV Converter V 6.1.0 Free WMA to MP3 Converter 1.16 FreeAgent Go Tools GameDeviceDrivers (OEM) G-Force GNU Ghostscript 7.06 GNU Ghostscript Fonts GoldWave v5.06 Google Earth GrafStat Ausgabe 2006 GSview 4.7 Hardcopy (C:\Programme\Hardcopy) HDD Health v2.1 Beta HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix für Windows Internet Explorer 7 (KB947864) Hotfix für Windows Media Player 11 (KB939683) Hotfix für Windows XP (KB952287) ICQ6.5 IHMC CmapTools v4.09 ILLUSION BattleRaper2 Image Analyzer IncrediMail Xe Indeo® software Intel(R) PRO Ethernet Adapter and Software Intel(R) PROSet II IrfanView (remove only) iTunes J2SE Runtime Environment 5.0 Update 15 Java(TM) 6 Update 5 jetAudio Basic Joe KAT (remove only) K-Lite Codec Pack 2.69 Standard Lexmark Supplies Monitor Lexmark Z55 M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 Macromedia Dreamweaver MX 2004 Macromedia Dreamweaver UltraDev 4 Macromedia Extension Manager Macromedia Shockwave Player Magic ISO Maker v5.5 (build 0272) Malwarebytes' Anti-Malware Maple 7 Media Copy Messer v0.992 Microsoft .NET Framework (German) Microsoft .NET Framework (German) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 German Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Language Pack - deu Microsoft .NET Framework 3.5 Language Pack - DEU Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional mit FrontPage Microsoft Publisher 2002 Microsoft Reader Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows-Journal-Viewer Microsoft XML Parser und SDK Monkey's Audio Mozilla Firefox (3.0.5) MP3 Splitter & Joiner 3.27 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) Nero 7 Neuratron PhotoScore Neuratron PhotoScore Lite NIOC Service Nuclear Coffee - VideoGet 2.0.2.28 Trial O&O Defrag Professional Edition oggcodecs 0.71.0946 Opera 9.64 Orbit Downloader Orbital Viewer PC Inspector File Recovery PhotoFiltre PicGrab 2.7.9 Pinnacle TRex Postal 2 - Apocalypse Weekend Postal 2 - Share The Pain PowerDVD PowerISO PrimoPDF PrimoPDF Redistribution Package Python 2.3.3 QuickTime Alternative 2.5.1 RealPlayer Registrar Registry Manager 4.04 Reminder 99 SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile Composite Device Software Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio Samsung PC Studio 3 USB Driver Installer Sandboxie 3.30 Search Settings 1.2 Shareaza 2.4.0.0 Shizmoo Web Games (ICQ) Shutdown4U Sibelius 5 Sicherheitsupdate für Step by Step Interactive Training (KB898458) Sicherheitsupdate für Step by Step Interactive Training (KB923723) Sicherheitsupdate für Windows Internet Explorer 7 (KB928090) Sicherheitsupdate für Windows Internet Explorer 7 (KB929969) Sicherheitsupdate für Windows Internet Explorer 7 (KB931768) Sicherheitsupdate für Windows Internet Explorer 7 (KB933566) Sicherheitsupdate für Windows Internet Explorer 7 (KB937143) Sicherheitsupdate für Windows Internet Explorer 7 (KB938127) Sicherheitsupdate für Windows Internet Explorer 7 (KB939653) Sicherheitsupdate für Windows Internet Explorer 7 (KB942615) Sicherheitsupdate für Windows Internet Explorer 7 (KB944533) Sicherheitsupdate für Windows Internet Explorer 7 (KB950759) Sicherheitsupdate für Windows Internet Explorer 7 (KB953838) Sicherheitsupdate für Windows Internet Explorer 7 (KB956390) Sicherheitsupdate für Windows Internet Explorer 7 (KB958215) Sicherheitsupdate