Home » Spyware & Browser Hijacker Support Forum » internet explorer. » Themenansicht

internet explorer.

Thema ist geschlossen!
Thema ist geschlossen!
#0
22.10.2008, 18:21
ujek
Member

Beiträge: 66
#1 Hi
Seid gestern kann ich nicht mein IE öffnen bei anklicken auf IE kommt meldung,
internet explorer funktioniert nicht mehr!!!
Hab schon alles ausprobiert und läuft immer nicht.
Kann ich einfach combofix laufen lassen oder was soll ich machen???
Gruß
Ujek.
Seitenanfang Seitenende
22.10.2008, 18:54
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Poste mal die daten von: http://board.protecus.de/t23187.htm
__________
MfG Argus
Seitenanfang Seitenende
22.10.2008, 21:12
ujek
Member

Themenstarter

Beiträge: 66
#3 Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\BIRGIT~1\AppData\Local\Temp\Rar$EX00.981\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von NetCologne
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-14/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-14/4 (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-28/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-28/4 (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/EN/scan8/oscan8.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://www.coolstreaming.us/consolle/plug-in/SOPCORE.CAB
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.173.193.218/activex/AMC.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://80.237.209.20/objects/NpFv501.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A060266E-DBD9-44B1-BF3F-C0D4EBC0045A}: NameServer = 81.173.194.68 213.168.112.60
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Common Files\AAV\aavus.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 5706 bytes
Seitenanfang Seitenende
23.10.2008, 07:30
Swisstreasure
Moderator

Beiträge: 5694
#4 ujek

Zitat

Poste mal die daten von: http://board.protecus.de/t23187.htm
Dies sind aber noch lange nicht alle Daten.

- Malwarebytes
- Combofix
- Datfindbat

Bitte poste alle Logs.

Gruss Swiss
Seitenanfang Seitenende
23.10.2008, 15:34
ujek
Member

Themenstarter

Beiträge: 66
#5 Hab ja gelesen und von bekannte mietbekommen das alle die bei Vista SP runtergeladen haben haben gleiche probleme oder pc gehen einfach aus.

Ich kann doch nicht alle dateien runterladen und mit allem untersuchen da mach ich mir mein rechner noch mehr kaputt.Gib da nicht was einfaches????


Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1310
Windows 6.0.6001 Service Pack 1

23.10.2008 17:55:59
mbam-log-2008-10-23 (17-55-47).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 43898
Laufzeit: 3 minute(s), 7 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bgnr (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\SysRestore.dll (Rogue.AscentivePerformance) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\SysRestore.dll (Rogue.AscentivePerformance) -> No action taken.
C:\Windows\grswptdl.exe (Trojan.FakeAlert) -> No action taken.




combofix






.

2008-10-23 18:01 . 2008-10-23 18:01 318,976 --a------ C:\Windows\System32\CF12010.exe
2008-10-23 17:50 . 2008-10-23 17:50 <DIR> d-------- C:\Users\Birgit-Achim\AppData\Roaming\Malwarebytes
2008-10-23 17:50 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-23 17:49 . 2008-10-23 17:49 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-23 17:49 . 2008-10-23 17:49 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-23 17:49 . 2008-10-23 17:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 17:49 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-23 16:29 . 2008-10-23 16:33 <DIR> d-------- C:\Windows\System32\catroot2
2008-10-18 21:36 . 2008-10-18 21:36 <DIR> d-------- C:\Program Files\EURO I AG
2008-10-15 15:42 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 15:42 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 15:42 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 15:42 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 15:42 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 15:42 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 12:40 . 2008-10-23 16:10 <DIR> d-------- C:\Program Files\Everest Poker
2008-10-08 10:57 . 2008-10-08 10:57 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-05 18:35 . 2008-10-05 18:35 <DIR> d-------- C:\Program Files\Axis Communications
2008-10-05 14:38 . 2008-10-05 14:38 19,456 --a------ C:\Windows\System32\pcaui32.dll
2008-09-30 23:24 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-09-30 15:04 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-09-30 15:03 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-09-30 15:02 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-09-30 15:01 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-09-30 15:01 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-09-30 15:01 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-09-30 15:01 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-09-30 15:01 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-09-30 15:01 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-09-30 15:01 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-09-30 15:01 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-09-30 15:01 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 14:10 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-23 14:10 --------- d-----w C:\Program Files\Opera
2008-10-23 14:10 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-23 14:10 --------- d-----w C:\Program Files\IEPro
2008-10-22 14:11 --------- d-----w C:\Program Files\Google
2008-10-19 16:04 --------- d-----w C:\Users\Birgit-Achim\AppData\Roaming\Skype
2008-10-16 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-10-15 11:00 --------- d-----w C:\Program Files\ICQ6
2008-10-15 09:38 --------- d-----w C:\Users\Birgit-Achim\AppData\Roaming\DivX
2008-10-05 11:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-30 15:00 174 --sha-w C:\Program Files\desktop.ini
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Journal
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Defender
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Calendar
2008-09-30 13:57 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-30 13:57 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-16 20:14 --------- d-----w C:\Program Files\SopCast
2008-09-13 20:09 --------- d-----w C:\Program Files\DivX
2008-09-13 19:44 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-13 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 13:40 --------- d-----w C:\ProgramData\TVU Networks
2008-08-25 19:40 --------- d-----w C:\ProgramData\hps
2008-08-18 08:39 4,579,328 ----a-w C:\dm Fotowelt.exe
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-10-09 19:45 128 ----a-w C:\Users\Birgit-Achim\AppData\Roaming\wklnhst.dat
2008-04-13 14:47 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-13 14:47 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-13 14:47 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2008-01-19 227840]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\Windows\system32\l3codecp.acm
"msacm.l3codec"= C:\Windows\system32\l3codecp.acm

