Rechner bootet öfters neu / Explorer stürzt ab

Black Pencil · 26.03.2009, 09:39

Hallo ich habe ein Problem mit meinem Rechner. Wenn ich längere Zeit nicht am Rechner sitze, dann bootet er sich irgendwann wieder neu. Wenn ich aber längere Zeit daran arbeite macht er es nicht.

Habe spybot durchlaufen lassen, und Probleme behoben.
Habe Spyware Doctor 6.0 durchlaufen lassen (Trojan. Virtumode gefunden und gelöscht (hoffe ich)
TuneUp habe ich auch gemacht, mit Registry Clean.
Kaspersky Internet Security meldet auch nichts auffälliges.

Aber doch bootet sich das System immer wieder bei längerem nichtbenutzen neu.

Und der Explorer hängt sich oft bei avi Datein auf, wenn ich einen Ordner öffne wo sich eine drin befindet.

Hier mal die hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:20, on 26.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programme\Cyberlink\Shared Files\brs.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Opera\opera.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://suche.klicktel.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O2 - BHO: (no name) - {FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL
O3 - Toolbar: &klickTel Toolbar - {FFFF8BAD-BB43-4A08-8258-BFB40A29FBD7} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226910682890
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - h**p://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10508 bytes

Redwulf · 26.03.2009, 10:41

Hallo Black Pencil und

Bitte lade zur Vorabinfo folgende Dateien zu Virustotal.com hoch und lasse sie analysieren, auch wenn dort steht, dass diese bereits analysiert wurden. Poste die Ergebnisse dann hier:

Code:

ATTFilter

C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe

Darüber hinaus fixt du bitte folgende Einträge:

Code:

ATTFilter

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe (file missing)  
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe (file missing)

Deinstalliere den Acrobat reader, er stellt ein Sicherheitsrisiko dar, vollkommen überaltert.

Dann schaun wir mal weiter.........

Black Pencil · 26.03.2009, 11:33

C:\WINDOWS\system32\brsvc01a.exe

a-squared 4.0.0.101 2009.03.26 -
AhnLab-V3 5.0.0.2 2009.03.26 -
AntiVir 7.9.0.126 2009.03.26 -
Antiy-AVL 2.0.3.1 2009.03.26 -
Authentium 5.1.2.4 2009.03.26 -
Avast 4.8.1335.0 2009.03.25 -
AVG 8.5.0.283 2009.03.26 -
BitDefender 7.2 2009.03.26 -
CAT-QuickHeal 10.00 2009.03.26 -
ClamAV 0.94.1 2009.03.26 -
Comodo 1084 2009.03.25 -
DrWeb 4.44.0.09170 2009.03.26 -
eSafe 7.0.17.0 2009.03.25 -
eTrust-Vet 31.6.6418 2009.03.26 -
F-Prot 4.4.4.56 2009.03.26 -
F-Secure 8.0.14470.0 2009.03.26 -
Fortinet 3.117.0.0 2009.03.26 -
GData 19 2009.03.26 -
Ikarus T3.1.1.48.0 2009.03.26 -
K7AntiVirus 7.10.680 2009.03.24 -
Kaspersky 7.0.0.125 2009.03.26 -
McAfee 5564 2009.03.25 -
McAfee+Artemis 5564 2009.03.25 -
McAfee-GW-Edition 6.7.6 2009.03.26 -
Microsoft 1.4502 2009.03.26 -
NOD32 3965 2009.03.26 -
Norman 6.00.06 2009.03.25 -
nProtect 2009.1.8.0 2009.03.26 -
Panda 10.0.0.10 2009.03.25 -
PCTools 4.4.2.0 2009.03.25 -
Prevx1 V2 2009.03.26 -
Rising 21.22.32.00 2009.03.26 -
Sophos 4.39.0 2009.03.26 -
Sunbelt 3.2.1858.2 2009.03.26 -
Symantec 1.4.4.12 2009.03.26 -
TheHacker 6.3.3.7.292 2009.03.26 -
TrendMicro 8.700.0.1004 2009.03.26 -
VBA32 3.12.10.1 2009.03.26 -
ViRobot 2009.3.25.1663 2009.03.25 -
VirusBuster 4.6.5.0 2009.03.25 -
weitere Informationen
File size: 57344 bytes
MD5...: d3facb34fff5db91adb70987838f8ba7
SHA1..: cdd422b717f372e2ee8bc800414da216c2e8b9ac
SHA256: 5892f2070f040d0e80d527be7422f5583548becf36bbda07e1cf246a8b5e60e4
SHA512: 73806c2a2464b5c34ec6d79402a2c032e5ded5ee07e88100b975783887ce500d
01231a41138c5c398e7e907935ae984e5b52ef5d3866fb99c0081ecc3d90ae94
ssdeep: 768:mV/288a9YqT5oj3/h+gOqKB9YPSqOSIafplvSTohl:mVOgYqSB+JDS1TIohl
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x27be
timedatestamp.....: 0x3cb65dc7 (Fri Apr 12 04:08:39 2002)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x794a 0x8000 6.41 5049cbd12d3f7df68fa22e83d59ea54c
.rdata 0x9000 0xf5e 0x1000 5.03 829b3da9ffe3c47b989fc26ce4886417
.data 0xa000 0x4728 0x3000 1.07 23c31e7ae883ea1593d3bdf836bb6cc4
.rsrc 0xf000 0x410 0x1000 1.05 db9738cba2abcbbf8964d121414fa6d0

( 3 imports )
> KERNEL32.dll: CloseHandle, WaitForSingleObject, CreateEventA, SetEvent, GetLastError, GetModuleFileNameA, lstrcmpA, WritePrivateProfileStringA, GetPrivateProfileStringA, CreateThread, SuspendThread, CreateFileA, GetTickCount, GetPrivateProfileIntA, lstrcatA, lstrcpyA, Sleep, WaitForMultipleObjects, CreateProcessA, ResumeThread, WriteFile, SetFilePointer, SetHandleCount, VirtualFree, HeapCreate, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, RtlUnwind, ReadFile, ExitProcess, GetStdHandle, GetFileType, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, LCMapStringW, HeapFree, FlushFileBuffers, HeapAlloc, HeapReAlloc, HeapSize, SetStdHandle, MultiByteToWideChar, GetStringTypeA, GetStringTypeW, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, IsBadWritePtr, GetProcAddress, LoadLibraryA, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, LCMapStringA
> USER32.dll: wsprintfA
> ADVAPI32.dll: SetServiceStatus, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA

( 0 exports )
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=d3facb34fff5db91adb70987838f8ba7' target='_blank'>http://www.threatexpert.com/report.aspx?md5=d3facb34fff5db91adb70987838f8ba7</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=d3facb34fff5db91adb70987838f8ba7' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=d3facb34fff5db91adb70987838f8ba7</a>

Black Pencil · 26.03.2009, 11:36

C:\WINDOWS\system32\brss01a.exe

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.03.26 -
AhnLab-V3 5.0.0.2 2009.03.26 -
AntiVir 7.9.0.126 2009.03.26 -
Antiy-AVL 2.0.3.1 2009.03.26 -
Authentium 5.1.2.4 2009.03.26 -
Avast 4.8.1335.0 2009.03.25 -
AVG 8.5.0.283 2009.03.26 -
BitDefender 7.2 2009.03.26 -
CAT-QuickHeal 10.00 2009.03.26 -
ClamAV 0.94.1 2009.03.26 -
Comodo 1084 2009.03.25 -
DrWeb 4.44.0.09170 2009.03.26 -
eSafe 7.0.17.0 2009.03.25 -
eTrust-Vet 31.6.6418 2009.03.26 -
F-Prot 4.4.4.56 2009.03.26 -
F-Secure 8.0.14470.0 2009.03.26 -
Fortinet 3.117.0.0 2009.03.26 -
GData 19 2009.03.26 -
Ikarus T3.1.1.48.0 2009.03.26 -
K7AntiVirus 7.10.680 2009.03.24 -
Kaspersky 7.0.0.125 2009.03.26 -
McAfee 5564 2009.03.25 -
McAfee+Artemis 5564 2009.03.25 -
McAfee-GW-Edition 6.7.6 2009.03.26 -
Microsoft 1.4502 2009.03.26 -
NOD32 3965 2009.03.26 -
Norman 6.00.06 2009.03.25 -
nProtect 2009.1.8.0 2009.03.26 -
Panda 10.0.0.10 2009.03.25 -
PCTools 4.4.2.0 2009.03.25 -
Prevx1 V2 2009.03.26 -
Rising 21.22.32.00 2009.03.26 -
Sophos 4.39.0 2009.03.26 -
Sunbelt 3.2.1858.2 2009.03.26 -
Symantec 1.4.4.12 2009.03.26 -
TheHacker 6.3.3.7.292 2009.03.26 -
TrendMicro 8.700.0.1004 2009.03.26 -
VBA32 3.12.10.1 2009.03.26 -
ViRobot 2009.3.25.1663 2009.03.25 -
VirusBuster 4.6.5.0 2009.03.25 -
weitere Informationen
File size: 45056 bytes
MD5...: 9e646cd378d4d0c996baf9bcb18237c7
SHA1..: c0b75d7431487911563ef2ccdd7a196e96966664
SHA256: e292813b808c2a843bd211a82db0b11ae8b694351e38f5fcf0a20af5e4b009a6
SHA512: 17a95b0689c8a1dcbe6d22e2efecf7530df9bd280960e72af52cef7e7c4a44d9
a36120c6682d5e0522943d8fcba8856e36c436bd1c22ee6b7a2f4601d2b4d1b8
ssdeep: 768:Yz/m0YC2zNRwO/sUeMUZPp9jj4x3DoTY:YTnkHwOyX5jKoc
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (58.7%)
Win32 Executable MS Visual C++ (generic) (25.8%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.2%)
Win32 Executable MS Visual FoxPro 7 (1.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x227e
timedatestamp.....: 0x3c187f1d (Thu Dec 13 10:12:45 2001)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x48a8 0x5000 6.27 53dd9b60b31e917b84f09997efcef404
.rdata 0x6000 0xcee 0x1000 4.61 dac08f182d172d58bf01cd672b8c79f8
.data 0x7000 0x315c 0x3000 0.96 7e37a2e1042f4daa40fb49c9e391afd6
.rsrc 0xb000 0x708 0x1000 1.63 f9fe1c0a1c4b025f4262beb91104af95