für Windows Internet Explorer 7 (KB960714) Sicherheitsupdate für Windows Internet Explorer 7 (KB961260) Sicherheitsupdate für Windows Internet Explorer 7 (KB963027) Sicherheitsupdate für Windows Media Encoder (KB954156) Sicherheitsupdate für Windows Media Player (KB952069) Sicherheitsupdate für Windows Media Player 10 (KB911565) Sicherheitsupdate für Windows Media Player 11 (KB936782) Sicherheitsupdate für Windows Media Player 11 (KB954154) Sicherheitsupdate für Windows XP (KB923561) Sicherheitsupdate für Windows XP (KB938464) Sicherheitsupdate für Windows XP (KB941569) Sicherheitsupdate für Windows XP (KB946648) Sicherheitsupdate für Windows XP (KB950760) Sicherheitsupdate für Windows XP (KB950762) Sicherheitsupdate für Windows XP (KB950974) Sicherheitsupdate für Windows XP (KB951066) Sicherheitsupdate für Windows XP (KB951376) Sicherheitsupdate für Windows XP (KB951376-v2) Sicherheitsupdate für Windows XP (KB951698) Sicherheitsupdate für Windows XP (KB951748) Sicherheitsupdate für Windows XP (KB952004) Sicherheitsupdate für Windows XP (KB952954) Sicherheitsupdate für Windows XP (KB953839) Sicherheitsupdate für Windows XP (KB954211) Sicherheitsupdate für Windows XP (KB954459) Sicherheitsupdate für Windows XP (KB954600) Sicherheitsupdate für Windows XP (KB955069) Sicherheitsupdate für Windows XP (KB956391) Sicherheitsupdate für Windows XP (KB956572) Sicherheitsupdate für Windows XP (KB956802) Sicherheitsupdate für Windows XP (KB956803) Sicherheitsupdate für Windows XP (KB956841) Sicherheitsupdate für Windows XP (KB957095) Sicherheitsupdate für Windows XP (KB957097) Sicherheitsupdate für Windows XP (KB958644) Sicherheitsupdate für Windows XP (KB958687) Sicherheitsupdate für Windows XP (KB958690) Sicherheitsupdate für Windows XP (KB959426) Sicherheitsupdate für Windows XP (KB960225) Sicherheitsupdate für Windows XP (KB960715) Sicherheitsupdate für Windows XP (KB960803) Sicherheitsupdate für Windows XP (KB961373) Signalgenerator SmartMusic Content (shared music files) SoulSeek Client 156c Sound Blaster Live! Soundforum Synth Steinberg Cubasis VST 4 Education SUPER © Version 2008.bld.30 (Mar 22, 2008) System Requirements Lab Tassman DXi SE 2.0 The Matrix Trilogy Screensaver 0.49 tonica 6.0 Trillian TrueCrypt Twelve UltraISO Premium V8.63 Unreal Tournament 2004 Update für Windows XP (KB951072-v2) Update für Windows XP (KB951978) Update für Windows XP (KB955839) Update für Windows XP (KB967715) VideoLAN VLC media player 0.8.6b VobSub v2.23 (Remove Only) VPN Client WD Anywhere Backup WD Diagnostics WD Drive Manager (x86) Westwood Shared Internet Components Wichtiges Update für Windows Media Player 11 (KB959772) WinAce Archiver 2.0 Window Topper 3.1 Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2) Windows Imaging Component Windows Live Messenger Windows Live Safety scanner Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Media Player 9 Series Winter Fun Pack Windows XP Service Pack 3 Windows-EasyTransfer WinHTTrack Website Copier 3.43-2 WinRAR Wireshark 1.0.5 WMPTagSupportExtender WZCBDL Service XML Paper Specification Shared Components Language Pack 1.0 XviD MPEG-4 Video Codec XviD MPEG4 Video Codec (remove only) Vg Michael |
