Ladebalken bei Vista nicht mehr animiert!!!

#0
18.05.2008, 14:30
Member

Beiträge: 16
#1 Hallo Leute,
ich habe seit einiger Zeit das Problem,dass bei Vista beim Downloaden oder sonst noch was der Ladebalken nicht animiert ist (keine Lichteffekte von links nach rechts).
Ich denke mal ich habe irgendetwas ausversehen deinstalliert.
Hilft mir bitteeee!!!

Hier zur Hilfe ein Logfile meines Computers:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:09, on 18.05.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\WirelessBooster\WBTray.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = T-online.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll
O2 - BHO: {3b39efd5-b178-0418-e264-6dd9ad8f25d3} - {3d52f8da-9dd6-462e-8140-871b5dfe93b3} - C:\Windows\system32\kurckpml.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: WirelessBooster Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\WIRELE~2\TweakBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TweakMASTER] C:\PROGRA~1\WIRELE~2\WBTray.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: SYSTRAN Suche - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Übersetzen - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197469799284
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-de.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Franzis\Alcohol Virtual CD + DVD\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe

--
End of file - 11675 bytes
Seitenanfang Seitenende
18.05.2008, 19:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 mit dem Löschen der Viren siehe:
http://board.protecus.de/t33641.htm
ist das Problem behoben ?

wende vistascan an + poste den report
http://virus-protect.org/artikel/tools/windowsscan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.05.2008, 13:55
Member

Themenstarter

Beiträge: 16
#3 Ja,das Problem ist behoben. ;)
Also das mit den Viren!

Dieses Problem mit den Ladebalken NOCH nicht!

Hier ist der Vistascan wie gewüscht:


Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\Windows *****
***** ***** ***** ***** *****

19.05.2008 WindowsUpdate.log 13 45:16.174
19.05.2008 ntbtlog.txt 13 39:19.202
19.05.2008 bootstat.dat 13 38:67.584
19.05.2008 PFRO.log 13 38:980
18.05.2008 bthservsdp.dat 21 04:12
18.05.2008 NeroDigital.ini 20 46:69
18.05.2008 system.ini 13 58:227
System 15.05.2008 Critical 17 58:110.592
09.05.2008 QTFont.qfn 15 46:54.156
02.05.2008 win.ini 11 01:683
08.04.2008 QTFont.for 15 41:1.409
30.03.2008 WINHLP32.DL2 12 41:76
30.03.2008 Setup1.exe 12 40:266.240
30.03.2008 temp.000 12 40:74.752
25.03.2008 AW_XenoMorph1280.bmp 21 16:3.932.214
22.03.2008 .wb4 14 25:29
21.03.2008 hpqins13.dat 18 10:111.361
18.03.2008 WindowsShell.Manifest 22 23:749
18.03.2008 SPInstall.etl 21 34:458.752
11.03.2008 awshkwv.ini 20 13:4.479
08.03.2008 videoimp.ini 16 24:598
02.03.2008 WB.ini 18 18:72
21.02.2008 winshell.dat 16 12:227
19.02.2008 BeatBox.INI 13 00:381
19.02.2008 Robota.INI 13 00:28
19.02.2008 mgxoschk.ini 12 34:6.768
16.02.2008 ATKPF.ini 17 02:24


Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\Windows\system32 *****
***** ***** ***** ***** *****

19.05.2008 libsyslic1.ls 13 50:192
19.05.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 13 38:3.296
19.05.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 13 38:3.296
19.05.2008 oodbs.lor 13 38:439.288
18.05.2008 acovcnt.exe 13 58:45.056
18.05.2008 bkbfuvws.dll 13 28:124.928
18.05.2008 hgGvwtsT.dll 13 28:371.712
18.05.2008 jvqaxmry.dll 10 42:124.928
18.05.2008 kurckpml.dll 09 45:134.144
18.05.2008 shajukuy.dll 09 40:125.952
18.05.2008 RVAXO.bat 09 31:822.241
17.05.2008 qojlgjgc.dll 20 52:134.144
17.05.2008 vbwysolo.dll 20 50:125.952
17.05.2008 jphludom.dll 19 46:125.952
17.05.2008 ygxubdlt.dll 18 26:125.952
17.05.2008 vdmpuvvk.dll 17 11:125.952
17.05.2008 bnufehkc.dll 15 32:125.952
17.05.2008 krhvtdcu.dll 14 08:125.952
17.05.2008 xngnbpaf.dll 12 11:125.952
17.05.2008 ryhcqmwf.dll 10 45:125.952
17.05.2008 perfh009.dat 10 19:598.850
17.05.2008 perfc009.dat 10 19:106.120
17.05.2008 perfh007.dat 10 19:632.408
17.05.2008 perfc007.dat 10 19:128.422
17.05.2008 PerfStringBackup.INI 10 19:1.456.198
17.05.2008 yfelwtgo.dll 10 12:125.952
17.05.2008 ceyqejvy.dll 09 52:135.680
17.05.2008 mdvgtodb.dll 09 40:125.952
16.05.2008 vvqffwox.dll 20 15:135.680
16.05.2008 jxixebsu.dll 20 09:125.952
16.05.2008 axkkilwy.dll 20 08:125.952
16.05.2008 rslnykwk.dll 18 03:135.680
16.05.2008 fsfiigdi.dll 17 53:125.952
16.05.2008 fclopfsy.dll 17 52:125.952
16.05.2008 fjfhilox.dll 17 29:135.680
16.05.2008 cpgpkebf.dll 17 14:125.952
16.05.2008 emrmoyfs.dll 16 23:135.680
16.05.2008 ceescwsk.dll 16 17:125.952
15.05.2008 eFwwwvSj.dll 17 20:59.904
09.05.2008 mrt.exe 23 35:16.863.864
04.05.2008 libsyslic1.pd 20 01:170.432
04.05.2008 iconv.dll 20 01:878.080
04.05.2008 libxslt.dll 20 01:150.016
04.05.2008 libxml2.dll 20 01:721.920
04.05.2008 libexslt.dll 20 01:51.200
28.04.2008 wbsys.dll 11 35:42.672
28.04.2008 wbload.dll 11 34:58.792