[HKLM\~\startupfolder\C:^Users^Birgit-Achim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-21 14:33 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-08-24 19:54 154136 C:\Windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-08-24 19:54 141848 C:\Windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-09 15:54 16896 C:\Program Files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-09 19:26 4702208 C:\Windows\RtHDVCpl.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=C:\Windows\system32\igfxpers.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE543880-813A-4B8E-9761-3B16C74BE8C5}"= C:\Program Files\Home Cinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{93CD16E9-279B-4021-9185-ABE994BCD8B4}"= C:\Program Files\Home Cinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{086BD179-D068-4F16-918D-5A7FE40C3BBF}"= C:\Program Files\Home Cinema\MakeDisc\MakeDisc.exe:MakeDisc
"TCP Query User{D6BC2D42-FDEB-45E6-A899-B24ACA72B765}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{C3AA358E-9729-4891-99FE-3CF6C726874A}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{C3667DEE-F63E-4AF8-9E73-7A89A33E124A}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{2484893E-5B6D-47C9-86F9-1908C9CE6CB6}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{7C6E1141-6A17-47EC-894A-BA36DF46EBB3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{70F579F7-789A-4E51-9FC8-C2C5AFD7F297}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9FE748B8-EB3F-480E-ACC5-29468070672C}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{40866307-2272-402A-956A-5AB9EC47289E}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1FC7C223-5D16-489F-BD44-2FC1DF7DCFCF}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{6D69E2D7-08BF-4DA7-B267-F678B121DB95}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D19C0824-4704-416F-8B61-A41ADA07815A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{FEBB7722-9DF7-47E9-8CAD-6CA4CBA47B3E}C:\\users\\birgit-achim\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\birgit-achim\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{FEFC00E6-B6A8-4159-8DA4-056BDDF97DA4}C:\\users\\birgit-achim\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\birgit-achim\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{64DD272B-0D35-4FFE-B2ED-D1E95AA5E900}C:\\program files\\online tv player\\tvplayer.exe"= UDP:C:\program files\online tv player\tvplayer.exe:TVPlayer
"UDP Query User{3E2148FB-645A-471B-99E3-8BDB8A6305FA}C:\\program files\\online tv player\\tvplayer.exe"= TCP:C:\program files\online tv player\tvplayer.exe:TVPlayer
"TCP Query User{27EDA1EB-0679-4846-8EDE-FD749F287675}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{F3C7D34F-33DB-4BFE-9025-9D2F7A1215AA}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{147CF155-4403-42EC-B7FB-2F3C3748929B}C:\\users\\birgit-achim\\appdata\\local\\temp\\rar$ex01.651\\p2pnode.exe"= UDP:C:\users\birgit-achim\appdata\local\temp\rar$ex01.651\p2pnode.exe:p2pnode.exe
"UDP Query User{135D1190-896F-4208-AEB4-473FFD65695F}C:\\users\\birgit-achim\\appdata\\local\\temp\\rar$ex01.651\\p2pnode.exe"= TCP:C:\users\birgit-achim\appdata\local\temp\rar$ex01.651\p2pnode.exe:p2pnode.exe
"TCP Query User{9C2A0CE8-74AE-474C-9691-637804367234}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials
"UDP Query User{C5EB97A9-E633-4468-8A17-D42676C989C4}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials
"TCP Query User{B19600DE-45EC-443C-B973-9B5B09C89FAB}C:\\kav\\kav7.0\\german\\setup.exe"= UDP:C:\kav\kav7.0\german\setup.exe:Installationsprogramm für Kaspersky Anti-Virus 7.0
"UDP Query User{361E16B8-0ACD-426E-9441-5A10248F8E90}C:\\kav\\kav7.0\\german\\setup.exe"= TCP:C:\kav\kav7.0\german\setup.exe:Installationsprogramm für Kaspersky Anti-Virus 7.0
"{5A1F173F-B0C0-4EEE-B3A3-6619394577BF}"= UDP:C:\Program Files\RapidSolution\RS Audials One\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{7DC64456-BB7C-4ED8-9A7A-B94A5249B8EB}"= TCP:C:\Program Files\RapidSolution\RS Audials One\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{F2870D8D-03F0-4110-BBAF-EAFFD4FC95C2}C:\\program files\\rapidsolution\\rs audials one\\videoraptor\\videoraptor.exe"= UDP:C:\program files\rapidsolution\rs audials one\videoraptor\videoraptor.exe:Videoraptor
"UDP Query User{A0E37383-6ABD-4CF8-A7E1-6C796B776B9F}C:\\program files\\rapidsolution\\rs audials one\\videoraptor\\videoraptor.exe"= TCP:C:\program files\rapidsolution\rs audials one\videoraptor\videoraptor.exe:Videoraptor
"TCP Query User{B175BBA9-7264-46DC-AA79-AC5A01B4A0F3}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{12B762F0-04F6-4D0C-B1B1-54776B1142CE}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"{08797E41-9C31-4055-92C0-1BCA614EF1C9}"= UDP:C:\Program Files\PPLive\PPLive.exe:pPLive
"{BA06678E-1231-49F3-AAB7-E59FDA6927E8}"= TCP:C:\Program Files\PPLive\PPLive.exe:pPLive
"TCP Query User{C83C8284-6466-4080-B027-9B3004C7AADC}C:\\windows\\system32\\presentationhost.exe"= UDP:C:\windows\system32\presentationhost.exe:Windows Presentation Foundation-Host
"UDP Query User{D7E6F9EE-0870-4A28-8886-32A94F5BAECE}C:\\windows\\system32\\presentationhost.exe"= TCP:C:\windows\system32\presentationhost.exe:Windows Presentation Foundation-Host

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R2 AAV UpdateService;AAV UpdateService;C:\Program Files\Common Files\AAV\aavus.exe [2007-10-04 122880]
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\L260x86.sys [2006-12-13 25600]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;C:\Windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;C:\Windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-03-07 307968]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
Dieser Beitrag wurde am 23.10.2008 um 19:07 Uhr von ujek editiert.
Seitenanfang Seitenende
23.10.2008, 22:51
Swisstreasure
Moderator

Beiträge: 5694
#6 Bitte poste das ganze Combofix-Log:C:/Combofix/combofix.txt

Gruss Swiss
Seitenanfang Seitenende
24.10.2008, 10:46
virenfinder
Member

Beiträge: 3716
#7 1.
das sp3 läuft wunderbar... es gibt natürlich auch manchmal ausnamen...
2. bitte poste die logs immer komplett.
3. die programme die wir empfehlen kmachen deinen rechner net kaput ;-)
4. update bitte malwarebytes wähle diesmal komplett scan und lösche alle funde!
4. wie tonstudio sagte poste das combofix-log aber bitte das vom gelaufenden scan. suche dafür nach combofix.txt
Seitenanfang Seitenende
24.10.2008, 16:15
ujek
Member

Themenstarter

Beiträge: 66
#8 ComboFix 08-10-22.05 - Birgit-Achim 2008-10-23 18:05:52.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.333 [GMT 2:00]
ausgeführt von:: C:\Users\Birgit-Achim\Desktop\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-09-23 bis 2008-10-23 ))))))))))))))))))))))))))))))
.

2008-10-23 18:01 . 2008-10-23 18:01 318,976 --a------ C:\Windows\System32\CF12010.exe
2008-10-23 17:50 . 2008-10-23 17:50 <DIR> d-------- C:\Users\Birgit-Achim\AppData\Roaming\Malwarebytes
2008-10-23 17:50 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-23 17:49 . 2008-10-23 17:49 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-23 17:49 . 2008-10-23 17:49 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-23 17:49 . 2008-10-23 17:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 17:49 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-23 16:29 . 2008-10-23 16:33 <DIR> d-------- C:\Windows\System32\catroot2
2008-10-18 21:36 . 2008-10-18 21:36 <DIR> d-------- C:\Program Files\EURO I AG
2008-10-15 15:42 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 15:42 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 15:42 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 15:42 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 15:42 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 15:42 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 12:40 . 2008-10-23 16:10 <DIR> d-------- C:\Program Files\Everest Poker
2008-10-08 10:57 . 2008-10-08 10:57 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-05 18:35 . 2008-10-05 18:35 <DIR> d-------- C:\Program Files\Axis Communications
2008-10-05 14:38 . 2008-10-05 14:38 19,456 --a------ C:\Windows\System32\pcaui32.dll
2008-09-30 23:24 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-09-30 15:04 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-09-30 15:03 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-09-30 15:02 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-09-30 15:01 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-09-30 15:01 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-09-30 15:01 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-09-30 15:01 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-09-30 15:01 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-09-30 15:01 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-09-30 15:01 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-09-30 15:01 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-09-30 15:01 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 14:10 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-23 14:10 --------- d-----w C:\Program Files\Opera
2008-10-23 14:10 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-23 14:10 --------- d-----w C:\Program Files\IEPro
2008-10-22 14:11 --------- d-----w C:\Program Files\Google
2008-10-19 16:04 --------- d-----w C:\Users\Birgit-Achim\AppData\Roaming\Skype
2008-10-16 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-10-15 11:00 --------- d-----w C:\Program Files\ICQ6
2008-10-15 09:38 --------- d-----w C:\Users\Birgit-Achim\AppData\Roaming\DivX
2008-10-05 11:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-30 15:00 174 --sha-w C:\Program Files\desktop.ini
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Journal
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Defender
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-30 14:51 --------- d-----w C:\Program Files\Windows Calendar
2008-09-30 13:57 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-30 13:57 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-16 20:14 --------- d-----w C:\Program Files\SopCast
2008-09-13 20:09 --------- d-----w C:\Program Files\DivX
2008-09-13 19:44 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-13 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 13:40 --------- d-----w C:\ProgramData\TVU Networks
2008-08-25 19:40 --------- d-----w C:\ProgramData\hps
2008-08-18 08:39 4,579,328 ----a-w C:\dm Fotowelt.exe
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-10-09 19:45 128 ----a-w C:\Users\Birgit-Achim\AppData\Roaming\wklnhst.dat
2008-04-13 14:47 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-13 14:47 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-13 14:47 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2008-01-19 227840]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\Windows\system32\l3codecp.acm
"msacm.l3codec"= C:\Windows\system32\l3codecp.acm