Da ist schon einiges veraltes und auch Dinge die da nicht hin gehoeren, die Rechnerinstallation ist anscheinend recht alt. Frage ist, willst du, das wir da noch etwas mehr "rumfummeln", oder willst du bei der Anzahl an (ehemals?) vorhandener MAlware den Rechner lieber neuaufsetzen? Es geht mir hierhauptsaechlich nicht um die Malwaredateien, sondern um das, was die Malware bei dir im System geaendert hat... Deaktiviere Spybots teatimer, hake in Hijackthis bitte folgendes an und druecke fix checked: R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb 9\basic\avupgsvc.exe (file missing) O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\ starte neu und schaue, ob alle Eintraege verschwunden sind und ob du Antivir wieder installieren kannst... BTW: Meldet Spybot noch etwas? |
Hallo, hab noch mal die Einträge entfernt, die noch da waren, aber comboxfix beschwerte sich trotzdem. Hab Antivir mal wieder installiert, aber ich kann es aber wieder nicht starten. Vielleicht ist es tatsächlich dass sinnvollste, mal zu formatieren, hab mich bisjetzt verständlicherweise davor gedrückt ;-), aber wenn ich den Rechner (von 2002 oder 2003) noch ein paar Jahre nutzen will (hab ja noch den Laptop mit Vista) dann wär das sicher sinnvoll. (und würde auch euch etwas mühevolle Arbeit ersparen ;-) ). Was muss ich denn dann tun (außer meine Dateien zu sichern natürlich)? Vg Michael |
Hi, wir probieren noch was: System Reparieren: Lade Dir "Advanced Windowscare Professional" von folgender Adresse: http://www.iobit.com/advancedwindowscareper.html?Str=download Installieren auf Deutsch, Yahoo-Toolbar etc. abwählen. Erstelle einen Systemwiederherstellungspunkt (Start->Programme->Zubehör->Systemprogramme->Systemwiederherstellung->einen Wiederherstellungspunkt erstellen->weiter, Beschreibung ausdenken->Erstellen) oder lasse ihn automatisch erstellen. Führe dann einen Update der Signatur/Reperaturdateien aus. Lasse dann das gesamte System scannen und Bereinigen sowie Immunisieren. Damit werden einige Einträge wieder gerade gebogen, die von Trojaneren/Viren verbogen worden sind... Für Neuaufsetzen: http://www.trojaner-board.de/51262-anleitung-neuaufsetzen-des-systems-absicherung.html chris |
Hallo, ja hab ich gemacht. Trotzdem findet MAM immer noch ein paar Dinge. Malwarebytes' Anti-Malware 1.37 Datenbank Version: 2185 Windows 5.1.2600 Service Pack 3 05.06.2009 14:56:34 mbam-log-2009-06-05 (14-56-34).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 275114 Laufzeit: 2 hour(s), 18 minute(s), 6 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\SYSTEM32\ACTIVEDSo.dll (Trojan.Vundo) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\SYSTEM32\ACTIVEDSo.dll (Trojan.Vundo) -> Delete on reboot. c:\system volume information\_restore{0ff17727-9f83-4d7c-919c-3a3eac40f985}\RP644\A0229279.exe (Trojan.Banker) -> Quarantined and deleted successfully. Als Laie würd ich jetzt meinen, das fettgedruckte hat was damit zu tun, dass ich immer noch nicht Antivir richtig weg oder richtig drauf bekomme, also ich denke es ist deinstalliert, aber das Windows Sicherheitscenter zeigt halt die ganze Zeit an, dass ein Antivirenprogramm aktiv ist. Hast du noch ne Idee, wie man ändern kann? Sonst mach ich das auch mit dem Neuaufsetzen. Vg, Michael |
Ok, also dann erstmal ein großes Dankeschön für eure Hilfe, ich meld mich nochmal, falls ich nach dem Neuaufsetzen noch Probleme haben sollte. Vg Michael |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 22:07 Uhr. |
Copyright ©2000-2024, Trojaner-Board