***** ***** ***** ***** *****
***** Scanning C:\Windows\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

127.0.0.1 localhost



***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****


Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 4.296 K
smss.exe 568 Services 0 740 K
csrss.exe 644 Services 0 5.016 K
wininit.exe 684 Services 0 3.916 K
csrss.exe 696 Console 1 7.448 K
winlogon.exe 732 Console 1 5.708 K
services.exe 776 Services 0 7.004 K
lsass.exe 788 Services 0 2.236 K
lsm.exe 800 Services 0 3.836 K
svchost.exe 932 Services 0 6.676 K
svchost.exe 992 Services 0 6.960 K
svchost.exe 1140 Services 0 10.796 K
svchost.exe 1168 Services 0 34.476 K
LVPrcSrv.exe 1184 Services 0 4.116 K
svchost.exe 1240 Services 0 61.556 K
audiodg.exe 1312 Services 0 17.724 K
SLsvc.exe 1344 Services 0 9.984 K
svchost.exe 1376 Services 0 12.620 K
VistaSrv.exe 1528 Services 0 3.556 K
WBVista.exe 1548 Console 1 3.504 K
svchost.exe 1656 Services 0 20.448 K
ASLDRSrv.exe 1832 Services 0 3.316 K
dwm.exe 1864 Console 1 35.760 K
spoolsv.exe 1920 Services 0 10.364 K
explorer.exe 1944 Console 1 54.800 K
CCSVCHST.EXE 1952 Services 0 3.912 K
HControl.exe 1056 Console 1 7.420 K
wcourier.exe 1116 Console 1 5.540 K
BatteryLife.exe 1204 Console 1 4.084 K
ACMON.exe 1304 Console 1 6.620 K
ACEngSvr.exe 1648 Console 1 7.972 K
svchost.exe 380 Services 0 9.508 K
ATKOSD.exe 2312 Console 1 4.788 K
RtHDVCpl.exe 2396 Console 1 7.824 K
UnlockerAssistant.exe 2516 Console 1 3.196 K
Apoint.exe 2536 Console 1 6.628 K
ApMsgFwd.exe 2588 Console 1 2.836 K
WBTray.exe 2628 Console 1 764 K
TweakRAM.exe 2640 Console 1 11.708 K
ISUSPM.exe 2648 Console 1 6.760 K
rundll32.exe 2692 Console 1 4.492 K
CCSVCHST.EXE 2700 Console 1 2.040 K
AppleMobileDeviceService. 2860 Services 0 3.420 K
mDNSResponder.exe 2876 Services 0 4.808 K
svchost.exe 2904 Services 0 3.404 K
svchost.exe 2936 Services 0 7.996 K
LSSrvc.exe 2956 Services 0 3.364 K
LVComSer.exe 2980 Services 0 6.112 K
NBService.exe 3092 Services 0 7.420 K
LVComSer.exe 3116 Console 1 6.164 K
svchost.exe 3132 Services 0 2.992 K
oodag.exe 3168 Services 0 8.120 K
svchost.exe 3236 Services 0 2.832 K
SatSrv.exe 3256 Services 0 4.252 K
StarWindService.exe 3324 Services 0 4.016 K
ApntEx.exe 3332 Console 1 4.056 K
svchost.exe 3360 Services 0 7.452 K
SearchIndexer.exe 3400 Services 0 20.704 K
hidfind.exe 3460 Console 1 3.956 K
Apvfb.exe 3532 Console 1 4.564 K
unsecapp.exe 2176 Console 1 5.320 K
WmiPrvSE.exe 1600 Services 0 5.844 K
wmpnscfg.exe 4084 Console 1 5.724 K
wmpnetwk.exe 1996 Services 0 20.972 K
uTorrent.exe 1268 Console 1 16.944 K
Safari.exe 828 Console 1 76.856 K
AluSchedulerSvc.exe 1424 Services 0 1.948 K
TrustedInstaller.exe 1280 Services 0 8.576 K
symlcsvc.exe 3344 Services 0 1.300 K
SearchProtocolHost.exe 5328 Services 0 9.464 K
SearchFilterHost.exe 5440 Services 0 5.232 K
cmd.exe 5664 Console 1 3.900 K
tasklist.exe 1352 Console 1 5.092 K
WmiPrvSE.exe 5008 Services 0 6.132 K



Microsoft Windows [Version 6.0.6001]


http://www.paules-pc-forum.de
***** Malware Team *****


***** Ende des Scans 19.05.2008 um 13:51:46,68 ***
Seitenanfang Seitenende
19.05.2008, 14:46
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Cool_Boy_007

http://virus-protect.org/artikel/tools/otmoveIt.html
öffne: OTMoveIt.exe

OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\Windows\awshkwv.ini
C:\Windows\system32\acovcnt.exe
C:\Windows\system32\bkbfuvws.dll
C:\Windows\system32\hgGvwtsT.dll
C:\Windows\system32\jvqaxmry.dll
C:\Windows\system32\kurckpml.dll
C:\Windows\system32\shajukuy.dll
C:\Windows\system32\qojlgjgc.dll
C:\Windows\system32\vbwysolo.dll
C:\Windows\system32\jphludom.dll
C:\Windows\system32\ygxubdlt.dll
C:\Windows\system32\vdmpuvvk.dll
C:\Windows\system32\bnufehkc.dll
C:\Windows\system32\krhvtdcu.dll
C:\Windows\system32\xngnbpaf.dll
C:\Windows\system32\ryhcqmwf.dll
C:\Windows\system32\yfelwtgo.dll
C:\Windows\system32\ceyqejvy.dll
C:\Windows\system32\mdvgtodb.dll
C:\Windows\system32\vvqffwox.dll
C:\Windows\system32\jxixebsu.dll
C:\Windows\system32\axkkilwy.dll
C:\Windows\system32\rslnykwk.dll
C:\Windows\system32\fsfiigdi.dll
C:\Windows\system32\fclopfsy.dll
C:\Windows\system32\fjfhilox.dll
C:\Windows\system32\cpgpkebf.dll
C:\Windows\system32\emrmoyfs.dll
C:\Windows\system32\ceescwsk.dll
C:\Windows\system32\eFwwwvSj.dll
Klicke auf den Roten MoveIt!
«
poste, was rechts im fenster erscheint

««
wende noch mal combofix an + poste den report
http://virus-protect.org/artikel/tools/combofix.html
+
ein neues Log vom HijackThis
http://virus-protect.org/hjtkurz.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.05.2008, 15:07
Member

Themenstarter

Beiträge: 16
#5 [color="red"]Hier der Report von OTMove:[/color]