[HKLM\~\startupfolder\C:^Users^Birgit-Achim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-21 14:33 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-08-24 19:54 154136 C:\Windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-08-24 19:54 141848 C:\Windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-09 15:54 16896 C:\Program Files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-09 19:26 4702208 C:\Windows\RtHDVCpl.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=C:\Windows\system32\igfxpers.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE543880-813A-4B8E-9761-3B16C74BE8C5}"= C:\Program Files\Home Cinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{93CD16E9-279B-4021-9185-ABE994BCD8B4}"= C:\Program Files\Home Cinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{086BD179-D068-4F16-918D-5A7FE40C3BBF}"= C:\Program Files\Home Cinema\MakeDisc\MakeDisc.exe:MakeDisc
"TCP Query User{D6BC2D42-FDEB-45E6-A899-B24ACA72B765}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{C3AA358E-9729-4891-99FE-3CF6C726874A}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{C3667DEE-F63E-4AF8-9E73-7A89A33E124A}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{2484893E-5B6D-47C9-86F9-1908C9CE6CB6}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{7C6E1141-6A17-47EC-894A-BA36DF46EBB3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{70F579F7-789A-4E51-9FC8-C2C5AFD7F297}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9FE748B8-EB3F-480E-ACC5-29468070672C}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{40866307-2272-402A-956A-5AB9EC47289E}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1FC7C223-5D16-489F-BD44-2FC1DF7DCFCF}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{6D69E2D7-08BF-4DA7-B267-F678B121DB95}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D19C0824-4704-416F-8B61-A41ADA07815A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{FEBB7722-9DF7-47E9-8CAD-6CA4CBA47B3E}C:\\users\\birgit-achim\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\birgit-achim\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{FEFC00E6-B6A8-4159-8DA4-056BDDF97DA4}C:\\users\\birgit-achim\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\birgit-achim\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{64DD272B-0D35-4FFE-B2ED-D1E95AA5E900}C:\\program files\\online tv player\\tvplayer.exe"= UDP:C:\program files\online tv player\tvplayer.exe:TVPlayer
"UDP Query User{3E2148FB-645A-471B-99E3-8BDB8A6305FA}C:\\program files\\online tv player\\tvplayer.exe"= TCP:C:\program files\online tv player\tvplayer.exe:TVPlayer
"TCP Query User{27EDA1EB-0679-4846-8EDE-FD749F287675}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{F3C7D34F-33DB-4BFE-9025-9D2F7A1215AA}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{147CF155-4403-42EC-B7FB-2F3C3748929B}C:\\users\\birgit-achim\\appdata\\local\\temp\\rar$ex01.651\\p2pnode.exe"= UDP:C:\users\birgit-achim\appdata\local\temp\rar$ex01.651\p2pnode.exe:p2pnode.exe
"UDP Query User{135D1190-896F-4208-AEB4-473FFD65695F}C:\\users\\birgit-achim\\appdata\\local\\temp\\rar$ex01.651\\p2pnode.exe"= TCP:C:\users\birgit-achim\appdata\local\temp\rar$ex01.651\p2pnode.exe:p2pnode.exe
"TCP Query User{9C2A0CE8-74AE-474C-9691-637804367234}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials
"UDP Query User{C5EB97A9-E633-4468-8A17-D42676C989C4}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials
"TCP Query User{B19600DE-45EC-443C-B973-9B5B09C89FAB}C:\\kav\\kav7.0\\german\\setup.exe"= UDP:C:\kav\kav7.0\german\setup.exe:Installationsprogramm für Kaspersky Anti-Virus 7.0
"UDP Query User{361E16B8-0ACD-426E-9441-5A10248F8E90}C:\\kav\\kav7.0\\german\\setup.exe"= TCP:C:\kav\kav7.0\german\setup.exe:Installationsprogramm für Kaspersky Anti-Virus 7.0
"{5A1F173F-B0C0-4EEE-B3A3-6619394577BF}"= UDP:C:\Program Files\RapidSolution\RS Audials One\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{7DC64456-BB7C-4ED8-9A7A-B94A5249B8EB}"= TCP:C:\Program Files\RapidSolution\RS Audials One\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{F2870D8D-03F0-4110-BBAF-EAFFD4FC95C2}C:\\program files\\rapidsolution\\rs audials one\\videoraptor\\videoraptor.exe"= UDP:C:\program files\rapidsolution\rs audials one\videoraptor\videoraptor.exe:Videoraptor
"UDP Query User{A0E37383-6ABD-4CF8-A7E1-6C796B776B9F}C:\\program files\\rapidsolution\\rs audials one\\videoraptor\\videoraptor.exe"= TCP:C:\program files\rapidsolution\rs audials one\videoraptor\videoraptor.exe:Videoraptor
"TCP Query User{B175BBA9-7264-46DC-AA79-AC5A01B4A0F3}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{12B762F0-04F6-4D0C-B1B1-54776B1142CE}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"{08797E41-9C31-4055-92C0-1BCA614EF1C9}"= UDP:C:\Program Files\PPLive\PPLive.exe:pPLive
"{BA06678E-1231-49F3-AAB7-E59FDA6927E8}"= TCP:C:\Program Files\PPLive\PPLive.exe:pPLive
"TCP Query User{C83C8284-6466-4080-B027-9B3004C7AADC}C:\\windows\\system32\\presentationhost.exe"= UDP:C:\windows\system32\presentationhost.exe:Windows Presentation Foundation-Host
"UDP Query User{D7E6F9EE-0870-4A28-8886-32A94F5BAECE}C:\\windows\\system32\\presentationhost.exe"= TCP:C:\windows\system32\presentationhost.exe:Windows Presentation Foundation-Host

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R2 AAV UpdateService;AAV UpdateService;C:\Program Files\Common Files\AAV\aavus.exe [2007-10-04 122880]
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\L260x86.sys [2006-12-13 25600]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;C:\Windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;C:\Windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-03-07 307968]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners

2008-10-23 C:\Windows\Tasks\1-Klick-Wartung.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 10:58]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-PskSvcRetail