( 4 imports )
> KERNEL32.dll: WritePrivateProfileStringA, GetPrivateProfileStringA, FindFirstChangeNotificationA, lstrcpyA, GetModuleFileNameA, CloseHandle, WriteFile, FindNextChangeNotification, FindCloseChangeNotification, GetProcAddress, LoadLibraryA, FreeLibrary, LocalFree, LocalAlloc, WaitForSingleObject, SetFilePointer, CreateFileA, GetStringTypeW, GetOEMCP, GetACP, RtlUnwind, HeapFree, MultiByteToWideChar, HeapCreate, HeapDestroy, VirtualFree, GetEnvironmentVariableA, GetFileType, GetVersionExA, SetHandleCount, GetEnvironmentStringsW, GetStdHandle, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStrings, GetStringTypeA, GetCPInfo, UnhandledExceptionFilter, GetCurrentProcess, FreeEnvironmentStringsA, lstrcmpA, LCMapStringW, LCMapStringA, HeapReAlloc, VirtualAlloc, HeapAlloc, GetModuleHandleA, GetCommandLineA, GetStartupInfoA, TerminateProcess, ExitProcess, GetVersion
> USER32.dll: TranslateMessage, TranslateAcceleratorA, DispatchMessageA, wsprintfA, EndPaint, DrawTextA, EndDialog, GetMessageA, SendMessageA, PostQuitMessage, SetTimer, DialogBoxParamA, DefWindowProcA, DestroyWindow, UpdateWindow, CreateWindowExA, ShowWindow, LoadStringA, LoadCursorA, RegisterClassExA, LoadAcceleratorsA, FindWindowA, PostMessageA, GetClientRect, BeginPaint
> WINSPOOL.DRV: EnumPrintersA, OpenPrinterA, SetPrinterA, EnumJobsA, SetJobA, ClosePrinter, GetPrintProcessorDirectoryA
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey

( 0 exports )
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=9e646cd378d4d0c996baf9bcb18237c7' target='_blank'>http://www.threatexpert.com/report.aspx?md5=9e646cd378d4d0c996baf9bcb18237c7</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9e646cd378d4d0c996baf9bcb18237c7' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9e646cd378d4d0c996baf9bcb18237c7</a>

Black Pencil · 26.03.2009, 11:37

C:\WINDOWS\system32\LEXBCES.EXE

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.03.26 -
AhnLab-V3 5.0.0.2 2009.03.26 -
AntiVir 7.9.0.126 2009.03.26 -
Antiy-AVL 2.0.3.1 2009.03.26 -
Authentium 5.1.2.4 2009.03.26 -
Avast 4.8.1335.0 2009.03.25 -
AVG 8.5.0.283 2009.03.26 -
BitDefender 7.2 2009.03.26 -
CAT-QuickHeal 10.00 2009.03.26 -
ClamAV 0.94.1 2009.03.26 -
Comodo 1084 2009.03.25 -
DrWeb 4.44.0.09170 2009.03.26 -
eSafe 7.0.17.0 2009.03.25 -
eTrust-Vet 31.6.6418 2009.03.26 -
F-Prot 4.4.4.56 2009.03.26 -
F-Secure 8.0.14470.0 2009.03.26 -
Fortinet 3.117.0.0 2009.03.26 -
GData 19 2009.03.26 -
Ikarus T3.1.1.48.0 2009.03.26 -
K7AntiVirus 7.10.680 2009.03.24 -
Kaspersky 7.0.0.125 2009.03.26 -
McAfee 5564 2009.03.25 -
McAfee+Artemis 5564 2009.03.25 -
McAfee-GW-Edition 6.7.6 2009.03.26 -
Microsoft 1.4502 2009.03.26 -
NOD32 3965 2009.03.26 -
Norman 6.00.06 2009.03.25 -
nProtect 2009.1.8.0 2009.03.26 -
Panda 10.0.0.10 2009.03.25 -
PCTools 4.4.2.0 2009.03.25 -
Prevx1 V2 2009.03.26 -
Rising 21.22.32.00 2009.03.26 -
Sophos 4.39.0 2009.03.26 -
Sunbelt 3.2.1858.2 2009.03.26 -
Symantec 1.4.4.12 2009.03.26 -
TheHacker 6.3.3.7.292 2009.03.26 -
TrendMicro 8.700.0.1004 2009.03.26 -
VBA32 3.12.10.1 2009.03.26 -
ViRobot 2009.3.25.1663 2009.03.25 -
VirusBuster 4.6.5.0 2009.03.25 -
weitere Informationen
File size: 303104 bytes
MD5...: 027d03d9d8ab95194a115a999e960ac0
SHA1..: 2b6dcccc439e0f71125e838a697c35ecfb707401
SHA256: f21daaec63cab4bc9ec101ec8d018bb3c5ddfa70a46cc10a454db7beb2ab878b
SHA512: 51d9631772e29792d2e3b7b2a8b83d39755798b58a19d19ce1bfe4850beb5fd8
1170802b8e131616ee49510aabda705c982a2d84ab65ae57f86f5e656e73c84b
ssdeep: 6144:VKwDDMuOsGFMzkqMhNw0NQ5D8hx/GMt3LDLO70yh3jaSf30Su/PZKDXvSi:
pDOsGZqMw0NQ5D8hd4nNFf/uX
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x31226
timedatestamp.....: 0x3f40e4fb (Mon Aug 18 14:38:51 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x38838 0x39000 6.39 c47a27e3ac6eb401533a1537f09da636
.rdata 0x3a000 0x3836 0x4000 4.90 882107723b68e85a4f9267c1b492de66
.data 0x3e000 0xd470 0xb000 4.78 e2f37f2d487f9ddcd74608bdbcd58e19
.rsrc 0x4c000 0x398 0x1000 0.97 c59247e825635d4c2cb003f87364343d

( 7 imports )
> KERNEL32.dll: SetConsoleCtrlHandler, SetProcessShutdownParameters, GetCurrentProcessId, GetModuleHandleA, GetCurrentThreadId, GetComputerNameA, GetVersionExA, GetProcAddress, FreeLibrary, ReleaseMutex, CreateMutexA, LoadLibraryA, IsBadWritePtr, CreateEventA, IsBadReadPtr, WriteFile, SetFilePointer, CreateFileA, LocalFree, FormatMessageA, CreateThread, TerminateThread, SuspendThread, GetTickCount, ResetEvent, CopyFileA, MoveFileA, DeleteFileA, SetCommTimeouts, GetCommTimeouts, ClearCommError, ReadProcessMemory, OpenProcess, GetCurrentThread, GetSystemDirectoryA, GetWindowsDirectoryA, MoveFileExA, ReleaseSemaphore, WaitForSingleObject, DuplicateHandle, GetCurrentProcess, DeviceIoControl, DefineDosDeviceA, QueryDosDeviceA, ReadFile, CreateNamedPipeA, SetNamedPipeHandleState, RtlUnwind, ResumeThread, TlsSetValue, ExitThread, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, RaiseException, GetTimeZoneInformation, GetSystemTime, GetLocalTime, InterlockedDecrement, InterlockedIncrement, HeapReAlloc, TlsAlloc, TlsGetValue, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, TerminateProcess, CloseHandle, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapSize, SetUnhandledExceptionFilter, MultiByteToWideChar, LCMapStringA, LCMapStringW, IsBadCodePtr, GetCPInfo, GetACP, GetOEMCP, SetStdHandle, FlushFileBuffers, GetStringTypeA, GetStringTypeW, SetEndOfFile, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetModuleFileNameA, Sleep, CreateProcessA, OpenEventA, SetEvent, OpenSemaphoreA, CreateSemaphoreA, GetLastError, GetExitCodeThread, SetLastError, UnhandledExceptionFilter
> USER32.dll: wsprintfA, PostMessageA, RegisterWindowMessageA, PostQuitMessage, DestroyWindow, DefWindowProcA, UnregisterClassA, DispatchMessageA, TranslateMessage, GetMessageA, IsWindow, CreateWindowExA, RegisterClassA, LoadCursorA, MessageBoxA
> ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA, FreeSid, RegSetKeySecurity, StartServiceA, SetSecurityDescriptorOwner, ControlService, InitializeAcl, AddAccessAllowedAce, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, SetServiceStatus, AllocateAndInitializeSid, ImpersonateNamedPipeClient, RevertToSelf, RegCreateKeyA, RegDeleteValueA, RegDeleteKeyA, OpenThreadToken, DuplicateToken, SetThreadToken, RegQueryInfoKeyA, RegEnumValueA, RegEnumKeyExA, QueryServiceConfigA, QueryServiceStatus, OpenSCManagerA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, CloseServiceHandle, OpenServiceA, CreateServiceA, DeleteService, UnlockServiceDatabase, ChangeServiceConfigA, LockServiceDatabase
> WINSPOOL.DRV: GetPrinterDataA, EnumPortsA, ClosePrinter, GetPrinterDriverA, OpenPrinterA, EnumPrintersA, DeleteMonitorA, AddPortA
> MPR.dll: WNetGetConnectionA
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
> RPCRT4.dll: RpcServerRegisterIf, RpcServerListen, RpcServerUseProtseqA, NdrFullPointerXlatInit, NdrPointerUnmarshall, NdrFullPointerXlatFree, NdrConformantStringBufferSize, RpcEpRegisterA, RpcServerInqBindings, NdrConformantArrayMarshall, NdrSimpleStructMarshall, NdrComplexStructBufferSize, NdrComplexStructMarshall, NdrClientInitializeNew, I_RpcGetCurrentCallHandle, NdrGetBuffer, NdrSendReceive, NdrFreeBuffer, NdrServerInitializeNew, NdrConvert, RpcRaiseException, I_RpcGetBuffer, NdrConformantArrayUnmarshall, NdrAllocate, NdrSimpleStructUnmarshall, NdrConformantStringUnmarshall, NdrComplexStructUnmarshall, NdrPointerFree, RpcBindingVectorFree, RpcRevertToSelf, RpcImpersonateClient, NdrConformantArrayBufferSize, NdrConformantStringMarshall, RpcServerUnregisterIf, RpcEpUnregister, RpcMgmtWaitServerListen, RpcMgmtStopServerListening

( 0 exports )
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=027d03d9d8ab95194a115a999e960ac0' target='_blank'>http://www.threatexpert.com/report.aspx?md5=027d03d9d8ab95194a115a999e960ac0</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=027d03d9d8ab95194a115a999e960ac0' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=027d03d9d8ab95194a115a999e960ac0</a>

Black Pencil · 26.03.2009, 11:40

C:\WINDOWS\system32\LEXPPS.EXE

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.03.26 -
AhnLab-V3 5.0.0.2 2009.03.26 -
AntiVir 7.9.0.126 2009.03.26 -
Antiy-AVL 2.0.3.1 2009.03.26 -
Authentium 5.1.2.4 2009.03.26 -
Avast 4.8.1335.0 2009.03.25 -
AVG 8.5.0.283 2009.03.26 -
BitDefender 7.2 2009.03.26 -
CAT-QuickHeal 10.00 2009.03.26 -
ClamAV 0.94.1 2009.03.26 -
Comodo 1084 2009.03.25 -
DrWeb 4.44.0.09170 2009.03.26 -
eSafe 7.0.17.0 2009.03.25 -
eTrust-Vet 31.6.6418 2009.03.26 -
F-Prot 4.4.4.56 2009.03.26 -
F-Secure 8.0.14470.0 2009.03.26 -
Fortinet 3.117.0.0 2009.03.26 -
GData 19 2009.03.26 -
Ikarus T3.1.1.48.0 2009.03.26 -
K7AntiVirus 7.10.680 2009.03.24 -
Kaspersky 7.0.0.125 2009.03.26 -
McAfee 5564 2009.03.25 -
McAfee+Artemis 5564 2009.03.25 -
McAfee-GW-Edition 6.7.6 2009.03.26 Win32.LooksLike.Virut
Microsoft 1.4502 2009.03.26 -
NOD32 3965 2009.03.26 -
Norman 6.00.06 2009.03.25 -
nProtect 2009.1.8.0 2009.03.26 -
Panda 10.0.0.10 2009.03.25 -
PCTools 4.4.2.0 2009.03.25 -
Prevx1 V2 2009.03.26 -
Rising 21.22.32.00 2009.03.26 -
Sophos 4.39.0 2009.03.26 -
Sunbelt 3.2.1858.2 2009.03.26 -
Symantec 1.4.4.12 2009.03.26 -
TheHacker 6.3.3.7.292 2009.03.26 -
TrendMicro 8.700.0.1004 2009.03.26 -
VBA32 3.12.10.1 2009.03.26 -
ViRobot 2009.3.25.1663 2009.03.25 -
VirusBuster 4.6.5.0 2009.03.25 -
weitere Informationen
File size: 174592 bytes
MD5...: 8d836e60877ed79c409712b9be2dfc3b
SHA1..: 3c6d6f74a92df6f766cbbff0b771e9d29f416d2e
SHA256: 8146077f07cab3f04025e4f79515b050121b71567f0593428be120e524007674
SHA512: 788f98a8ee6d58f9bcba0aff71f7d56f5ff6de0bd3212687d128fe84c2bddb77
fafd14e14c198a289a2a8111b64b1d58eed519e03f842f67db0dbaf85c7830ac
ssdeep: 3072:gb0nYOUs/yAm5Y0WhNHN+FhDWPVpyI47arsjZY6EF/UqCDg+I+IOWU/GfTy
B:gkYK/yEprt+FhWPGSsjlINTg
PEiD..: InstallShield 2000
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xab70
timedatestamp.....: 0x3f40e3fd (Mon Aug 18 14:34:37 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1d94e 0x1da00 6.52 f9a7edf4edf3ed55617d949aa3a3ea87
.rdata 0x1f000 0x6dbe 0x6e00 4.76 5f8e72d40c75e250bc2660214cf0f6cc
.data 0x26000 0x91a4 0x5a00 3.70 3b8faf7e80409f46585d5fb460b0b1a1
.rsrc 0x30000 0x400 0x400 3.36 a26c2dc5995402a095e55ac78b90ef9b

( 8 imports )
> COMCTL32.dll: -, ImageList_Destroy
> KERNEL32.dll: GlobalAddAtomA, RtlUnwind, GetLocalTime, GetFileType, HeapFree, ExitProcess, RaiseException, TerminateProcess, CreateThread, HeapAlloc, GetModuleHandleA, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, GetStartupInfoA, HeapDestroy, ExitThread, VirtualAlloc, SetStdHandle, SetHandleCount, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, HeapSize, GlobalHandle, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, GetLocaleInfoA, GetLocaleInfoW, VirtualFree, GetVersionExA, GetWindowsDirectoryA, LoadLibraryA, GetProcAddress, FreeLibrary, GetCommandLineA, OpenEventA, OpenFile, CreateFileA, SetFilePointer, WriteFile, _lclose, CloseHandle, CreateMutexA, CreateEventA, WaitForSingleObject, ReleaseMutex, SetEvent, WaitForMultipleObjects, GetVolumeInformationA, GetFullPathNameA, DeleteFileA, FindFirstFileA, FindClose, SetEndOfFile, ReadFile, FlushFileBuffers, GetProcessVersion, GetCurrentProcess, WritePrivateProfileStringA, MulDiv, GlobalFlags, GetModuleFileNameA, SetLastError, lstrcpynA, TlsGetValue, lstrcpyA, SetErrorMode, EnterCriticalSection, LocalReAlloc, TlsSetValue, TlsFree, GlobalReAlloc, LeaveCriticalSection, GetEnvironmentStringsW, GlobalUnlock, GlobalFree, GetLastError, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, GetVersion, lstrcatA, GlobalGetAtomNameA, SuspendThread, SetThreadPriority, ResumeThread, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, lstrcmpA, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, GetComputerNameA, GetSystemDirectoryA, LCMapStringA, LCMapStringW, HeapCreate
> USER32.dll: CharUpperA, EndDialog, DestroyMenu, FindWindowA, InvalidateRect, GetSysColorBrush, WindowFromPoint, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, ReleaseCapture, LoadMenuA, SetMenu, ReuseDDElParam, UnpackDDElParam, IsIconic, BringWindowToTop, LoadStringA, UnregisterClassA, LoadIconA, UpdateWindow, SystemParametersInfoA, MapWindowPoints, GetSysColor, SetActiveWindow, IsWindow, SetFocus, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetClientRect, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, ScreenToClient, ScrollWindow, SetScrollInfo, ShowScrollBar, SetScrollRange, GetScrollPos, SetScrollPos, GetTopWindow, IsWindowEnabled, IsChild, GetCapture, WinHelpA, GetClassInfoA, GetMenuItemCount, ShowWindow, LoadCursorA, GetWindowTextA, GetDlgCtrlID, DestroyWindow, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetWindow, GetWindowRect, GetWindowLongA, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetParent, GetNextDlgTabItem, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, MessageBoxA, EnableWindow, SetCursor, ShowOwnedPopups, PostMessageA, PostQuitMessage, DefWindowProcA, RegisterClassA, CreateWindowExA, GetMessageA, TranslateMessage, DispatchMessageA, MessageBoxExA, SendMessageA, wsprintfA, GetSystemMetrics, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, ReleaseDC, GetDC, GetDesktopWindow, SetWindowTextA, ClientToScreen, PtInRect, GetClassNameA, GetSubMenu, GetMenuItemID, GetDlgItem, GetMenu
> GDI32.dll: DeleteObject, SaveDC, RestoreDC, SelectObject, GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, GetObjectA, GetDeviceCaps, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA, SetBkColor, SetTextColor, DeleteDC, CreateBitmap
> WINSPOOL.DRV: ClosePrinter, OpenPrinterA, DocumentPropertiesA, EnumPrintersA
> ADVAPI32.dll: RegOpenKeyExA, RegDeleteValueA, RegCreateKeyExA, AllocateAndInitializeSid, InitializeSecurityDescriptor, InitializeAcl, AddAccessAllowedAce, RegCloseKey, RegSetValueExA, RegQueryValueExA, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, RegOpenKeyA, FreeSid, RegSetKeySecurity
> SHELL32.dll: DragFinish, DragQueryFileA
> RPCRT4.dll: I_RpcGetBuffer, NdrConformantArrayUnmarshall, RpcRaiseException, RpcMgmtStopServerListening, RpcServerUseProtseqA, RpcServerRegisterIf, RpcServerInqBindings, RpcServerUnregisterIf, RpcEpRegisterA, RpcBindingVectorFree, RpcServerListen, RpcEpUnregister, NdrClientInitializeNew, NdrConformantArrayBufferSize, NdrGetBuffer, NdrConformantArrayMarshall, NdrSendReceive, NdrConvert, NdrFreeBuffer, NdrServerInitializeNew, I_RpcGetCurrentCallHandle, RpcBindingFromStringBindingA, RpcStringBindingComposeA, RpcBindingFree, RpcStringFreeA

( 0 exports )
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=8d836e60877ed79c409712b9be2dfc3b' target='_blank'>http://www.threatexpert.com/report.aspx?md5=8d836e60877ed79c409712b9be2dfc3b</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=8d836e60877ed79c409712b9be2dfc3b' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=8d836e60877ed79c409712b9be2dfc3b</a>

Black Pencil · 26.03.2009, 11:41

C:\WINDOWS\System32\alg.exe

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.03.26 -
AhnLab-V3 5.0.0.2 2009.03.26 -
AntiVir 7.9.0.126 2009.03.26 -
Antiy-AVL 2.0.3.1 2009.03.26 -
Authentium 5.1.2.4 2009.03.26 -
Avast 4.8.1335.0 2009.03.25 -
AVG 8.5.0.283 2009.03.26 -
BitDefender 7.2 2009.03.26 -
CAT-QuickHeal 10.00 2009.03.26 -
ClamAV 0.94.1 2009.03.26 -
Comodo 1084 2009.03.25 -
DrWeb 4.44.0.09170 2009.03.26 -
eSafe 7.0.17.0 2009.03.25 -
eTrust-Vet 31.6.6418 2009.03.26 -
F-Prot 4.4.4.56 2009.03.26 -
F-Secure 8.0.14470.0 2009.03.26 -
Fortinet 3.117.0.0 2009.03.26 -
GData 19 2009.03.26 -
Ikarus T3.1.1.48.0 2009.03.26 -
K7AntiVirus 7.10.680 2009.03.24 -
Kaspersky 7.0.0.125 2009.03.26 -
McAfee 5564 2009.03.25 -
McAfee+Artemis 5564 2009.03.25 -
McAfee-GW-Edition 6.7.6 2009.03.26 -
Microsoft 1.4502 2009.03.26 -
NOD32 3965 2009.03.26 -
Norman 6.00.06 2009.03.25 -
nProtect 2009.1.8.0 2009.03.26 -
Panda 10.0.0.10 2009.03.25 -
PCTools 4.4.2.0 2009.03.25 -
Prevx1 V2 2009.03.26 -
Rising 21.22.32.00 2009.03.26 -
Sophos 4.39.0 2009.03.26 -
Sunbelt 3.2.1858.2 2009.03.26 -
Symantec 1.4.4.12 2009.03.26 -
TheHacker 6.3.3.7.292 2009.03.26 -
TrendMicro 8.700.0.1004 2009.03.26 -
VBA32 3.12.10.1 2009.03.26 -
ViRobot 2009.3.25.1663 2009.03.25 -
VirusBuster 4.6.5.0 2009.03.25 -
weitere Informationen
File size: 44544 bytes
MD5...: 190cd73d4984f94d823f9444980513e5
SHA1..: 209ba123a75b60672c2023c9569e2d8d58cbb6e7
SHA256: 93a32c2495cca094f768ba707c74da5c00b8a88a9236dd1a297439a7c2e6c6fa
SHA512: c5933c25470ca4186f1fde804db3e9efc1eb63fa3b088f8bd4e6dae91cd125e8
c42b896c5b4b0dd160cf0118f1e9a6b9dbc9cbb1649c855b9c0fd7dec7304836
ssdeep: 384:FkiZ/SSVh5K+Xv9dFJ9Z7/wz5vX2PBw+VbeQ/locuhlbe1rzqZbN3e3CnyOS
QKIS:Fk9shvXDMFvm59eQ/hAsr2Zbzf2AvH3
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5bc6
timedatestamp.....: 0x480256a1 (Sun Apr 13 18:53:21 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8806 0x8a00 6.13 439cc596464bb53ac9795e5f489cbca0
.data 0xa000 0x320 0x200 2.85 ca52308e532d327e469e1a9721bd1bbc
.rsrc 0xb000 0x1c08 0x1e00 5.27 ea4f92a4fdb897f7196fcc6656f243ab

( 8 imports )
> msvcrt.dll: _adjust_fdiv, __p__commode, __p__fmode, memmove, _wcsicmp, __setusermatherr, _initterm, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _purecall, __CxxFrameHandler, __2@YAPAXI@Z, __set_app_type, _except_handler3, __dllonexit, _onexit, _controlfp, isdigit, __3@YAXPAX@Z
> ATL.DLL: -, -, -, -, -, -
> ADVAPI32.dll: RegOpenKeyExW, RegEnumKeyExW, RegQueryValueExW, StartServiceCtrlDispatcherW, RegNotifyChangeKeyValue, RegisterServiceCtrlHandlerW, SetServiceStatus, RegCloseKey, SystemFunction036
> KERNEL32.dll: GetStartupInfoW, GetModuleHandleA, CreateThread, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, CreateTimerQueueTimer, ReadFile, GetCurrentProcessId, WriteFile, BindIoCompletionCallback, UnregisterWait, RegisterWaitForSingleObject, HeapAlloc, DeleteTimerQueueTimer, GetProcessHeap, HeapFree, DuplicateHandle, GetCurrentProcess, QueryPerformanceCounter, GetTickCount, SetUnhandledExceptionFilter, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, GetLastError, CreateTimerQueue, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, DeleteTimerQueueEx, CloseHandle, Sleep, WaitForMultipleObjects, CreateEventW, WaitForSingleObject, SetEvent, GetCurrentThreadId
> ole32.dll: CoCreateInstance, CoTaskMemFree, CoTaskMemAlloc, CoUninitialize, CoInitializeEx, CLSIDFromString
> OLEAUT32.dll: -, -
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> WS2_32.dll: WSAEnumNetworkEvents, WSAConnect, WSAEventSelect, WSASocketW

( 0 exports )
RDS...: NSRL Reference Data Set
-
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=190cd73d4984f94d823f9444980513e5' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=190cd73d4984f94d823f9444980513e5</a>

Black Pencil · 26.03.2009, 11:50

Was den neustart des systems angeht, so ist mein Problem fast genau so wie hier: http://www.trojaner-board.de/71334-u...bstaenden.html

Soll ich das auch so machen wie er ?

Redwulf · 26.03.2009, 12:07

Ih denke mal ja

Dann kann ich mirs sparen alles nochmal zu schreiben...Auf gehts.... und die entsprechenden Logfiles posten.....

Black Pencil · 26.03.2009, 13:50

CCleaner hat Fehler behoben.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:32, on 26.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programme\Cyberlink\Shared Files\brs.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Opera\opera.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://suche.klicktel.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL
O3 - Toolbar: &klickTel Toolbar - {FFFF8BAD-BB43-4A08-8258-BFB40A29FBD7} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226910682890
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10376 bytes

"Faces of War" (Nur entfernen)
7-Zip 4.61 beta
ABBYY FineReader 5.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
ArtMoney SE v7.29
Assassin's Creed
Avant Browser (remove only)
Biet-O-Matic v2.8.0
Billard Kings
Brother HL-1430
CCleaner (remove only)
Chicken Invaders 3
Conflict Denied Ops
CyberLink PowerDVD 8
DAEMON Tools Toolbar
Data Lifeguard Tools
DaViDeo 3
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Emperor's Mahjong for PocketPC
Far Cry 2
FlashGet 1.9.6.1073
GameShadow
GameWiz32
Gears of War
Google Earth Pro
Handheld Synchronizer
Handmark MONOPOLY for Pocket PC
HdR Die Rückkehr des Königs tm
Hexacto ScoreCast
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix für Windows XP (KB952287)
Indeo® software
IrfanView (remove only)
IsoBuster 1.6
JAP
Java 2 Runtime Environment Standard Edition 1.3.1_18
Java(TM) 6 Update 11
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Kane and Lynch: Dead Men
Kaspersky Internet Security 2009
Kaspersky Internet Security 2009
Kaspersky Online Scanner
klickTel OEM 2008
klickTel Toolbar
K-Lite Codec Pack 2.27 Full
Leaderboard Golf 1.4
LeechFTP
Lexmark X1100 Series
MahJong Suite 2008 v5.3
Mahjong Towers Eternity
Malwarebytes' Anti-Malware
MegaTrainer eXperience V1.0.0.2
MegaTrainer XL V1.5.1.9
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Entertainment PocketPak (Remove Only)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games Pocket Pak for Pocket PC
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Reader für Pocket PC
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Moorhuhn Piraten
Moorhuhn Winter-Edition
Native Instruments Traktor DJ Studio 3
Need For Speed Underground 2 (remove only)
Need for Speed™ Carbon
Need for Speed™ Undercover
Nero 6 Ultra Edition
Norton PartitionMagic 8.0
NVIDIA Drivers
NVIDIA PhysX v8.09.04
OpenAL
Opera 9.50
PDC World Championship Darts 2008
Picasa 3
Polar Golfer from WildGames (remove only)
QuickTime
Rappelz
Realtek High Definition Audio Driver
Reaxxion (remove only)
Remote Professional
Replay Media Catcher 3.01
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Spyware Doctor 6.0
System Requirements Lab
TeamViewer 4
The Da Vinci Code
Tiger Woods PGA TOUR 08
Tomb Raider: Underworld 1.0
Total Commander (Remove or Repair)
Trillian
TuneUp Utilities 2008
Turbo Lister 2
Tweak UI
Update für Windows XP (KB898461)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update Service
VC80CRTRedist - 8.0.50727.762
VideoGet
VLC media player 0.9.6
WD Diagnostics
Winamp
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinHTTrack Website Copier 3.42-2
WinRAR Archivierer

Black Pencil · 26.03.2009, 18:27

Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1900
Windows 5.1.2600 Service Pack 3

26.03.2009 18:24:11
mbam-log-2009-03-26 (18-24-11).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 241928
Laufzeit: 51 minute(s), 4 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\***\***\Tiger Woods\Crack, Patch, Serial\keygen.exe (Trojan.Downloader) -> Not selected for removal.(Diesen habe ich nicht entfernt)
C:\System Volume Information\_restore{8CC6E0F0-9787-445F-A2B2-F87B77DA20B4}\RP158\A0050754.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Redwulf · 27.03.2009, 11:19

Warum nicht?

Nicht nur das du dir illegale Software besorgst...du schädigst auch noch nachhaltig dein System

Das ist vermutlich das Übel von Allem....

Black Pencil · 28.03.2009, 00:30

So habe das Ding auch noch entfernt, obwohl er erst später hinzukam.
Der Rechner macht auch schon seit langer Zeit keinen Neustart mehr, aber das Problem mit Windows Explorer, der immer abstürzt besteht immer noch.

Aber trozdem schon mal danke für den ersten Teil.

bp

Redwulf · 28.03.2009, 13:30

Poste mir bitte nochmal ein frische Hijack this, nachdem du CCleaner hast laufen lassen

Black Pencil · 30.03.2009, 08:24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:22:09, on 30.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programme\Cyberlink\Shared Files\brs.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://suche.klicktel.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL
O3 - Toolbar: &klickTel Toolbar - {FFFF8BAD-BB43-4A08-8258-BFB40A29FBD7} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ccleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226910682890
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10565 bytes

"Faces of War" (Nur entfernen)
7-Zip 4.61 beta
ABBYY FineReader 5.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
ArtMoney SE v7.29
Assassin's Creed
Avant Browser (remove only)
Biet-O-Matic v2.8.0
Billard Kings
Brother HL-1430
CCleaner (remove only)
Chicken Invaders 3
Conflict Denied Ops
CyberLink PowerDVD 8
DAEMON Tools Toolbar
Data Lifeguard Tools
DaViDeo 3
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Emperor's Mahjong for PocketPC
Far Cry 2
FlashGet 1.9.6.1073
GameShadow
GameWiz32
Gears of War
Google Earth Pro
Handheld Synchronizer
Handmark MONOPOLY for Pocket PC
HdR Die Rückkehr des Königs tm
Hexacto ScoreCast
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix für Windows XP (KB952287)
Indeo® software
IrfanView (remove only)
IsoBuster 1.6
JAP
Java 2 Runtime Environment Standard Edition 1.3.1_18
Java(TM) 6 Update 11
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Kane and Lynch: Dead Men
Kaspersky Internet Security 2009
Kaspersky Internet Security 2009
Kaspersky Online Scanner
klickTel OEM 2008
klickTel Toolbar
K-Lite Codec Pack 2.27 Full
Leaderboard Golf 1.4
LeechFTP
Lexmark X1100 Series
MahJong Suite 2008 v5.3
Mahjong Towers Eternity
Malwarebytes' Anti-Malware
MegaTrainer eXperience V1.0.0.2
MegaTrainer XL V1.5.1.9
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Entertainment PocketPak (Remove Only)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games Pocket Pak for Pocket PC
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Reader für Pocket PC
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Moorhuhn Piraten
Moorhuhn Winter-Edition
Native Instruments Traktor DJ Studio 3
Need For Speed Underground 2 (remove only)
Need for Speed™ Carbon
Need for Speed™ Undercover
Nero 6 Ultra Edition
Norton PartitionMagic 8.0
NVIDIA Drivers
NVIDIA PhysX v8.09.04
OpenAL
Opera 9.50
PDC World Championship Darts 2008
Picasa 3
Polar Golfer from WildGames (remove only)
QuickTime
Rappelz
Realtek High Definition Audio Driver
Reaxxion (remove only)
Remote Professional
Replay Media Catcher 3.01
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
SiSoftware Sandra Professional Business XII.SP1
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Spyware Doctor 6.0
System Requirements Lab
TeamViewer 4
The Da Vinci Code
Tiger Woods PGA TOUR 08
Tomb Raider: Underworld 1.0
Total Commander (Remove or Repair)
Trillian
TuneUp Utilities 2008
Turbo Lister 2
Tweak UI
Update für Windows XP (KB898461)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update Service
VC80CRTRedist - 8.0.50727.762
VideoGet
VLC media player 0.9.6
WD Diagnostics
Winamp
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinHTTrack Website Copier 3.42-2
WinRAR Archivierer

Rechner bootet öfters neu / Explorer stürzt ab

Plagegeister aller Art und deren Bekämpfung: Rechner bootet öfters neu / Explorer stürzt ab