C:\Windows\awshkwv.ini moved successfully.
C:\Windows\system32\acovcnt.exe moved successfully.
LoadLibrary failed for C:\Windows\system32\bkbfuvws.dll
C:\Windows\system32\bkbfuvws.dll NOT unregistered.
C:\Windows\system32\bkbfuvws.dll moved successfully.
LoadLibrary failed for C:\Windows\system32\hgGvwtsT.dll
C:\Windows\system32\hgGvwtsT.dll NOT unregistered.
C:\Windows\system32\hgGvwtsT.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\jvqaxmry.dll
C:\Windows\system32\jvqaxmry.dll NOT unregistered.
C:\Windows\system32\jvqaxmry.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\kurckpml.dll
C:\Windows\system32\kurckpml.dll NOT unregistered.
C:\Windows\system32\kurckpml.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\shajukuy.dll
C:\Windows\system32\shajukuy.dll NOT unregistered.
C:\Windows\system32\shajukuy.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\qojlgjgc.dll
C:\Windows\system32\qojlgjgc.dll NOT unregistered.
C:\Windows\system32\qojlgjgc.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\vbwysolo.dll
C:\Windows\system32\vbwysolo.dll NOT unregistered.
C:\Windows\system32\vbwysolo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\jphludom.dll
C:\Windows\system32\jphludom.dll NOT unregistered.
C:\Windows\system32\jphludom.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ygxubdlt.dll
C:\Windows\system32\ygxubdlt.dll NOT unregistered.
C:\Windows\system32\ygxubdlt.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\vdmpuvvk.dll
C:\Windows\system32\vdmpuvvk.dll NOT unregistered.
C:\Windows\system32\vdmpuvvk.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\bnufehkc.dll
C:\Windows\system32\bnufehkc.dll NOT unregistered.
C:\Windows\system32\bnufehkc.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\krhvtdcu.dll
C:\Windows\system32\krhvtdcu.dll NOT unregistered.
C:\Windows\system32\krhvtdcu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\xngnbpaf.dll
C:\Windows\system32\xngnbpaf.dll NOT unregistered.
C:\Windows\system32\xngnbpaf.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ryhcqmwf.dll
C:\Windows\system32\ryhcqmwf.dll NOT unregistered.
C:\Windows\system32\ryhcqmwf.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\yfelwtgo.dll
C:\Windows\system32\yfelwtgo.dll NOT unregistered.
C:\Windows\system32\yfelwtgo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ceyqejvy.dll
C:\Windows\system32\ceyqejvy.dll NOT unregistered.
C:\Windows\system32\ceyqejvy.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\mdvgtodb.dll
C:\Windows\system32\mdvgtodb.dll NOT unregistered.
C:\Windows\system32\mdvgtodb.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\vvqffwox.dll
C:\Windows\system32\vvqffwox.dll NOT unregistered.
C:\Windows\system32\vvqffwox.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\jxixebsu.dll
C:\Windows\system32\jxixebsu.dll NOT unregistered.
C:\Windows\system32\jxixebsu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\axkkilwy.dll
C:\Windows\system32\axkkilwy.dll NOT unregistered.
C:\Windows\system32\axkkilwy.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\rslnykwk.dll
C:\Windows\system32\rslnykwk.dll NOT unregistered.
C:\Windows\system32\rslnykwk.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\fsfiigdi.dll
C:\Windows\system32\fsfiigdi.dll NOT unregistered.
C:\Windows\system32\fsfiigdi.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\fclopfsy.dll
C:\Windows\system32\fclopfsy.dll NOT unregistered.
C:\Windows\system32\fclopfsy.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\fjfhilox.dll
C:\Windows\system32\fjfhilox.dll NOT unregistered.
C:\Windows\system32\fjfhilox.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\cpgpkebf.dll
C:\Windows\system32\cpgpkebf.dll NOT unregistered.
C:\Windows\system32\cpgpkebf.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\emrmoyfs.dll
C:\Windows\system32\emrmoyfs.dll NOT unregistered.
C:\Windows\system32\emrmoyfs.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ceescwsk.dll
C:\Windows\system32\ceescwsk.dll NOT unregistered.
C:\Windows\system32\ceescwsk.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\eFwwwvSj.dll
C:\Windows\system32\eFwwwvSj.dll NOT unregistered.
C:\Windows\system32\eFwwwvSj.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05192008_150205[/u]

[color="red"]Hier ist der Report von ComboFix:[/color]

((((((((((((((((((((((( Dateien erstellt von 2008-04-19 bis 2008-05-19 ))))))))))))))))))))))))))))))
.