.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - C:\Users\Birgit-Achim\AppData\Roaming\Mozilla\Firefox\Profiles\svp6wqco.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 18:09:51
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-10-23 18:12:00
ComboFix-quarantined-files.txt 2008-10-23 16:11:55
ComboFix2.txt 2008-10-05 13:09:31

Vor Suchlauf: 17 Verzeichnis(se), 255,807,762,432 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 255,769,288,704 Bytes frei

214
Seitenanfang Seitenende
24.10.2008, 16:48
virenfinder
Member

Beiträge: 3716
#9 besuche:
http://www.virustotal.com/en/indexf.html
kopiere
C:\Windows\System32\pcaui32.dll
drücke absenden. warte bis status beendet steht kopiere das ergebniss dann hier her.
mache das selbe für:
C:\Windows\System32\CF12010.exe
wie läuft dein system?
Seitenanfang Seitenende
24.10.2008, 17:42
ujek
Member

Themenstarter

Beiträge: 66
#10 Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - not-a-virus:AdWare.Win32.Stud.d
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
weitere Informationen
MD5: 0213f689bc0be301aa993c82a32a05ff
SHA1: 3cd72183fa185f79450888f3a1f7daa05faa86f9
SHA256: 870f119e2428aea37d18b5257dfabe686a656d94c3e8d315fceeeb287d82d873
SHA512: 10a46f0aa0f1a360c0c47002f4b80fb01367e6e87c0b4b2727de3ddd0f7351400ae0e910150a8c8bde3d72a64d5809a868904cd6370ab3b42ef68ca256aa0471







Ergebnis: 0/36 (0.00%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.3.2 2008.10.08 -
AntiVir 7.8.1.34 2008.10.08 -
Authentium 5.1.0.4 2008.10.08 -
Avast 4.8.1248.0 2008.10.08 -
AVG 8.0.0.161 2008.10.08 -
BitDefender 7.2 2008.10.08 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.08 -
DrWeb 4.44.0.09170 2008.10.08 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6134 2008.10.07 -
Ewido 4.0 2008.10.08 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.08 -
Fortinet 3.113.0.0 2008.10.08 -
GData 19 2008.10.08 -
Ikarus T3.1.1.34.0 2008.10.08 -
K7AntiVirus 7.10.488 2008.10.08 -
Kaspersky 7.0.0.125 2008.10.08 -
McAfee 5400 2008.10.07 -
Microsoft 1.4005 2008.10.08 -
NOD32 3504 2008.10.08 -
Norman 5.80.02 2008.10.07 -
Panda 9.0.0.4 2008.10.09 -
PCTools 4.4.2.0 2008.10.08 -
Prevx1 V2 2008.10.09 -
Rising 20.65.22.00 2008.10.08 -
SecureWeb-Gateway 6.7.6 2008.10.08 -
Sophos 4.34.0 2008.10.08 -
Sunbelt 3.1.1708.1 2008.10.08 -
Symantec 10 2008.10.08 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.08 -
VBA32 3.12.8.6 2008.10.07 -
ViRobot 2008.10.8.1412 2008.10.08 -
VirusBuster 4.5.11.0 2008.10.08 -
weitere Informationen
File size: 318976 bytes
MD5...: 206031193f3955ba118c054c03d681e1
SHA1..: d7060a99ce2d10793378b54f48c67abe5c30f59f
SHA256: d0c9835103df318c171c79dc2436ad07b4f5d8f322e7db463b703604debbb48f
SHA512: 8f1f5ece34604922261a45eb9f63e108fc376ba97622f7d7d42fa840f2c7962b
5842fb0a261d1317bd6b28c5d47ea92da4dfcf229f01d9e502f2a1dc0fa45857
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4ad09797
timedatestamp.....: 0x47918bde (Sat Jan 19 05:34:22 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x22340 0x22400 6.62 be85250250f32b72ee44fb7374cb1d65
.data 0x24000 0x1c8ec 0x1ca00 0.17 d10c8a04a14a8cc52ad73d873ab5743f
.rsrc 0x41000 0xcec8 0xd000 5.94 71c9fdd7cc38dc520c0c98455f25ef00
.reloc 0x4e000 0x1ad4 0x1c00 6.68 dee72bfe3939acba7e2250e0186e00db

