| |  sshnas21.dll gefunden
 Hallo bin schon seit ein paar Tagen im Internet auf der Suche nach Lösungstipps, aber da meist der Einzelfall nicht übertragbar ist hab ich mich registriert. 
Wie der Fredname schon verrät hab ich das Problem mit einem Trojaner in der Datei sshnas21.dll CCleaner hab ich paar mal gemacht und nun keine meldung mehr. Malwarebytes hab ich auch durch geführt, hier die Log dazu: PHP-Code: Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3725
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
11.02.2010 18:40:17
mbam-log-2010-02-11 (18-40-17).txt
Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 201491
Laufzeit: 50 minute(s), 37 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
E:\dl\PhotoshopCS4\Crack\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
RSIT hat das ausgespuckt: PHP-Code: info.txt logfile of random's system information tool 1.06 2010-02-11 18:54:16
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Cisco Systems VPN Client 5.0.03.0560-->MsiExec.exe /X{A7091E1D-36A4-47F1-A739-173CC341414F}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ffdshow [rev 1723] [2007-12-24]-->"C:\Programme\ffdshow\unins000.exe"
Gravity-->"E:\Programme\Gravity\unins000.exe"
Hardlock Gerätetreiber-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\HLDRV.LOG
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
JDownloader-->C:\Programme\JDownloader\uninstall.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.7)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
NAVIGON Fresh 2.0.2-->C:\Programme\NAVIGON\NAVIGON Fresh\uninst.exe
No One Lives Forever 2 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\Fox\No One Lives Forever 2\Setup.exe" -l0x7
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
SecureW2 EAP Suite 1.1.2 for Windows-->C:\Programme\SecureW2\Uninstall.exe
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Sketch-->"C:\Programme\AKVIS\Sketch\Uninstall\Uninstall.exe" "C:\Programme\AKVIS\Sketch\Uninstall\install.log" -u
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SPORE™-->"C:\Programme\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0007 -removeonly
SpyHunter-->"C:\Programme\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Programme\Enigma Software Group\SpyHunter\install.log" -u
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
System Control Manager-->C:\Programme\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe -runfromtemp -l0x0009 -removeonly
System Requirements Lab for Intel-->MsiExec.exe /I{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}
TeamViewer 5-->C:\Programme\TeamViewer\Version5\uninstall.exe
Tony Hawk's Pro Skater 2-->E:\PROGRA~1\ACTIVI~1\THPS2\UNINST~1\UNINST~1.EXE E:\Programme\Activision\THPS2\uninstall\Tony Hawks Pro Skater 2.log
TVersity Codec Pack 1.2-->C:\Programme\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.7.3 Beta-->C:\Programme\TVersity\TV\Media Server\uninst.exe
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update für Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
USB 2.0 Card Reader-->C:\Programme\InstallShield Installation Information\{D10CB652-9332-4242-B7A9-2D61570144F7}\setup.exe -runfromtemp -l0x0009 -removeonly
Veetle TV 0.9.15-->C:\Programme\Veetle\UninstallVeetleTV.exe