2008-05-19 15:08 . 2008-05-19 15:08 0 --ah----- C:\Users\Default\ntuser.dat.LOG2
2008-05-19 15:02 . 2008-05-19 15:02 <DIR> d-------- C:\_OTMoveIt
2008-05-18 12:21 . 2008-05-18 12:21 <DIR> d-------- C:\Program Files\UnscramblerRC
2008-05-18 11:06 . 2008-05-18 15:57 <DIR> d-------- C:\The.Legend.Of.Zelda.Twilight.Princess.WII.Pal.[WwW.LoKoTorrents.CoM]
2008-05-18 10:51 . 2008-05-18 10:51 <DIR> d-------- C:\Users\Rami\AppData\Roaming\Malwarebytes
2008-05-18 10:51 . 2008-05-18 10:51 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-18 10:49 . 2008-01-19 09:34 888,320 --a------ C:\Windows\System32\jkkIaxvw.dll
2008-05-18 10:43 . 2008-05-18 09:31 822,241 --a------ C:\Windows\System32\RVAXO.bat
2008-05-18 10:43 . 2001-10-01 14:51 69,632 --a------ C:\Windows\System32\remove.exe
2008-05-17 21:16 . 2008-05-17 21:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 18:47 . 2008-05-17 18:47 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-17 14:49 . 2008-05-17 14:49 7,680 --a------ C:\Windows\System32\drivers\RKL7677.tmp.sys
2008-05-15 17:58 . 2008-05-15 17:58 <DIR> d-------- C:\Users\Rami\AppData\Roaming\Screeq.com
2008-05-15 17:58 . 2008-05-15 17:58 110,592 --a------ C:\Windows\Critical System Error.scr
2008-05-04 20:13 . 2008-05-04 20:13 <DIR> d-------- C:\Users\Rami\AppData\Roaming\SYSTRAN
2008-05-04 20:01 . 2008-05-04 20:01 <DIR> d-------- C:\Program Files\SYSTRAN
2008-05-04 20:01 . 2008-05-04 20:01 170,432 --a------ C:\Windows\System32\libsyslic1.pd
2008-05-04 20:01 . 2008-05-19 13:50 192 --a------ C:\Windows\System32\libsyslic1.ls
2008-05-04 20:00 . 2007-03-14 01:57 144,896 -ra------ C:\Windows\System32\libsyslic1.original.dll
2008-05-04 20:00 . 2007-03-14 14:59 144,896 --a------ C:\Windows\System32\libsyslic1.dll
2008-05-04 19:46 . 2008-05-04 20:01 878,080 --a------ C:\Windows\System32\iconv.dll
2008-05-04 19:46 . 2008-05-04 20:01 721,920 --a------ C:\Windows\System32\libxml2.dll
2008-05-04 19:46 . 2008-05-04 20:01 150,016 --a------ C:\Windows\System32\libxslt.dll
2008-05-04 19:46 . 2008-05-04 20:01 51,200 --a------ C:\Windows\System32\libexslt.dll
2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-05-02 16:29 . 2008-05-02 16:30 <DIR> d-------- C:\Program Files\TweakRAM
2008-05-02 12:19 . 2008-05-03 21:52 <DIR> d-------- C:\ProgramData\PT2008
2008-05-02 12:15 . 2008-05-02 12:15 <DIR> d-------- C:\Program Files\linguatec
2008-05-02 10:57 . 2008-05-02 10:57 <DIR> d-------- C:\Users\Rami\AppData\Roaming\uk.co.planetside
2008-05-02 10:48 . 2007-02-28 13:00 108,752 --a------ C:\Windows\System32\drivers\dptrackerd.sys
2008-05-01 18:42 . 2008-05-01 18:42 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-05-01 18:42 . 2008-05-01 18:42 126,062 --a------ C:\ProgramData\LuUninstall.LiveUpdate
2008-04-28 11:35 . 2008-04-28 11:35 42,672 --a------ C:\Windows\System32\wbsys.dll
2008-04-28 11:34 . 2008-04-28 11:34 58,792 --a------ C:\Windows\System32\wbload.dll
2008-04-23 14:32 . 2008-04-23 14:32 19,968 --a------ C:\Windows\System32\CPUINF32.DLL
2008-04-22 15:29 . 2008-04-22 15:29 <DIR> d-------- C:\Program Files\Apple Software Update
7 Datei(en), . 1,639,424 C:\ComboFix\Bytes
7 Datei(en), . 341,761 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 13:08 --------- d-----w C:\Users\Rami\AppData\Roaming\uTorrent
2008-05-19 12:50 --------- d-----w C:\Users\Rami\AppData\Roaming\DivX
2008-05-19 11:57 --------- d-----w C:\ProgramData\Symantec
2008-05-18 18:53 --------- d-----w C:\Program Files\Google
2008-05-18 10:47 --------- d-----w C:\ProgramData\Stardock
2008-05-18 08:38 12,978 ----a-w C:\Users\Rami\AppData\Roaming\nvModes.dat
2008-05-17 14:06 --------- d--h--w C:\Program Files\win32GI
2008-05-15 14:48 --------- d-----w C:\Program Files\English Bid for Power Final 2.5
2008-05-15 14:46 81,920 ----a-w C:\Users\Rami\AppData\Roaming\ezpinst.exe
2008-05-15 14:46 47,360 ----a-w C:\Users\Rami\AppData\Roaming\pcouffin.sys
2008-05-14 20:33 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 20:33 --------- d-----w C:\Program Files\Windows Mail
2008-05-04 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 09:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-02 09:13 --------- d-----w C:\Program Files\DivX
2008-05-01 16:47 --------- d-----w C:\Users\Rami\AppData\Roaming\UpdateStar
2008-04-30 18:24 --------- d-----w C:\Program Files\Common Files\Stardock
2008-04-22 13:32 --------- d-----w C:\Program Files\Safari
2008-04-13 14:17 --------- d-----w C:\Users\Rami\AppData\Roaming\CamTrack
2008-04-13 11:44 --------- d-----w C:\Program Files\Bomberman Online International
2008-04-12 16:19 --------- d-----w C:\Program Files\ECOM
2008-04-09 18:55 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-08 14:29 --------- d-----w C:\Program Files\biu software
2008-04-08 13:40 --------- d-----w C:\Program Files\iTunes
2008-04-08 13:40 --------- d-----w C:\Program Files\iPod
2008-04-08 13:37 --------- d-----w C:\Program Files\QuickTime
2008-04-02 10:34 --------- d-----w C:\Program Files\Common Files\Real
2008-04-01 12:37 --------- d-----w C:\ProgramData\Ashampoo
2008-04-01 12:37 --------- d-----w C:\Program Files\Ashampoo
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-31 11:47 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-30 10:40 266,240 ------w C:\Windows\Setup1.exe
2008-03-28 07:23 89,088 ----a-w C:\Windows\System32\atl71.dll
2008-03-28 07:23 348,160 ----a-w C:\Windows\System32\msvcr71.dll
2008-03-26 04:48 766,464 ----a-w C:\Windows\system32\drivers\athr.sys
2008-03-25 19:21 15,819,776 ----a-w C:\Windows\System32\imageres.dll
2008-03-25 19:16 --------- d-----w C:\Program Files\Stardock
2008-03-25 11:09 --------- d-----w C:\Program Files\LANGMaster
2008-03-25 11:04 --------- d-----w C:\Users\Rami\AppData\Roaming\Apple Computer
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-21 16:42 --------- d-----w C:\Program Files\Unlocker
2008-03-21 16:08 --------- d-----w C:\Program Files\HP
2008-03-21 16:08 --------- d-----w C:\Program Files\Common Files\HP
2008-03-21 15:59 --------- d-----w C:\Program Files\Registry Clean Expert
2008-03-21 14:37 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-21 14:35 23,600 ----a-w C:\Windows\system32\drivers\TVICHW32.SYS
2008-03-19 16:34 --------- d-----w C:\Program Files\Lavalys
2008-03-18 20:23 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 19:40 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-18 19:40 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-18 19:14 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-18 19:14 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-03-09 17:06 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll
2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 14:12 64,512 ---ha-w C:\Users\Rami\AppData\Roaming\dach100.dll
2008-01-08 12:48 19,970,080 --sha-w C:\Windows\System32\drivers\fidbox(494).dat
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1427A821-7B93-4F08-9A34-9FA03A3D93DB}]
2008-01-24 15:28 20480 --a------ C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d52f8da-9dd6-462e-8140-871b5dfe93b3}]
