Habe mir ein TR/Patched.Gen2 eingefangen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:59, on 21.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
C:\programme\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\LogMeIn Hamachi\hamachi-2.exe
c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Programme\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\Spiele\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\Spiele\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\Spiele\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\Spiele\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - https://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
--
End of file - 8476 bytes
Malewarebytes hat kein Ergebnis.
Und hier noch ein Logfile von Virustotal.com
Datei user32.DLL empfangen 2010.03.21 13:59:34 (UTC)
Status: Beendet
Ergebnis: 25/42 (59.52%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.21 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2010.03.20 -
AntiVir 8.2.1.196 2010.03.19 TR/Patched.Gen2
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.21 -
Avast 4.8.1351.0 2010.03.21 Win32:SysPatch
Avast5 5.0.332.0 2010.03.21 Win32:SysPatch
AVG 9.0.0.787 2010.03.21 -
BitDefender 7.2 2010.03.21 Win32.MarioForever.Patched
CAT-QuickHeal 10.00 2010.03.19 Trojan.Patched.AP
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4339 2010.03.21 TrojWare.Win32.Patched.F
DrWeb 5.0.1.12222 2010.03.21 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 Win32/Pruserinf
F-Prot 4.5.1.85 2010.03.21 -
F-Secure 9.0.15370.0 2010.03.21 Win32.MarioForever.Patched
Fortinet 4.0.14.0 2010.03.20 W32/Patched.D!tr
GData 19 2010.03.21 Win32.MarioForever.Patched
Ikarus T3.1.1.80.0 2010.03.21 Trojan.Win32.Patched
Jiangmin 13.0.900 2010.03.21 Win32/PatchFile.bk
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.21 Trojan.Win32.Patched.gq
McAfee 5926 2010.03.20 potentially unwanted program Patched User32
McAfee+Artemis 5926 2010.03.20 potentially unwanted program Patched User32
McAfee-GW-Edition 6.8.5 2010.03.21 Trojan.Patched.Gen2
Microsoft 1.5605 2010.03.21 Virus:Win32/Mariofev.A
NOD32 4962 2010.03.21 Win32/Pinit
Norman 6.04.09 2010.03.21 -
nProtect 2009.1.8.0 2010.03.21 -
Panda 10.0.2.2 2010.03.20 -
PCTools 7.0.3.5 2010.03.21 Trojan.Patched.gq
Prevx 3.0 2010.03.21 -
Rising 22.39.06.01 2010.03.21 -
Sophos 4.51.0 2010.03.21 Troj/User32Hk-A
Sunbelt 6006 2010.03.21 Trojan.Win32.Patched.dr (v)
Symantec 20091.2.0.41 2010.03.21 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.21 -
TrendMicro 9.120.0.1004 2010.03.21 Possible_Patch-1
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 Win32.Patched.X
VirusBuster 5.0.27.0 2010.03.20 -
weitere Informationen
File size: 580096 bytes
MD5 : 65085bb174b6d679c552fa54151b07da
SHA1 : c075e87512a5490402fd18737c2f5654d174d5fd
SHA256: 20eaac15276b679af53888c034b2813b26691134205c3953adbd6be099dc8d94
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xB217
timedatestamp.....: 0x4802BFB7 (Mon Apr 14 04:21:43 200
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5F283 0x5F400 6.66 7b5dc837bd88b1f504e4190e08919aae
.data 0x61000 0x1180 0xC00 2.37 775119e98796af9b8a849dd1f6e4f377
.rsrc 0x63000 0x2A7BC 0x2A800 5.00 ab0716ca00fe22c6cb46856e79f46656
.reloc 0x8E000 0x2DE4 0x2E00 6.77 68ebe5a2d822be0663a3e935b39d0bae
Ich hoffe ihr könnt mir so schnell wie möglich helfen. Danke
Achso der Pfad für das Virus ist C:\Windows\System32\user32.dll
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:59, on 21.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
C:\programme\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\LogMeIn Hamachi\hamachi-2.exe
c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Programme\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\Spiele\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\Spiele\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\Spiele\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\Spiele\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - https://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
--
End of file - 8476 bytes
Malewarebytes hat kein Ergebnis.
Und hier noch ein Logfile von Virustotal.com
Datei user32.DLL empfangen 2010.03.21 13:59:34 (UTC)
Status: Beendet
Ergebnis: 25/42 (59.52%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.21 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2010.03.20 -
AntiVir 8.2.1.196 2010.03.19 TR/Patched.Gen2
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.21 -
Avast 4.8.1351.0 2010.03.21 Win32:SysPatch
Avast5 5.0.332.0 2010.03.21 Win32:SysPatch
AVG 9.0.0.787 2010.03.21 -
BitDefender 7.2 2010.03.21 Win32.MarioForever.Patched
CAT-QuickHeal 10.00 2010.03.19 Trojan.Patched.AP
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4339 2010.03.21 TrojWare.Win32.Patched.F
DrWeb 5.0.1.12222 2010.03.21 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 Win32/Pruserinf
F-Prot 4.5.1.85 2010.03.21 -
F-Secure 9.0.15370.0 2010.03.21 Win32.MarioForever.Patched
Fortinet 4.0.14.0 2010.03.20 W32/Patched.D!tr
GData 19 2010.03.21 Win32.MarioForever.Patched
Ikarus T3.1.1.80.0 2010.03.21 Trojan.Win32.Patched
Jiangmin 13.0.900 2010.03.21 Win32/PatchFile.bk
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.21 Trojan.Win32.Patched.gq
McAfee 5926 2010.03.20 potentially unwanted program Patched User32
McAfee+Artemis 5926 2010.03.20 potentially unwanted program Patched User32
McAfee-GW-Edition 6.8.5 2010.03.21 Trojan.Patched.Gen2
Microsoft 1.5605 2010.03.21 Virus:Win32/Mariofev.A
NOD32 4962 2010.03.21 Win32/Pinit
Norman 6.04.09 2010.03.21 -
nProtect 2009.1.8.0 2010.03.21 -
Panda 10.0.2.2 2010.03.20 -
PCTools 7.0.3.5 2010.03.21 Trojan.Patched.gq
Prevx 3.0 2010.03.21 -
Rising 22.39.06.01 2010.03.21 -
Sophos 4.51.0 2010.03.21 Troj/User32Hk-A
Sunbelt 6006 2010.03.21 Trojan.Win32.Patched.dr (v)
Symantec 20091.2.0.41 2010.03.21 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.21 -
TrendMicro 9.120.0.1004 2010.03.21 Possible_Patch-1
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 Win32.Patched.X
VirusBuster 5.0.27.0 2010.03.20 -
weitere Informationen
File size: 580096 bytes
MD5 : 65085bb174b6d679c552fa54151b07da
SHA1 : c075e87512a5490402fd18737c2f5654d174d5fd
SHA256: 20eaac15276b679af53888c034b2813b26691134205c3953adbd6be099dc8d94
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xB217
timedatestamp.....: 0x4802BFB7 (Mon Apr 14 04:21:43 200
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5F283 0x5F400 6.66 7b5dc837bd88b1f504e4190e08919aae
.data 0x61000 0x1180 0xC00 2.37 775119e98796af9b8a849dd1f6e4f377
.rsrc 0x63000 0x2A7BC 0x2A800 5.00 ab0716ca00fe22c6cb46856e79f46656
.reloc 0x8E000 0x2DE4 0x2E00 6.77 68ebe5a2d822be0663a3e935b39d0bae
Ich hoffe ihr könnt mir so schnell wie möglich helfen. Danke
Achso der Pfad für das Virus ist C:\Windows\System32\user32.dll