( 4 imports )
> ADVAPI32.dll: RevertToSelf, SaferRecordEventLogEntry, ImpersonateLoggedOnUser, SaferCloseLevel, SaferComputeTokenFromLevel, SaferIdentifyLevel, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyW, RegDeleteValueW, RegOpenKeyW, RegDeleteKeyW, RegSetValueW, CreateProcessAsUserW, RegSetValueExW, RegCreateKeyExW, LookupAccountSidW, GetSecurityDescriptorOwner, GetFileSecurityW
> KERNEL32.dll: SetFilePointer, lstrcmpW, lstrcmpiW, HeapFree, GetProcessHeap, MultiByteToWideChar, ReadFile, SetThreadLocale, GetProcAddress, GetModuleHandleW, VirtualQuery, HeapAlloc, CloseHandle, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, GetLastError, WideCharToMultiByte, GetFileSize, FlushConsoleInputBuffer, GetCPInfo, GetConsoleOutputCP, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime, GetLocaleInfoW, GetDateFormatW, FileTimeToLocalFileTime, GetTimeFormatW, GetLocalTime, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetEnvironmentVariableW, SetEnvironmentStringsW, SetConsoleMode, GetConsoleMode, GetCommandLineW, GetEnvironmentVariableW, SetErrorMode, SetLastError, ReadProcessMemory, LoadLibraryW, GetConsoleWindow, CreateProcessW, GetStartupInfoW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, GetBinaryTypeW, NeedCurrentDirectoryForExePathW, GetFileAttributesW, GetConsoleTitleW, MoveFileExW, LocalFree, SetConsoleTitleW, MoveFileW, SetFilePointerEx, WriteFile, SearchPathW, GetVolumeInformationW, LeaveCriticalSection, EnterCriticalSection, CancelSynchronousIo, ExpandEnvironmentStringsW, GetModuleFileNameW, GetVersion, GetWindowsDirectoryW, SetConsoleCtrlHandler, InitializeCriticalSection, GetDriveTypeW, GetFileAttributesExW, HeapSetInformation, OpenThread, GetCurrentThreadId, VirtualFree, VirtualAlloc, HeapSize, HeapReAlloc, FlushFileBuffers, DuplicateHandle, FormatMessageW, ScrollConsoleScreenBufferW, SetConsoleTextAttribute, FillConsoleOutputAttribute, CreateDirectoryW, SetFileTime, DeleteFileW, SetEndOfFile, SetFileAttributesW, CopyFileW, GetExitCodeProcess, WaitForSingleObject, TerminateProcess, SetCurrentDirectoryW, GetCurrentDirectoryW, RemoveDirectoryW, CompareFileTime, GetDiskFreeSpaceExW, FindNextStreamW, FindFirstStreamW, DeviceIoControl, ResumeThread, SetProcessAffinityMask, GetSystemInfo, GetThreadLocale, GetVolumePathNameW, CreateSymbolicLinkW, CreateHardLinkW, RaiseException, LoadLibraryA, FreeLibrary, LocalAlloc, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedCompareExchange, Sleep, InterlockedExchange, GetVDMCurrentDirectories, CmdBatNotification
> msvcrt.dll: _wpopen, _wcsupr, setlocale, realloc, towlower, fprintf, _iob, printf, memcpy, wcsrchr, rand, iswalpha, wcstoul, _errno, _local_unwind4, wcsstr, _setjmp3, exit, fflush, srand, time, _wtol, iswxdigit, wcsncmp, _setmode, _pipe, _ultoa, swscanf, _close, _open_osfhandle, _dup, _dup2, qsort, _wcslwr, free, ferror, __getmainargs, _cexit, _exit, _XcptFilter, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler4_common, _terminate@@YAXXZ, _controlfp, feof, _pclose, memmove, wcschr, _tell, iswspace, memset, wcsspn, towupper, longjmp, _wcsnicmp, _wcsicmp, _vsnwprintf, _get_osfhandle, _getch, iswdigit, wcstol, calloc, fgets
> ntdll.dll: RtlDosPathNameToNtPathName_U, NtFsControlFile, RtlFreeHeap, NtQueryInformationProcess, NtSetInformationProcess, RtlNtStatusToDosError, NtQueryInformationToken, NtClose, NtOpenProcessToken, NtOpenThreadToken
Seitenanfang Seitenende
24.10.2008, 21:00
virenfinder
Member

Beiträge: 3716
#11 was war jetzt welche datei?
bitte lade die erste noch mal hoch ich möchte das ganze ergebniss... du musst da auf erneut analysieren klicken.
Seitenanfang Seitenende
24.10.2008, 21:13
ujek
Member

Themenstarter

Beiträge: 66
#12 das ist die erste!!!!


Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.24.3 2008.10.24 -
AntiVir 7.9.0.9 2008.10.24 -
Authentium 5.1.0.4 2008.10.24 -
Avast 4.8.1248.0 2008.10.24 -
AVG 8.0.0.161 2008.10.24 -
BitDefender 7.2 2008.10.24 -
CAT-QuickHeal 9.50 2008.10.24 -
ClamAV 0.93.1 2008.10.24 -
DrWeb 4.44.0.09170 2008.10.24 -
eSafe 7.0.17.0 2008.10.23 -
eTrust-Vet 31.6.6167 2008.10.24 -
Ewido 4.0 2008.10.24 -
F-Prot 4.4.4.56 2008.10.24 -
F-Secure 8.0.14332.0 2008.10.24 -
Fortinet 3.113.0.0 2008.10.24 -
GData 19 2008.10.24 -
Ikarus T3.1.1.44.0 2008.10.24 not-a-virus:AdWare.Win32.Stud.d
K7AntiVirus 7.10.506 2008.10.24 -
Kaspersky 7.0.0.125 2008.10.24 -
McAfee 5414 2008.10.24 -
Microsoft 1.4005 2008.10.24 -
NOD32 3552 2008.10.24 -
Norman 5.80.02 2008.10.24 -
Panda 9.0.0.4 2008.10.24 -
PCTools 4.4.2.0 2008.10.24 -
Prevx1 V2 2008.10.24 -
Rising 21.00.42.00 2008.10.24 -
SecureWeb-Gateway 6.7.6 2008.10.24 -
Sophos 4.35.0 2008.10.24 -
Sunbelt 3.1.1749.1 2008.10.23 -
Symantec 10 2008.10.24 -
TheHacker 6.3.1.0.126 2008.10.23 -
TrendMicro 8.700.0.1004 2008.10.24 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.24.1436 2008.10.24 -
VirusBuster 4.5.11.0 2008.10.24 -
weitere Informationen
File size: 19456 bytes
MD5...: 0213f689bc0be301aa993c82a32a05ff
SHA1..: 3cd72183fa185f79450888f3a1f7daa05faa86f9
SHA256: 870f119e2428aea37d18b5257dfabe686a656d94c3e8d315fceeeb287d82d873
SHA512: 10a46f0aa0f1a360c0c47002f4b80fb01367e6e87c0b4b2727de3ddd0f735140
0ae0e910150a8c8bde3d72a64d5809a868904cd6370ab3b42ef68ca256aa0471
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x36004151
timedatestamp.....: 0xde392d3dL (invalid)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3c82 0x3e00 6.33 6006c52f9cf842968506a7882ba5de7c
.data 0x5000 0x13c 0x200 1.90 a9c47f21add80dd88f44de28f19e6a6d
.rsrc 0x6000 0x2e0 0x400 2.33 c16e7450c25f0cb8eb66fd8de7a0ebca
.reloc 0x7000 0x264 0x400 3.58 7dd464be2db863e1d0cf011fa39024f2

( 5 imports )
> ADVAPI32.dll: GetUserNameA
> USER32.dll: CharNextA, LoadStringA, wvsprintfA, CharLowerA
> KERNEL32.dll: GetModuleFileNameW, lstrcpyW, SystemTimeToFileTime, GetFileTime, DisableThreadLibraryCalls, GetTickCount, GetVersionExA, VirtualFree, WaitForSingleObject, IsBadReadPtr, GetModuleFileNameA, InterlockedIncrement, lstrlenA, lstrlenW, InterlockedDecrement, GetStringTypeExA, GetThreadLocale, CloseHandle, ReadFile, GetFileSize, CreateFileA, GetCurrentProcess, GetProcAddress, GetModuleHandleA, GetComputerNameA, VirtualAlloc, WriteProcessMemory, VirtualAllocEx, LoadLibraryA, CreateRemoteThread, VirtualProtect, Sleep, MoveFileExA, GetVolumeInformationA, FindClose, FindFirstFileA, GetWindowsDirectoryA, FreeLibrary, CreateThread, FreeLibraryAndExitThread, GetSystemTime
> WININET.dll: InternetCheckConnectionA, InternetOpenA, InternetConnectA, HttpOpenRequestA, HttpSendRequestA, InternetQueryDataAvailable, InternetReadFile, InternetCloseHandle, InternetCanonicalizeUrlA, InternetCrackUrlA, InternetGetConnectedState
> MSVCRT.dll: __2@YAPAXI@Z, realloc, __3@YAXPAX@Z, memset, _adjust_fdiv, malloc, _initterm, free, _except_handler3, memcpy

( 31 exports )
TSPI_lineAnswer, TSPI_lineClose, TSPI_lineDial, TSPI_lineDrop, TSPI_lineGetAddressCaps, TSPI_lineGetAddressID, TSPI_lineGetAddressStatus, TSPI_lineGetCallInfo, TSPI_lineGetCallStatus, TSPI_lineGetDevCaps, TSPI_lineGetDevConfig, TSPI_lineGetID, TSPI_lineGetIcon, TSPI_lineGetLineDevStatus, TSPI_lineGetNumAddressIDs, TSPI_lineMakeCall, TSPI_lineNegotiateTSPIVersion, TSPI_lineOpen, TSPI_lineSetAppSpecific, TSPI_lineSetDevConfig, TSPI_lineSetStatusMessages, TSPI_phoneNegotiateTSPIVersion, TSPI_providerEnumDevices, TSPI_providerGenericDialogData, TSPI_providerInit, TSPI_providerInstall, TSPI_providerShutdown, TSPI_providerUIIdentify, TUISPI_lineConfigDialog, TUISPI_lineConfigDialogEdit, TUISPI_providerInstall
















DAS ist die zweite


Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.24.3 2008.10.24 -
AntiVir 7.9.0.9 2008.10.24 -
Authentium 5.1.0.4 2008.10.24 -
Avast 4.8.1248.0 2008.10.24 -
AVG 8.0.0.161 2008.10.24 -
BitDefender 7.2 2008.10.24 -
CAT-QuickHeal 9.50 2008.10.24 -
ClamAV 0.93.1 2008.10.24 -
DrWeb 4.44.0.09170 2008.10.24 -
eSafe 7.0.17.0 2008.10.23 -
eTrust-Vet 31.6.6167 2008.10.24 -
Ewido 4.0 2008.10.24 -
F-Prot 4.4.4.56 2008.10.24 -
Fortinet 3.113.0.0 2008.10.24 -
GData 19 2008.10.24 -
Ikarus T3.1.1.44.0 2008.10.24 -
K7AntiVirus 7.10.506 2008.10.24 -
Kaspersky 7.0.0.125 2008.10.24 -
McAfee 5414 2008.10.24 -
Microsoft 1.4005 2008.10.24 -
NOD32 3552 2008.10.24 -
Norman 5.80.02 2008.10.23 -
Panda 9.0.0.4 2008.10.24 -
PCTools 4.4.2.0 2008.10.24 -
Prevx1 V2 2008.10.24 -
Rising 21.00.42.00 2008.10.24 -
SecureWeb-Gateway 6.7.6 2008.10.24 -
Sophos 4.34.0 2008.10.24 -
Sunbelt 3.1.1749.1 2008.10.23 -
TheHacker 6.3.1.0.126 2008.10.23 -
TrendMicro 8.700.0.1004 2008.10.24 -
ViRobot 2008.10.24.1436 2008.10.24 -
VirusBuster 4.5.11.0 2008.10.24 -
weitere Informationen
File size: 318976 bytes
MD5...: 206031193f3955ba118c054c03d681e1
SHA1..: d7060a99ce2d10793378b54f48c67abe5c30f59f
SHA256: d0c9835103df318c171c79dc2436ad07b4f5d8f322e7db463b703604debbb48f
SHA512: 8f1f5ece34604922261a45eb9f63e108fc376ba97622f7d7d42fa840f2c7962b
5842fb0a261d1317bd6b28c5d47ea92da4dfcf229f01d9e502f2a1dc0fa45857
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4ad09797
timedatestamp.....: 0x47918bde (Sat Jan 19 05:34:22 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x22340 0x22400 6.62 be85250250f32b72ee44fb7374cb1d65
.data 0x24000 0x1c8ec 0x1ca00 0.17 d10c8a04a14a8cc52ad73d873ab5743f
.rsrc 0x41000 0xcec8 0xd000 5.94 71c9fdd7cc38dc520c0c98455f25ef00
.reloc 0x4e000 0x1ad4 0x1c00 6.68 dee72bfe3939acba7e2250e0186e00db

( 4 imports )
> ADVAPI32.dll: RevertToSelf, SaferRecordEventLogEntry, ImpersonateLoggedOnUser, SaferCloseLevel, SaferComputeTokenFromLevel, SaferIdentifyLevel, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyW, RegDeleteValueW, RegOpenKeyW, RegDeleteKeyW, RegSetValueW, CreateProcessAsUserW, RegSetValueExW, RegCreateKeyExW, LookupAccountSidW, GetSecurityDescriptorOwner, GetFileSecurityW
> KERNEL32.dll: SetFilePointer, lstrcmpW, lstrcmpiW, HeapFree, GetProcessHeap, MultiByteToWideChar, ReadFile, SetThreadLocale, GetProcAddress, GetModuleHandleW, VirtualQuery, HeapAlloc, CloseHandle, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, GetLastError, WideCharToMultiByte, GetFileSize, FlushConsoleInputBuffer, GetCPInfo, GetConsoleOutputCP, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime, GetLocaleInfoW, GetDateFormatW, FileTimeToLocalFileTime, GetTimeFormatW, GetLocalTime, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetEnvironmentVariableW, SetEnvironmentStringsW, SetConsoleMode, GetConsoleMode, GetCommandLineW, GetEnvironmentVariableW, SetErrorMode, SetLastError, ReadProcessMemory, LoadLibraryW, GetConsoleWindow, CreateProcessW, GetStartupInfoW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, GetBinaryTypeW, NeedCurrentDirectoryForExePathW, GetFileAttributesW, GetConsoleTitleW, MoveFileExW, LocalFree, SetConsoleTitleW, MoveFileW, SetFilePointerEx, WriteFile, SearchPathW, GetVolumeInformationW, LeaveCriticalSection, EnterCriticalSection, CancelSynchronousIo, ExpandEnvironmentStringsW, GetModuleFileNameW, GetVersion, GetWindowsDirectoryW, SetConsoleCtrlHandler, InitializeCriticalSection, GetDriveTypeW, GetFileAttributesExW, HeapSetInformation, OpenThread, GetCurrentThreadId, VirtualFree, VirtualAlloc, HeapSize, HeapReAlloc, FlushFileBuffers, DuplicateHandle, FormatMessageW, ScrollConsoleScreenBufferW, SetConsoleTextAttribute, FillConsoleOutputAttribute, CreateDirectoryW, SetFileTime, DeleteFileW, SetEndOfFile, SetFileAttributesW, CopyFileW, GetExitCodeProcess, WaitForSingleObject, TerminateProcess, SetCurrentDirectoryW, GetCurrentDirectoryW, RemoveDirectoryW, CompareFileTime, GetDiskFreeSpaceExW, FindNextStreamW, FindFirstStreamW, DeviceIoControl, ResumeThread, SetProcessAffinityMask, GetSystemInfo, GetThreadLocale, GetVolumePathNameW, CreateSymbolicLinkW, CreateHardLinkW, RaiseException, LoadLibraryA, FreeLibrary, LocalAlloc, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedCompareExchange, Sleep, InterlockedExchange, GetVDMCurrentDirectories, CmdBatNotification
> msvcrt.dll: _wpopen, _wcsupr, setlocale, realloc, towlower, fprintf, _iob, printf, memcpy, wcsrchr, rand, iswalpha, wcstoul, _errno, _local_unwind4, wcsstr, _setjmp3, exit, fflush, srand, time, _wtol, iswxdigit, wcsncmp, _setmode, _pipe, _ultoa, swscanf, _close, _open_osfhandle, _dup, _dup2, qsort, _wcslwr, free, ferror, __getmainargs, _cexit, _exit, _XcptFilter, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler4_common, _terminate@@YAXXZ, _controlfp, feof, _pclose, memmove, wcschr, _tell, iswspace, memset, wcsspn, towupper, longjmp, _wcsnicmp, _wcsicmp, _vsnwprintf, _get_osfhandle, _getch, iswdigit, wcstol, calloc, fgets
> ntdll.dll: RtlDosPathNameToNtPathName_U, NtFsControlFile, RtlFreeHeap, NtQueryInformationProcess, NtSetInformationProcess, RtlNtStatusToDosError, NtQueryInformationToken, NtClose, NtOpenProcessToken, NtOpenThreadToken
Seitenanfang Seitenende
25.10.2008, 16:51
ujek
Member

Themenstarter

Beiträge: 66
#13 Jetzt kann ich kurz ie öffnen und kommt immer meldung das ich Adobe flash player zulassen soll oder nicht.Da ist ne datei FlashUtil10a.exe wenn ich unter deteils gehe
Seitenanfang Seitenende
25.10.2008, 20:00
virenfinder
Member

Beiträge: 3716
#14 den kannst du zulassen
Seitenanfang Seitenende
25.10.2008, 20:29
ujek
Member

Themenstarter

Beiträge: 66
#15 aber das bringt nix er stürtzt dauern an werde ich endlich ne lösung bekommen?????
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12