C:\Windows\system32\kurckpml.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 05:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 16:25 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 05:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 05:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2008-05-01 18:29 1188352]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-12 03:22 155648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-19 08:18 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-19 08:18 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-19 08:18 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"TweakMASTER"="C:\PROGRA~1\WIRELE~2\WBTray.exe" [2004-10-22 19:25 289280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2008-03-18 12:54 237304 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2950956674-1511352922-1959501381-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{776CB5CB-7464-453C-9048-FF1FEC2215C9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C7CC161F-919C-443C-847F-D144F8187922}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{980CEF90-3F97-41A7-A5E0-EF453B5F7E87}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2594C54A-15CA-46D3-A3F6-AB367F27A3AB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BF467EB8-3433-4E9E-8BFB-13D687EC3DD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7D48E3B1-FF9A-41D1-A9E3-65947B88E278}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{3A647768-5BD3-4B42-BF15-B50D25322241}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{C3BE30D5-98DF-42D9-9496-164D062E6FC1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9A27BBB0-CAFC-4C36-BAE5-53733D8EBEFA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{11AEB937-2E4B-4D25-B26D-5DD95E9FAAA2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{60AA735D-7DE6-4BB0-9213-499D3D863C14}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{8B28F700-6E39-42FD-9C43-CCC357335392}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{774F68A3-5766-4608-916A-EEAF637A5BDD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5C53FD9A-3F28-4425-8C8F-12FC3429B9BF}"= UDP:C:\Program Files\concept design\onlineTV 3\onlineTV.exe:onlineTV
"{C4B6E261-7E95-4B23-9C74-25E6D9617B56}"= TCP:C:\Program Files\concept design\onlineTV 3\onlineTV.exe:onlineTV
"{FB65CBF5-7D06-4696-B39A-684A3D98172B}"= UDP:C:\Program Files\concept design\onlineTV 3\onlineTV.exe:onlineTV
"{5863D3E1-1C27-449A-B7C0-A79EAB574FDC}"= TCP:C:\Program Files\concept design\onlineTV 3\onlineTV.exe:onlineTV
"{5F221400-0E7A-4347-875E-8BFE0F731BE3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{67008D86-1285-4017-9AC7-B8635AFD245C}"= UDP:C:\Users\Rami\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3E6E95D7-04FB-48E0-9299-722A4A1A8719}"= TCP:C:\Users\Rami\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C4CACF2D-1760-4905-9C6C-D0B9C431DC93}"= UDP:C:\Users\Rami\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A17C6042-17A8-4CE2-8A8B-04DBDB94855B}"= TCP:C:\Users\Rami\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{D0EBBA02-89C7-4A9C-9C66-3DCDDDF7DFCA}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{326D82C2-1B0A-4696-92A8-482B45FF2977}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{2A1425FD-108C-4030-85DB-0B4826A0A608}C:\\program files\\bomberman online international\\bomberman.exe"= UDP:C:\program files\bomberman online international\bomberman.exe:BomberMan
"UDP Query User{FBAE91EE-2A2A-4596-9824-D685CAAA40AB}C:\\program files\\bomberman online international\\bomberman.exe"= TCP:C:\program files\bomberman online international\bomberman.exe:BomberMan
"{301999B2-75A5-44EE-87D8-97875DCD5ABA}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{8EE25307-0A99-4F56-A79B-3011BEF92C4E}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{308638EA-3E99-4040-B851-635C057C886F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{FD82A54C-4840-49FF-BD41-A155497E849B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{36CFB532-7DAB-4046-BF81-02D814A312A1}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{7F181C76-80EE-46F2-8E64-BA6D4308EA19}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A08FE072-92CF-4FFF-AC85-D394A0407CFD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{68D24C4D-AAFB-40E6-8944-32B29D6AA50C}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5CADE9B3-C747-4844-B67D-1A4B373C9435}"= Disabled:UDP:C:\Users\Rami\Desktop\IncMail.exe:IncrediMail
"{77ABC664-16BA-44AD-B6F6-F29CC94D873B}"= Disabled:TCP:C:\Users\Rami\Desktop\IncMail.exe:IncrediMail
"{3BCE2A10-DF7C-4A23-BFDE-1971B8630E9D}"= Disabled:UDP:C:\Users\Rami\Desktop\IncrediMail\IncMail.exe:IncrediMail
"{58D1BC36-BE90-4722-ADEA-50301E5F4513}"= Disabled:TCP:C:\Users\Rami\Desktop\IncrediMail\IncMail.exe:IncrediMail
"{8DAF79E7-8428-44C6-BFF6-FAA7B4F90502}"= Disabled:UDP:C:\Users\Rami\Desktop\IncrediMail\IncMail.exe:IncrediMail
"{20309383-C384-4F98-991F-4BFE22DD7151}"= Disabled:TCP:C:\Users\Rami\Desktop\IncrediMail\IncMail.exe:IncrediMail
"{9797C5EE-6D0C-48EB-8AF2-7B8FEAFBFD8E}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{B3F4F347-67EC-48E8-B730-FB565007495E}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5FEAD773-3B42-4066-96CC-50F9F248A6B5}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{8DF112B4-D4E0-4189-911E-51A74DB23109}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{19AADB8E-37DD-4F8F-958A-E75580B4ACD2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{ED4F9E10-5F6F-42A1-8016-77325FB4B506}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{0B46721F-7C13-42B4-B53A-5E414777E365}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{D2E554E9-911B-4A32-A887-59B1C8C08DEC}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"TCP Query User{8DBF9701-6F56-485B-A1F8-3ABE95510624}C:\\windows\\system32\\oaszzh.exe"= UDP:C:\windows\system32\oaszzh.exe:oaszzh
"UDP Query User{C7CA07AA-83EC-4115-8A9D-A3A6F7E194B0}C:\\windows\\system32\\oaszzh.exe"= TCP:C:\windows\system32\oaszzh.exe:oaszzh
"TCP Query User{B867EFFD-EC4A-4EF1-844B-75A5066434F2}C:\\users\\rami\\desktop\\worms 4 mayhem.exe"= UDP:C:\users\rami\desktop\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{9DEC3E6E-C605-4F24-914B-5EBB7465481A}C:\\users\\rami\\desktop\\worms 4 mayhem.exe"= TCP:C:\users\rami\desktop\worms 4 mayhem.exe:worms 4 mayhem.exe
"{4F613C21-340D-4115-80C9-F0C2627E9D09}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{D63399A3-8EBF-468A-9308-88718CAB6438}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{652B9A36-1141-4576-8E18-74AE2F1019DB}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{E2EA7131-1662-4BA2-839C-1E8944B12630}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{FAD07197-0285-4721-B68C-7698B1C0E61C}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{078ACFB3-2B6C-4309-BC28-9972259D4790}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{49F3DFFF-F285-4685-BF93-15D64CAD2D02}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{C2ADAE8E-D5B2-4D42-B8FB-777BE870322E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BFF4718A-9C45-4F03-8B30-FA86A870E8DC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C2A29D44-2794-4C87-A7A8-AC4FF04F0571}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AAB8EB5E-F16A-47B6-93C1-C60D2407752F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1D1F8801-8AAE-489D-9F76-37D00386A2D4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C8BCC5D5-FA7B-43D6-9813-BFC9917898CC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080512.002\IDSvix86.sys [2008-02-13 18:18]
R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];C:\Windows\system32\drivers\Sleen16.sys [2007-10-11 13:24]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-19 09:33]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 06:48]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 22:50]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 00:37]
S3 AntiAries;Anti Aries Helper Driver;C:\Windows\System32\drivers\RKL7677.tmp.sys [2008-05-17 14:49]
S3 CAM1690;USB PC Camera;C:\Windows\system32\Drivers\cam1690.sys [2007-11-21 17:35]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-03-09 19:06]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Inhalt des "geplante Tasks" Ordners
"2008-05-18 08:36:48 C:\Windows\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-03-31 18:00:08 C:\Windows\Tasks\Norton Internet Security Online - Systemprüfung ausführen - Rami.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-17 18:40:20 C:\Windows\Tasks\User_Feed_Synchronization-{55BC94FE-2A34-4708-ADFB-9287CD596A8F}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-17 15:22:21 C:\Windows\Tasks\Vista Manager Live Update.job"
- C:\Program Files\Yamicsoft\Vista Manager\LiveUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 15:13:20
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Zeit der Fertigstellung: 2008-05-19 15:15:04
ComboFix-quarantined-files.txt 2008-05-19 13:14:34