VLC media player 1.0.3-->C:\Programme\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net (05/19/2008 1.01.03.0000)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\rt2860_182C209AFE287E941D2F1DE5B71B3589853F453B\rt2860.inf
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archivierer-->C:\Programme\WinRAR 3.61 Multi\Uninstall.exe
Zattoo 3.3.4 Beta-->C:\Programme\Zattoo\uninst.exe
======Hosts File======
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: LEMMS-NETBOOK
Event Code: 10010
Message: Der Server "{781B925F-0BF8-4C7B-A2A8-A8B11B488A07}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Record Number: 2223
Source Name: DCOM
Time Written: 20091225081753.000000+060
Event Type: Fehler
User: LEMMS-NETBOOK\Lemms
Computer Name: LEMMS-NETBOOK
Event Code: 10010
Message: Der Server "{781B925F-0BF8-4C7B-A2A8-A8B11B488A07}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Record Number: 2222
Source Name: DCOM
Time Written: 20091225081723.000000+060
Event Type: Fehler
User: LEMMS-NETBOOK\Lemms
Computer Name: LEMMS-NETBOOK
Event Code: 10010
Message: Der Server "{781B925F-0BF8-4C7B-A2A8-A8B11B488A07}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Record Number: 2221
Source Name: DCOM
Time Written: 20091225081653.000000+060
Event Type: Fehler
User: LEMMS-NETBOOK\Lemms
Computer Name: LEMMS-NETBOOK
Event Code: 10010
Message: Der Server "{781B925F-0BF8-4C7B-A2A8-A8B11B488A07}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Record Number: 2220
Source Name: DCOM
Time Written: 20091225081623.000000+060
Event Type: Fehler
User: LEMMS-NETBOOK\Lemms
Computer Name: LEMMS-NETBOOK
Event Code: 10010
Message: Der Server "{781B925F-0BF8-4C7B-A2A8-A8B11B488A07}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Record Number: 2219
Source Name: DCOM
Time Written: 20091225081553.000000+060
Event Type: Fehler
User: LEMMS-NETBOOK\Lemms
=====Application event log=====
Computer Name: LEMMS-NETBOOK
Event Code: 0
Message:
Record Number: 257
Source Name: TOSHIBA Bluetooth Service
Time Written: 20091225091125.000000+060
Event Type: Informationen
User:
Computer Name: LEMMS-NETBOOK
Event Code: 4097
Message: Die Anwendung "E:\Programme\Adobe\Adobe Photoshop CS4\Photoshop.exe" hat einen Programmfehler verursacht.
Datum und Zeit des Fehlers: 20.12.2009 um 16:53:01.109
Ausnahme: c0000005 an Adresse 65637275 (<nosymbols>)
Record Number: 256
Source Name: DrWatson
Time Written: 20091220165301.000000+060
Event Type: Informationen
User:
Computer Name: LEMMS-NETBOOK
Event Code: 1000
Message: Fehlgeschlagene Anwendung photoshop.exe, Version 11.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x65637275.
Record Number: 255
Source Name: Application Error
Time Written: 20091220165254.000000+060
Event Type: Fehler
User:
Computer Name: LEMMS-NETBOOK
Event Code: 4097
Message: Die Anwendung "E:\Programme\Adobe\Adobe Photoshop CS4\Photoshop.exe" hat einen Programmfehler verursacht.
Datum und Zeit des Fehlers: 20.12.2009 um 16:48:29.906
Ausnahme: c0000005 an Adresse 65637275 (<nosymbols>)
Record Number: 254
Source Name: DrWatson
Time Written: 20091220164830.000000+060
Event Type: Informationen
User:
Computer Name: LEMMS-NETBOOK
Event Code: 1000
Message: Fehlgeschlagene Anwendung photoshop.exe, Version 11.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x65637275.
Record Number: 253
Source Name: Application Error
Time Written: 20091220164808.000000+060
Event Type: Fehler
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
PHP-Code: Logfile of random's system information tool 1.06 (written by random/random)
Run by Lemms at 2010-02-11 18:54:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (41%) free of 41 GB
Total RAM: 2037 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:13, on 11.02.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\System Control Manager\MGSysCtrl.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Dokumente und Einstellungen\Lemms\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Lemms.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Programme\System Control Manager\MSIService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5063 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-08 16862208]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"MGSysCtrl"=C:\Programme\System Control Manager\MGSysCtrl.exe [2008-07-29 684032]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"ITSecMng"=C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [2009-12-07 2356088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5JMWNZTHI]
C:\DOKUME~1\Lemms\LOKALE~1\Temp\Lql.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2008-02-22 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk]
C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-12-08 6144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Programme\TVersity\Media Server\MediaServer.exe"="C:\Programme\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Programme\TVersity\TV\Media Server\MediaServer.exe"="C:\Programme\TVersity\TV\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Programme\TeamViewer\Version5\TeamViewer.exe"="C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95a219bc-e419-11de-afa2-002185f0b0ed}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a637e8f8-08e1-11df-afb7-002185f0b0ed}]
shell\AutoRun\command - H:\wubi.exe --cdmenu
======List of files/folders created in the last 1 months======
2010-02-11 18:54:10 ----D---- C:\rsit
2010-02-11 17:47:03 ----D---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\Malwarebytes
2010-02-11 17:46:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-02-11 17:46:53 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-02-11 17:30:19 ----D---- C:\Programme\CCleaner
2010-02-11 14:37:59 ----D---- C:\Programme\Rockstar Games
2010-02-09 18:55:37 ----D---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\SPORE
2010-02-09 17:19:05 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-02-09 17:12:31 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll
2010-02-09 17:04:52 ----D---- C:\Programme\SystemRequirementsLab
2010-02-09 10:57:01 ----D---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\TeamViewer
2010-02-09 10:56:46 ----D---- C:\Programme\TeamViewer
2010-02-09 10:48:56 ----D---- C:\WINDOWS\pss
2010-02-09 10:05:55 ----D---- C:\Programme\Enigma Software Group
2010-02-09 09:15:25 ----D---- C:\Programme\Trend Micro
2010-02-08 18:16:38 ----RHD---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\SecuROM
2010-02-08 18:16:37 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-02-08 14:11:50 ----D---- C:\Programme\Electronic Arts
2010-02-08 13:19:32 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-02-08 13:04:30 ----D---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\DAEMON Tools Pro
2010-02-08 13:02:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
2010-02-08 13:01:32 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-02-08 13:00:14 ----D---- C:\Programme\DAEMON Tools Pro
2010-01-30 12:08:21 ----D---- C:\Programme\NAVIGON
2010-01-26 15:51:17 ----D---- C:\Programme\Zattoo
2010-01-26 14:44:43 ----A---- C:\WINDOWS\system32\hlvdd.dll
2010-01-26 14:44:20 ----A---- C:\WINDOWS\system32\hlduinst.exe
2010-01-26 14:44:20 ----A---- C:\WINDOWS\system32\hdinst_windows.dll
2010-01-26 14:44:20 ----A---- C:\WINDOWS\system32\haspds_windows.dll
2010-01-26 14:44:20 ----A---- C:\WINDOWS\system32\hasp_inst_help1.dll
2010-01-26 14:44:19 ----A---- C:\WINDOWS\system32\UNWISE.INI
2010-01-26 14:44:19 ----A---- C:\WINDOWS\system32\UNWISE.EXE
2010-01-26 14:44:19 ----A---- C:\WINDOWS\system32\hinstd.dll
2010-01-26 14:26:20 ----D---- C:\Tecar Forum
2010-01-24 11:56:13 ----D---- C:\Programme\Fox
2010-01-23 08:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-16 12:26:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-01-16 12:26:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-01-16 12:26:08 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2010-01-16 12:26:07 ----D---- C:\Programme\ffdshow
2010-01-16 12:25:10 ----D---- C:\Programme\TVersity Codec Pack
2010-01-16 12:21:50 ----D---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\Media Player Classic
2010-01-16 09:53:32 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-01-16 09:53:32 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-01-16 09:51:42 ----D---- C:\Programme\TVersity
2010-01-15 09:52:22 ----D---- C:\Programme\MSECache
2010-01-14 08:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 08:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-11 18:46:23 ----D---- C:\Programme\Mozilla Firefox
2010-02-11 18:42:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-11 18:42:52 ----D---- C:\WINDOWS
2010-02-11 18:42:39 ----D---- C:\WINDOWS\Temp
2010-02-11 18:42:15 ----D---- C:\WINDOWS\system32
2010-02-11 18:42:14 ----D---- C:\WINDOWS\system32\drivers
2010-02-11 18:41:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-11 18:41:21 ----D---- C:\WINDOWS\Cursors
2010-02-11 18:40:17 ----SD---- C:\WINDOWS\Tasks
2010-02-11 17:46:53 ----RD---- C:\Programme
2010-02-11 17:46:52 ----D---- C:\WINDOWS\Prefetch
2010-02-11 17:39:27 ----D---- C:\WINDOWS\Debug
2010-02-11 14:01:02 ----D---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\ICQ
2010-02-11 12:26:38 ----HD---- C:\Programme\InstallShield Installation Information
2010-02-10 23:35:09 ----D---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\vlc
2010-02-10 13:43:31 ----HD---- C:\WINDOWS\inf
2010-02-10 13:42:22 ----SH---- C:\boot.ini
2010-02-10 13:42:22 ----A---- C:\WINDOWS\win.ini
2010-02-10 13:42:22 ----A---- C:\WINDOWS\system.ini
2010-02-10 13:42:20 ----D---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\Skype
2010-02-09 17:13:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-09 17:12:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-09 17:04:54 ----SHD---- C:\WINDOWS\Installer
2010-02-08 13:19:37 ----D---- C:\WINDOWS\system32\DirectX
2010-02-08 13:19:03 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2010-02-08 11:48:58 ----D---- C:\Programme\JDownloader
2010-02-06 16:15:16 ----D---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\dvdcss
2010-02-04 18:05:17 ----A---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem.txt
2010-02-04 18:02:17 ----A---- C:\WINDOWS\WirelessFTP.INI
2010-02-03 22:14:54 ----RSD---- C:\WINDOWS\Fonts
2010-01-26 14:44:43 ----D---- C:\WINDOWS\system32\Setup
2010-01-24 11:55:53 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2010-01-24 10:22:09 ----D---- C:\WINDOWS\system32\Restore
2010-01-23 08:47:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 11:55:51 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-15 09:49:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-01-14 10:11:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-14 10:09:37 ----D---- C:\WINDOWS\AppPatch
2010-01-12 13:37:57 ----SD---- C:\Dokumente und Einstellungen\Lemms\Anwendungsdaten\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-12-27 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-12-27 25416]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-08 4739072]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-06-11 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-05-19 625792]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 aehogm07;aehogm07; C:\WINDOWS\system32\drivers\aehogm07.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-02-15 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-01-31 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2008-06-19 1528608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Micro Star SCM;Micro Star SCM; C:\Programme\System Control Manager\MSIService.exe [2008-06-09 159744]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
S3 aspnet_state;ASP.NET-Statusdienst; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-11 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
_____________________________________________________________
Bin ich damit schon komplett Virenfrei oder hab ich jetzt immer noch Trojanerteilchen auf der Platte.
Ich denke mal das ich mir den den größtenteil von den zwei Sachen hier eingefangen habe:
Das ist der Log von Virustotal PHP-Code: Datei Spore-1.05.0001-BAT.zip empfangen 2010.02.11 16:18:26 (UTC)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.02.11 -
AhnLab-V3 5.0.0.2 2010.02.11 -
AntiVir 7.9.1.160 2010.02.11 TR/Ransom.Delf.AI
Antiy-AVL 2.0.3.7 2010.02.11 Trojan/Win32.Delf.gen
Authentium 5.2.0.5 2010.02.11 -
Avast 4.8.1351.0 2010.02.11 Win32:Malware-gen
AVG 9.0.0.730 2010.02.11 Generic14.CDTH
BitDefender 7.2 2010.02.11 -
CAT-QuickHeal 10.00 2010.02.11 TrojanRansom.Delf.ai
ClamAV 0.96.0.0-git 2010.02.11 -
Comodo 3899 2010.02.11 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.02.11 Trojan.Encoder.55
eSafe 7.0.17.0 2010.02.10 -
eTrust-Vet 35.2.7296 2010.02.11 -
F-Prot 4.5.1.85 2010.02.11 -
F-Secure 9.0.15370.0 2010.02.11 -
Fortinet 4.0.14.0 2010.02.11 -
GData 19 2010.02.11 Win32:Malware-gen
Ikarus T3.1.1.80.0 2010.02.11 CC.Unk.Damaged
Jiangmin 13.0.900 2010.02.08 Trojan/Delf.kqm
K7AntiVirus 7.10.971 2010.02.11 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2010.02.11 Trojan-Ransom.Win32.Delf.ai
McAfee 5888 2010.02.10 -
McAfee+Artemis 5888 2010.02.10 Artemis!6877210EF316
McAfee-GW-Edition 6.8.5 2010.02.11 Trojan.Ransom.Delf.AI
Microsoft 1.5406 2010.02.11 Trojan:Win32/Trufip!rts
NOD32 4858 2010.02.11 probably a variant of Win32/Agent
Norman 6.04.08 2010.02.11 -
nProtect 2009.1.8.0 2010.02.11 -
Panda 10.0.2.2 2010.02.10 Trj/CI.A
PCTools 7.0.3.5 2010.02.11 Trojan.Generic
Prevx 3.0 2010.02.11 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.11 -
Sunbelt 3.9.2398.2 2010.02.11 -
Symantec 20091.2.0.41 2010.02.11 Trojan Horse
TheHacker 6.5.1.1.189 2010.02.11 -
TrendMicro 9.120.0.1004 2010.02.11 TROJ_RANSOM.HR
VBA32 3.12.12.2 2010.02.11 Trojan-Ransom.Win32.Delf.ai
ViRobot 2010.2.11.2182 2010.02.11 -
VirusBuster 5.0.21.0 2010.02.11 Trojan.Delf.DXJK
weitere Informationen
File size: 14517861 bytes
MD5 : e6ea3d8c6997ddc9369e40b96ce8caad
SHA1 : 464fad07d5d7ec81ace09a1177e62a44916b2a43
SHA256: db13ac3087619f45a677bd954db4f22815b38117e96a172771bdf512c326f3e2
TrID : File type identification<br>ZIP compressed archive (100.0%)
ssdeep: 393216:1XVqZBeUHYqNJHskA0ug8bNKoI5f9b7IEqFYHnmEL8gxmg3Iuo:1XKbHzNRskfufbNKogf9HIKHv8hCo
PEiD : -
packers (F-Prot): UPX
RDS : NSRL Reference Data Set<br>-
PHP-Code: Datei Spore.patch.1.05.crack.52007.exe empfangen 2010.02.11 16:20:20 (UTC)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.02.11 -
AhnLab-V3 5.0.0.2 2010.02.11 -
AntiVir 7.9.1.160 2010.02.11 -
Antiy-AVL 2.0.3.7 2010.02.11 -
Authentium 5.2.0.5 2010.02.11 -
Avast 4.8.1351.0 2010.02.11 -
AVG 9.0.0.730 2010.02.11 -
BitDefender 7.2 2010.02.11 -
CAT-QuickHeal 10.00 2010.02.11 (Suspicious) - DNAScan
ClamAV 0.96.0.0-git 2010.02.11 -
Comodo 3900 2010.02.11 -
DrWeb 5.0.1.12222 2010.02.11 Trojan.Siggen.60923
eSafe 7.0.17.0 2010.02.10 -
eTrust-Vet 35.2.7296 2010.02.11 -
F-Prot 4.5.1.85 2010.02.11 -
F-Secure 9.0.15370.0 2010.02.11 Trojan-Downloader:W32/Renos.GOD
Fortinet 4.0.14.0 2010.02.11 -
GData 19 2010.02.11 -
Ikarus T3.1.1.80.0 2010.02.11 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.971 2010.02.11 -
Kaspersky 7.0.0.125 2010.02.11 -
McAfee 5888 2010.02.10 -
McAfee+Artemis 5888 2010.02.10 -
McAfee-GW-Edition 6.8.5 2010.02.11 -
Microsoft 1.5406 2010.02.11 TrojanDownloader:Win32/Renos.KO
NOD32 4858 2010.02.11 a variant of Win32/Kryptik.CIM
Norman 6.04.08 2010.02.11 -
nProtect 2009.1.8.0 2010.02.11 -
Panda 10.0.2.2 2010.02.10 Suspicious file
PCTools 7.0.3.5 2010.02.11 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.11 Mal/FakeAV-BW
Sunbelt 3.9.2398.2 2010.02.11 -
Symantec 20091.2.0.41 2010.02.11 Suspicious.Insight
TheHacker 6.5.1.1.189 2010.02.11 -
TrendMicro 9.120.0.1004 2010.02.11 -
VBA32 3.12.12.2 2010.02.11 -
ViRobot 2010.2.11.2182 2010.02.11 -
VirusBuster 5.0.21.0 2010.02.11 -
weitere Informationen
File size: 76288 bytes
MD5 : 1fedd849552ab4a7406c555025152821
SHA1 : 5d93bfc5f009bd0d9f7b7cbf1554e66cef7dda30
SHA256: 9bd76a194b4ee0608ec2b757a358b4710e0b57ddfbb4a556f9ea4267ba1d346f
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x1540<br> timedatestamp.....: 0x47CC8656 (Tue Mar 4 00:14:30 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 4 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x1FE5 0x2000 6.16 43003ac861000dfb1b1ec78e6ccab6ec<br>.data 0x3000 0x21E7 0x2200 3.57 c0315ca9274e6d6a0c3fea6aa6479994<br>.idata 0x6000 0x744D 0x3600 6.73 8fd8688c5bbeb381f5a4f8cf142697ac<br>.rdata 0xE000 0x16030 0xAC00 6.00 22f52575c9dbec1084efd90d1c91ab7b<br> <br> ( 4 imports )<br> <br>> advapi32.dll: GetSidIdentifierAuthority, AddAce, GetTokenInformation, RegEnumKeyA, DeleteService, SetSecurityDescriptorDacl, RegEnumValueA, RegQueryValueA, RegCreateKeyExW, SetFileSecurityW, RegQueryValueExA, LsaOpenPolicy, GetTraceEnableFlags, RegEnumKeyExW, RegFlushKey, SetThreadToken, CryptGenRandom, RegOpenKeyA, CheckTokenMembership, ConvertSidToStringSidW, GetSecurityDescriptorLength, QueryServiceConfigW, RegSetValueA<br>> kernel32.dll: GlobalFree, SetFilePointer, GetCPInfo, OpenEventW, TlsGetValue, GetTickCount, GetLocaleInfoW, GetCommandLineA, GetDriveTypeW, VirtualAlloc, GetFileSize, GetSystemDirectoryW, GetSystemTimeAsFileTime, ExitProcess, WaitForSingleObject, WriteConsoleW, GetStringTypeW, HeapCreate, SetLastError<br>> msvcrt.dll: malloc, fopen, _ftol, iswalpha, _ultoa, floor, _snwprintf, _errno, strlen, _purecall, __badioinfo, wcstoul, _rotr, __p__fmode, rand, swscanf, _rotl, ctime, mbstowcs, iswctype, _access, wcsncat, _write, __p__osver, _wcslwr, strstr, fclose, _ltoa, _chsize, _wfopen, _ltow, calloc<br>> ole32.dll: ProgIDFromCLSID, StgOpenStorage, StringFromGUID2, CoUnmarshalInterface, CoFreeUnusedLibraries, StgCreateDocfile, OleLoadFromStream, CoMarshalInterface, OleQueryCreateFromData, PropVariantCopy, CoInitializeEx, CreateOleAdviseHolder, CoDisconnectObject, StgIsStorageFile, WriteClassStm, OleUninitialize, CLSIDFromString, CoSetProxyBlanket, OleRegEnumVerbs, CoCreateInstanceEx, CreateBindCtx, CoRevokeClassObject, StringFromIID, OleInitialize, MkParseDisplayName<br> <br> ( 0 exports )<br>
TrID : File type identification<br>Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.2%)<br>Clipper DOS Executable (9.1%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
ssdeep: 1536:f3gBrblld1Ge0BLmFubF83km6Wc2cztFIJA0WmTj:f3gBrblldro4ubAkmldczt+j
PEiD : -
RDS : NSRL Reference Data Set<br>-
|
11.02.2010, 19:10
Linear-Darstellung