11 Verzeichnis(se), 15,845,433,344 Bytes frei
17 Verzeichnis(se), 15,703,019,520 Bytes frei

324 --- E O F --- 2008-05-19 11:45:44


[color="red"]Hier ist der Report von HijackThis:[/color]


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:32, on 19.05.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\WirelessBooster\WBTray.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = T-online.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll
O2 - BHO: {3b39efd5-b178-0418-e264-6dd9ad8f25d3} - {3d52f8da-9dd6-462e-8140-871b5dfe93b3} - C:\Windows\system32\kurckpml.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: WirelessBooster Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\WIRELE~2\TweakBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TweakMASTER] C:\PROGRA~1\WIRELE~2\WBTray.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: SYSTRAN Suche - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Übersetzen - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197469799284
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-de.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Franzis\Alcohol Virtual CD + DVD\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe

--
End of file - 11690 bytes

Hier sind alle Berichte ,die du brauchst. ;) Danke im Vorraus für deine Hilfe.
Dieser Beitrag wurde am 19.05.2008 um 15:22 Uhr von Cool_Boy_007 editiert.
Seitenanfang Seitenende
20.05.2008, 00:41
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 ««

1.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

O2 - BHO: {3b39efd5-b178-0418-e264-6dd9ad8f25d3}{3d52f8da-9dd6-462e-8140-871b5dfe93b3} - C:\Windows\system32\kurckpml.dll (file missing)
2.
http://virus-protect.org/artikel/tools/otmoveIt.html
öffne: OTMoveIt.exe
OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\Users\Rami\AppData\Roaming\Screeq.com
C:\Windows\System32\jkkIaxvw.dll
C:\Windows\Critical System Error.scr
Klicke auf den Roten MoveIt!

3.
lade datfindbat, alle logs sind per Datum geordnet - poste die Daten bis Januar 2008
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.05.2008, 16:19
Member

Themenstarter

Beiträge: 16
#7 Hier ist der Log von datfindbat:
Datentr„ger in Laufwerk C: ist VistaOS
Volumeseriennummer: F6E0-14D5

Verzeichnis von c:\

20.05.2008 16:14 0 dirdat.txt
20.05.2008 16:09 2.146.689.024 hiberfil.sys
20.05.2008 16:09 2.460.475.392 pagefile.sys
19.05.2008 15:07 5.151 Bug.txt
19.01.2008 09:45 333.203 bootmgr
10.08.2007 14:33 0 IO.SYS
10.08.2007 14:33 0 MSDOS.SYS
09.03.2007 09:26 524.288 F3T.BIN
09.03.2007 08:27 524.288 F3Tc.BIN
18.09.2006 23:43 10 config.sys
18.09.2006 23:43 24 autoexec.bat
11 Datei(en), 4.608.551.380 Bytes
0 Verzeichnis(se), 15.962.947.584 Bytes frei
Datentr„ger in Laufwerk C: ist VistaOS
Volumeseriennummer: F6E0-14D5

Verzeichnis von C:\Windows\system32

20.05.2008 16:09 45.056 acovcnt.exe
20.05.2008 16:09 3.296 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
20.05.2008 16:09 3.296 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
20.05.2008 16:09 446.950 oodbs.lor
20.05.2008 14:08 106.120 perfc009.dat
20.05.2008 14:08 598.850 perfh009.dat
20.05.2008 14:08 632.408 perfh007.dat
20.05.2008 14:08 128.422 perfc007.dat
20.05.2008 14:08 1.456.198 PerfStringBackup.INI
19.05.2008 16:33 10.752 BASSMOD.dll
19.05.2008 15:44 161.328 mlfcache.dat
19.05.2008 13:50 192 libsyslic1.ls
18.05.2008 09:31 822.241 RVAXO.bat
09.05.2008 23:35 16.863.864 mrt.exe
04.05.2008 20:01 170.432 libsyslic1.pd
04.05.2008 20:01 878.080 iconv.dll
04.05.2008 20:01 150.016 libxslt.dll
04.05.2008 20:01 721.920 libxml2.dll
04.05.2008 20:01 51.200 libexslt.dll
28.04.2008 11:35 42.672 wbsys.dll
28.04.2008 11:34 58.792 wbload.dll
23.04.2008 14:32 19.968 CPUINF32.DLL
10.04.2008 18:41 1.756.848 FNTCACHE.DAT
31.03.2008 23:25 161.096 DivXCodecVersionChecker.exe
31.03.2008 23:25 823.296 divx_xx07.dll
31.03.2008 23:25 823.296 divx_xx0c.dll
31.03.2008 23:25 682.496 DivX.dll
31.03.2008 23:25 831.488 divx_xx0a.dll
31.03.2008 23:25 802.816 divx_xx11.dll
28.03.2008 23:37 57.344 QuickTime.qts
28.03.2008 23:37 90.112 QuickTimeVR.qtx
28.03.2008 09:23 89.088 atl71.dll
28.03.2008 09:23 348.160 msvcr71.dll
25.03.2008 21:21 15.819.776 imageres.dll
24.03.2008 21:45 630.784 divxdec.ax
21.03.2008 22:30 4.816 divxsm.tlb
21.03.2008 22:30 524.288 DivXsm.exe
21.03.2008 22:30 10.152 dsm_de.qm
21.03.2008 22:30 3.596.288 qt-dx331.dll
21.03.2008 22:30 1.044.480 libdivx.dll
21.03.2008 22:30 200.704 ssldivx.dll
21.03.2008 22:28 416 dpl100.dll.manifest
21.03.2008 22:28 416 dtu100.dll.manifest
21.03.2008 22:28 81.920 dpl100.dll
21.03.2008 22:28 196.608 dtu100.dll
21.03.2008 22:28 3.051 dtu_de.qm
21.03.2008 22:28 53.248 dpuGUI10.dll
21.03.2008 22:28 593.920 dpuGUI11.dll
21.03.2008 22:28 294.912 dpu11.dll
21.03.2008 22:28 57.344 dpv11.dll
21.03.2008 22:28 344.064 dpus11.dll
21.03.2008 22:28 294.912 dpu10.dll
21.03.2008 22:28 12.288 DivXWMPExtType.dll
21.03.2008 22:28 8.523 dpude.qm
21.03.2008 19:01 44.875 TEST.log
21.03.2008 19:01 3.239 SENT.log
21.03.2008 19:01 7.334 RECV.log
18.03.2008 21:40 101.888 ifxcardm.dll
18.03.2008 21:40 82.432 axaltocm.dll
18.03.2008 21:14 152.576 SPWizUI.dll
18.03.2008 21:14 47.560 SPReview.exe
12.03.2008 14:53 118 MRT.INI
09.03.2008 19:06 307.968 TuneUpDefragService.exe
08.03.2008 15:27 10.322 lvcoinst.log
29.02.2008 09:14 19.000 kd1394.dll
29.02.2008 09:11 927.288 winresume.exe
29.02.2008 09:11 988.216 winload.exe
29.02.2008 08:53 378.368 srcore.dll
29.02.2008 08:53 40.960 srclient.dll
29.02.2008 08:53 46.592 setbcdlocale.dll
29.02.2008 08:35 6.656 kbd106n.dll
29.02.2008 06:21 2.032.128 win32k.sys
29.02.2008 06:12 318.464 rstrui.exe
29.02.2008 06:12 14.848 srdelayed.exe


Verzeichnis von C:\Windows

20.05.2008 16:10 58.368 ntbtlog.txt
20.05.2008 16:09 67.584 bootstat.dat
20.05.2008 16:06 12 bthservsdp.dat
20.05.2008 16:06 77.654 WindowsUpdate.log
19.05.2008 15:15 53.248 PSEXESVC.EXE
19.05.2008 15:13 227 system.ini
19.05.2008 14:55 69 NeroDigital.ini
09.05.2008 15:46 54.156 QTFont.qfn
02.05.2008 11:01 683 win.ini
08.04.2008 15:41 1.409 QTFont.for
30.03.2008 12:41 76 WINHLP32.DL2
30.03.2008 12:40 266.240 Setup1.exe
30.03.2008 12:40 74.752 temp.000
25.03.2008 21:16 3.932.214 AW_XenoMorph1280.bmp
22.03.2008 14:25 29 .wb4
21.03.2008 18:10 111.361 hpqins13.dat
18.03.2008 22:23 749 WindowsShell.Manifest
18.03.2008 21:34 458.752 SPInstall.etl
08.03.2008 16:24 598 videoimp.ini
02.03.2008 18:18 72 WB.ini
21.02.2008 16:12 227 winshell.dat
19.02.2008 13:00 381 BeatBox.INI
19.02.2008 13:00 28 Robota.INI
19.02.2008 12:34 6.768 mgxoschk.ini
16.02.2008 17:02 24 ATKPF.ini
06.02.2008 18:01 108.336 mswinsck.ocx
19.01.2008 09:33 13.312 fveupdate.exe
19.01.2008 09:33 58.880 bfsvc.exe
19.01.2008 00:33 134.656 regedit.exe
19.01.2008 00:33 151.040 notepad.exe
19.01.2008 00:33 2.927.104 explorer.exe
19.01.2008 00:33 498.176 HelpPane.exe
09.01.2008 16:12 73.216 ST6UNST.EXE
22.12.2007 12:10 3.120 .lfa
02.12.2007 22:14 358 Let It Snow-Prefs.ini

Verzeichnis von C:\Users\MyName\AppData\Local\Temp

20.05.2008 16:09 31.832 Rami.bmp
20.05.2008 13:50 260.904 SilverlightMSI.log
20.05.2008 13:50 1.230 Silverlight0.log
20.05.2008 10:05 38 um.um
19.05.2008 18:28 16.384 ~DF6B7D.tmp
5 Datei(en), 310.388 Bytes
0 Verzeichnis(se), 15.962.804.224 Bytes frei
Seitenanfang Seitenende
20.05.2008, 16:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 ««
Virustotal http://www.virustotal.com/flash/index_en.html

C:\Windows\system32\acovcnt.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren

««
scanne mit f-secure + poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.05.2008, 20:14
Member

Themenstarter

Beiträge: 16
#9 Hier ist der Report von f-secure:

Scanning Report

Tuesday, May 20, 2008 17:36:59 - 19:35:14

Scanning type: Scan system for malware, rootkits
Target: C:\ D:\

Result: 2 malware found

W32/Suspicious_U.gen (virus)
C:\PROGRAM FILES\WINRAR\SYSTOOLS\PLUGINS\EMPTY KEY.DLL (Submitted)
C:\PROGRAM FILES\WINRAR\SYSTOOLS\PLUGINS\SLYSOFT.DLL (Submitted)
Statistics

Scanned:
Files: 59548
System: 5214
Not scanned: 20
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 2
Submitted: 2
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\USERS\MyName\APPDATA\ROAMING\SYMANTEC\NPMDATASTORE\CIMSTORE.XML
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7663EEC413852713C8FA8C5C031527F_CA49E810-D445-4DAA-AB42-D8D4F3551500
C:\BOOT\BCD
Options

Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-05-20
F-Secure Pegasus: 1.20.0, 2008-04-15
F-Secure AVP: 7.0.171, 2008-05-20
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
Copyright © 1998-2007 Product support |Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

PS: Habe den ersten Schritt durchgeführt und den Report habe ich. ;) Schau nach unten.
Dieser Beitrag wurde am 21.05.2008 um 13:37 Uhr von Cool_Boy_007 editiert.
Seitenanfang Seitenende
21.05.2008, 12:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 noch mal... abwarten, bis gescannt wurde, dann bericht komplett abkopieren

Virustotal http://www.virustotal.com/flash/index_en.html

C:\Windows\system32\acovcnt.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.05.2008, 13:31
Member

Themenstarter

Beiträge: 16
#11 Bitteschön. ;) Hier ist der Report von VirusTotal:


AhnLab-V3 2008.5.20.0 2008.05.21 -
AntiVir 7.8.0.19 2008.05.21 -
Authentium 5.1.0.4 2008.05.21 -
Avast 4.8.1195.0 2008.05.21 -
AVG 7.5.0.516 2008.05.21 -
BitDefender 7.2 2008.05.21 -
CAT-QuickHeal 9.50 2008.05.19 -
ClamAV 0.92.1 2008.05.21 -
DrWeb 4.44.0.09170 2008.05.21 -
eSafe 7.0.15.0 2008.05.20 -
eTrust-Vet 31.4.5808 2008.05.21 -
Ewido 4.0 2008.05.21 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.21 -
Fortinet 3.14.0.0 2008.05.21 -
GData 2.0.7306.1023 2008.05.21 -
Ikarus T3.1.1.26.0 2008.05.21 -
Kaspersky 7.0.0.125 2008.05.21 -
McAfee 5299 2008.05.20 -
Microsoft 1.3520 2008.05.21 -
NOD32v2 3116 2008.05.21 -
Norman 5.80.02 2008.05.20 -
Panda 9.0.0.4 2008.05.21 -
Prevx1 V2 2008.05.21 -
Rising 20.45.12.00 2008.05.21 -
Sophos 4.29.0 2008.05.21 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.21 -
TheHacker 6.2.92.314 2008.05.20 -
VBA32 3.12.6.6 2008.05.20 -
VirusBuster 4.3.26:9 2008.05.20 -
Webwasher-Gateway 6.6.2 2008.05.21 -


weitere Informationen
File size: 45056 bytes
MD5...: 6bcaf46e2b7fa9ace92b4d39f3037c5c
SHA1..: 6d5a81e3cf59832d73f28d6e87f51d073c3e4095
SHA256: aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2
SHA512: 03b62753530e1adba2af3feede5e3903d41d8b102289bb03f4ad2520ead6ec9c
aea29acae81846eb4484310c0bc1c0a69934a02fadb1a015383e0ebee7c007f3
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401613
timedatestamp.....: 0x425539fb (Thu Apr 07 13:47:39 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4ee6 0x5000 6.60 f7aa46b67e4004a80db01ad39b5c4bd7
.rdata 0x6000 0xb32 0x1000 4.20 f3ceef6b97b6aad02714644497ad4da9
.data 0x7000 0x413c 0x3000 0.56 af4abe2835a3f5bf87330b627a696dbf
.rsrc 0xc000 0xc0 0x1000 0.14 c85d6206afcdfed0fe16bdc48441d945

( 5 imports )
> DDRAW.dll: DirectDrawCreateEx
> KERNEL32.dll: CreateEventA, SetEvent, CloseHandle, GetModuleFileNameA, SetHandleCount, GetStdHandle, GetEnvironmentStringsW, SetStdHandle, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, FlushFileBuffers, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, HeapDestroy, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetCPInfo, HeapFree, RtlUnwind, GetFileType, GetEnvironmentVariableA, GetVersionExA, MultiByteToWideChar, HeapCreate, VirtualFree, GetStringTypeA, WriteFile, SetFilePointer, GetLastError, GetStringTypeW, HeapAlloc
> USER32.dll: TranslateMessage, DispatchMessageA, CreateWindowExA, TranslateAcceleratorA, GetMessageA, LoadStringA, RegisterClassExA, DefWindowProcA, PostQuitMessage, LoadCursorA, LoadIconA
> ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegDeleteValueA, RegCreateKeyA
> ole32.dll: CoInitializeEx, CoUninitialize

( 0 exports )
Dieser Beitrag wurde am 21.05.2008 um 13:35 Uhr von Cool_Boy_007 editiert.
Seitenanfang Seitenende
21.05.2008, 14:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 ««
lade die exe bitte hier hoch, du wirst dann benachrichtigt, poste die nachricht

C:\Windows\system32\acovcnt.exe

http://www.norman.com/microsites/nsic/Submit/de

««
inzwischen scanne mit McAfee FreeScan (Online) + poste den report
http://virus-protect.org/onlinescan.html

und berichte, ob der Fehler mit dem ladebalken noch auftritt....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.05.2008, 16:04
Member

Themenstarter

Beiträge: 16
#13 Hier ist die Nachricht von Norman:


Hello,

Thanks for taking the time to submit your samples to the Norman Sandbox Information Center. Customer delight is our top priority at Norman. With that in mind we have developed Sandbox Solutions for organizations that are committed to speedy analysis and debugging.

Norman Sandbox Solutions give your organization the opportunity to analyze files immediately in your own environment.

To find out how to bring the power of Norman Sandbox into your test environments follow the links below.

Norman Sandbox Solutions
http://www.norman.com/Product/Sandbox-products/

Norman Sandbox Analyzer
http://www.norman.com/Product/Sandbox-products/Analyzer/

Norman Sandbox Analyzer Pro
http://www.norman.com/Product/Sandbox-products/Analyzer-pro/

Norman SandBox Reporter
http://www.norman.com/Product/Sandbox-products/Reporter/

acovcnt.exe : Not detected by Sandbox (Signature: NO_VIRUS)


[ DetectionInfo ]
* Sandbox name: NO_MALWARE
* Signature name: NO_VIRUS
* Compressed: NO
* TLS hooks: NO
* Executable type: Application
* Executable file structure: OK

[ General information ]
* File length: 45056 bytes.
* MD5 hash: 6bcaf46e2b7fa9ace92b4d39f3037c5c.

[ Changes to registry ]
* Creates key "HKLM\Software\ASUS\Asus Chameleon Engine".
* Sets value "OV0"=" " in key "HKLM\Software\ASUS\Asus Chameleon Engine".

[ Process/window information ]
* Creates an event called ACOVSEvent.



(C) 2004-2006 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information source only.

This file is not flagged as malicious by the Norman Sandbox Information Center. However, we can not guarantee that the file is harmless. If you still suspect the file to be malicious and if you urgently need to know for sure, please submit it to your local Norman support department for manual analysis.


************************************
Sent from an unmonitored email address.
Please DO NOT reply.
************************************

PS: Ist es normal ,dass der McAfee Scanner die ganze Zeit auf 0 steht bei der Zahl der geprüften Dateien. Nein,das ist es nicht. Der Scan wird sowiso nicht viel bringen. Kannst du nicht einfach deine acovcnt.exe Datei uploaden und dies dann durch meine ersetzen .Das würde dann dieses Problem mit den Ladebalken beheben,oder?
Dieser Beitrag wurde am 21.05.2008 um 16:41 Uhr von Cool_Boy_007 editiert.
Seitenanfang Seitenende
21.05.2008, 17:30
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 acovcnt.exe - gehört nascheinend zu Asus...
HKLM\Software\ASUS\Asus Chameleon Engine

hast du so eine Software auf dem Rechner ?

Zitat

Verzeichnis von C:\Windows\system32
20.05.2008 16:09 45.056 acovcnt.exe

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.05.2008, 19:02
Member

Themenstarter

Beiträge: 16
#15 Ich habe nur ASUS Programme wie ASUS Update und so.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: