Spybot hat Trojaner Bifrose.LA gefunden |
||
---|---|---|
#0
| ||
17.02.2008, 20:43
Member
Beiträge: 13 |
||
|
||
17.02.2008, 21:07
Ehrenmitglied
Beiträge: 1441 |
#2
Hallo,
findest du auf dem Rechner C:\WINDOWS\Bifrost ? poste bitte mal das log von Combofix http://virus-protect.org/artikel/tools/combofix.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
17.02.2008, 22:00
Member
Themenstarter Beiträge: 13 |
#3
also ich habe jetzt das log von combofix.
ComboFix 08-02-17.2 - user 2008-02-17 21:37:06.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1163 [GMT 1:00] ausgeführt von:: C:\Users\user\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . ((((((((((((((((((((((( Dateien erstellt von 2008-01-17 bis 2008-02-17 )))))))))))))))))))))))))))))) . 2008-02-17 13:22 . 2008-02-17 21:38 81,984 --a------ C:\Windows\System32\bdod.bin 2008-02-17 13:18 . 2008-02-17 13:18 <DIR> d-------- C:\Users\user\AppData\Roaming\BitDefender 2008-02-17 13:16 . 2008-02-17 13:18 <DIR> d-------- C:\Users\All Users\BitDefender 2008-02-17 13:16 . 2008-02-17 13:18 <DIR> d-------- C:\ProgramData\BitDefender 2008-02-17 13:16 . 2008-02-17 13:16 <DIR> d-------- C:\Program Files\BitDefender 2008-02-17 13:15 . 2008-02-17 13:16 <DIR> d-------- C:\Program Files\Common Files\BitDefender 2008-02-16 21:45 . 2008-02-17 13:04 1,905 --a------ C:\Windows\diagwrn.xml 2008-02-16 21:45 . 2008-02-17 13:04 1,905 --a------ C:\Windows\diagerr.xml 2008-02-16 20:39 . 2008-02-16 20:39 <DIR> d-------- C:\Users\user\AppData\Roaming\PC Tools 2008-02-16 20:39 . 2008-02-17 21:33 <DIR> d-a------ C:\Users\All Users\TEMP 2008-02-16 20:39 . 2008-02-17 21:33 <DIR> d-a------ C:\ProgramData\TEMP 2008-02-16 20:39 . 2008-02-17 10:01 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-16 20:39 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys 2008-02-16 20:39 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys 2008-02-16 20:39 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys 2008-02-16 20:39 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys 2008-02-16 11:26 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-13 16:09 . 2008-02-13 16:09 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-13 16:09 . 2008-02-13 16:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-13 16:06 . 2008-02-13 16:06 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\Users\All Users\Pinnacle VideoSpin 2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\ProgramData\Pinnacle VideoSpin 2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Users\All Users\VideoSpin 2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\ProgramData\VideoSpin 2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Program Files\Pinnacle 2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Program Files\Common Files\Yahoo! 2008-01-28 17:01 . 2008-01-28 17:01 <DIR> d-------- C:\Users\All Users\Pinnacle 2008-01-28 17:01 . 2008-01-28 17:01 <DIR> d-------- C:\ProgramData\Pinnacle 2008-01-18 14:43 . 2008-01-18 14:43 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-17 20:22 --------- d-----w C:\Users\user\AppData\Roaming\tor 2008-02-17 20:12 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-02-17 20:12 --------- d-----w C:\Users\user\AppData\Roaming\Vidalia 2008-02-17 20:12 --------- d-----w C:\Users\user\AppData\Roaming\OpenOffice.org2 2008-02-13 15:06 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 15:04 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 15:04 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 15:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 15:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-11 18:33 --------- d-----w C:\Users\user\AppData\Roaming\Skype 2008-02-11 17:39 --------- d-----w C:\Users\user\AppData\Roaming\skypePM 2008-01-18 13:43 --------- d-----w C:\Program Files\QuickTime 2008-01-18 13:43 --------- d-----w C:\Program Files\iTunes 2008-01-12 15:27 --------- d-----w C:\Program Files\Java 2008-01-12 15:25 --------- d-----w C:\Program Files\Common Files\Java 2008-01-09 19:04 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 13:44 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-01-09 13:44 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-01-09 13:44 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-09 13:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-08 15:40 --------- d-----w C:\Program Files\Wise Registry Cleaner 2008-01-08 13:36 --------- d-----w C:\ProgramData\CheckPoint 2008-01-08 13:36 --------- d-----w C:\Program Files\Zone Labs 2008-01-08 13:26 --------- d-----w C:\Program Files\Vidalia Bundle 2008-01-08 13:17 --------- d-----w C:\Program Files\SpeedFan 2008-01-07 18:14 --------- d-----w C:\Program Files\CCleaner 2008-01-05 18:46 --------- d-----w C:\Users\user\AppData\Roaming\XnView 2008-01-04 11:31 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-26 17:30 --------- d-----w C:\Program Files\Transcribe 2007-12-22 21:07 --------- d-----w C:\Users\user\AppData\Roaming\gtk-2.0 2007-12-22 20:57 --------- d-----w C:\Program Files\GIMP-2.0 2007-12-22 16:34 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2007-12-22 16:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2007-12-21 14:35 --------- d-----w C:\Program Files\Tobit ClipInc 2007-12-18 18:20 --------- d-----w C:\Users\user\AppData\Roaming\ICQ 2007-12-12 14:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-12 14:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-12 14:03 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-11-27 15:46 77,824 ----a-w C:\Windows\System32\xcomm.dll 2007-11-23 13:39 32 ----a-w C:\Users\All Users\ezsid.dat 2007-11-23 13:39 32 ----a-w C:\ProgramData\ezsid.dat 2007-11-23 11:27 1,549,576 ----a-w C:\Windows\CISUnins.exe 2007-11-23 11:27 1,549,576 ----a-w C:\Windows\CICUnins.exe 2007-11-20 15:36 174 --sha-w C:\Program Files\desktop.ini 2007-11-20 15:31 87,040 ----a-w C:\Windows\System32\msoert2.dll 2007-11-20 15:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-20 15:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-20 15:31 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-20 15:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-20 15:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-20 15:31 39,424 ----a-w C:\Windows\System32\ACCTRES.dll 2007-11-20 15:31 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-20 15:31 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-20 15:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-20 15:31 205,824 ----a-w C:\Windows\System32\msoeacct.dll 2007-11-20 15:31 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-20 15:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-20 15:30 49,664 ----a-w C:\Windows\System32\csrsrv.dll 2007-11-20 15:30 376,320 ----a-w C:\Windows\System32\winsrv.dll 2007-11-20 15:28 414,208 ----a-w C:\Windows\System32\msscp.dll 2007-11-20 15:28 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll 2007-11-20 15:27 86,016 ----a-w C:\Windows\System32\icfupgd.dll 2007-11-20 15:27 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2007-11-20 15:27 7,680 ----a-w C:\Windows\System32\spwmp.dll 2007-11-20 15:27 61,952 ----a-w C:\Windows\System32\cmifw.dll 2007-11-20 15:27 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2007-11-20 15:27 396,800 ----a-w C:\Windows\System32\MPSSVC.dll 2007-11-20 15:27 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll 2007-11-20 15:27 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2007-11-20 15:27 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll 2007-11-20 15:27 16,896 ----a-w C:\Windows\System32\wfapigp.dll 2007-11-20 15:27 104,448 ----a-w C:\Windows\System32\DWWIN.EXE 2007-11-20 15:26 1,191,936 ----a-w C:\Windows\System32\msxml3.dll 2007-11-20 15:24 57,856 ----a-w C:\Windows\System32\SLUINotify.dll 2007-11-20 15:24 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll 2007-11-20 15:24 39,936 ----a-w C:\Windows\System32\slcinst.dll 2007-11-20 15:24 351,232 ----a-w C:\Windows\System32\SLUI.exe 2007-11-20 15:24 33,280 ----a-w C:\Windows\System32\slwmi.dll 2007-11-20 15:24 268,288 ----a-w C:\Windows\System32\mcbuilder.exe 2007-11-20 15:24 223,232 ----a-w C:\Windows\System32\SLC.dll 2007-11-20 15:24 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe 2007-11-20 15:24 186,368 ----a-w C:\Windows\System32\SLLUA.exe 2007-11-20 15:24 1,335,296 ----a-w C:\Windows\System32\msxml6.dll 2007-11-20 15:22 750,080 ----a-w C:\Windows\System32\qmgr.dll 2007-11-20 14:59 80,896 ----a-w C:\Windows\System32\wudriver.dll 2007-11-20 14:59 549,720 ----a-w C:\Windows\System32\wuapi.dll 2007-11-20 14:59 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2007-11-20 14:59 43,352 ----a-w C:\Windows\System32\wups2.dll 2007-11-20 14:59 33,624 ----a-w C:\Windows\System32\wups.dll 2007-11-20 14:59 31,232 ----a-w C:\Windows\System32\wuapp.exe 2007-11-20 14:59 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2007-11-20 14:59 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2007-11-20 14:59 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2007-11-19 10:32 319,456 ----a-w C:\Windows\DIFxAPI.dll 2007-11-19 10:32 315,392 ----a-w C:\Windows\HideWin.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381FFDE8-2394-4F90-B10D-FC6124A40F8C} [HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}] [HKEY_CLASSES_ROOT\BitDefender Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 14:43 1232896] "StartCCC"="C:\AMD\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 07:02 11852288] "ICQ"="C:\Program Files\ICQ\ICQ6\ICQ.exe" [2007-10-11 14:43 181496] "{267C21F2-47AB-BF95-D96F-68C50E40EF03}"="C:\Users\user\AppData\Roaming\winxp2.exe" [ ] "{1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998}"="C:\Users\user\AppData\Roaming\abcde.exe" [ ] "th578z5984j594j3u"="C:\Users\user\AppData\Roaming\abcde.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-20 16:29 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 09:29 4472832 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-05-28 13:39 1826816 C:\Windows\SkyTel.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-20 21:34 249896] "ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [2007-10-24 15:05 425984] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-28 05:17 959976] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-16 16:37 319488] C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-30 14:16:53 110592] Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54 250368] R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-17 13:23] R2 ClipInc001;ClipInc 001;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [] R2 ClipInc002;ClipInc 002;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 002 [] R2 ClipInc003;ClipInc 003;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 003 [] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot [] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-15 03:04] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27] R3 bdfsfltr;bdfsfltr;C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03] R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-02-17 13:23] R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 06:42] R3 scan;BitDefender Threat Scanner;C:\Windows\System32\svchost.exe [2006-11-02 10:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Inhalt des "geplante Tasks" Ordners "2008-02-17 12:05:33 C:\Windows\Tasks\User_Feed_Synchronization-{271E6CCD-C306-48CE-87FF-6A0F95E09CE0}.job" - C:\Windows\system32\msfeedssync.exe "2008-02-17 20:40:00 C:\Windows\Tasks\User_Feed_Synchronization-{4A2EF822-F079-4FA9-8AAF-E8A9186BB7FA}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-17 21:40:34 Windows 6.0.6000 NTFS detected NTDLL code modification: ZwClose Scanne versteckte Prozesse... ? [2644] ? [2708] Scanne versteckte Autostart Einträge... HKCU\Software\Microsoft\Windows\CurrentVersion\Run {1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998} = C:\Users\user\AppData\Roaming\abcde.exe?a?\?R?o?a?m?i?n?g???????????????????????????????? th578z5984j594j3u = C:\Users\user\AppData\Roaming\abcde.exe?a?\?R?o?a?m?i?n?g????????????????????????????????????????????????????????? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-02-17 21:42:24 . 2008-02-16 10:32:02 --- E O F --- |
|
|
||
17.02.2008, 22:03
Ehrenmitglied
Beiträge: 1441 |
#4
««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
17.02.2008, 22:28
Member
Themenstarter Beiträge: 13 |
#5
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8867-9EA6 Verzeichnis von C:\Users\user\AppData\Roaming 17.02.2008 14:00 <DIR> . 17.02.2008 14:00 <DIR> .. 16.01.2008 14:33 <DIR> Adobe 21.11.2007 15:31 <DIR> Apple Computer 19.11.2007 11:51 <DIR> ATI 17.02.2008 13:18 <DIR> BitDefender 21.11.2007 12:50 <DIR> Google 22.12.2007 22:07 <DIR> gtk-2.0 18.12.2007 19:20 <DIR> ICQ 21.11.2007 13:14 <DIR> ICQ Toolbar 19.11.2007 11:24 <DIR> Identities 19.11.2007 11:36 <DIR> InstallShield 21.11.2007 12:50 <DIR> Macromedia 02.11.2006 13:37 <DIR> Media Center Programs 21.11.2007 13:04 <DIR> Mozilla 17.02.2008 21:56 <DIR> OpenOffice.org2 16.02.2008 20:39 <DIR> PC Tools 11.02.2008 19:33 <DIR> Skype 11.02.2008 18:39 <DIR> skypePM 02.12.2007 13:47 <DIR> Tobit 17.02.2008 22:06 <DIR> tor 06.12.2007 17:39 4.054.239 UserTile.png 17.02.2008 21:52 <DIR> Vidalia 05.01.2008 19:46 <DIR> XnView 1 Datei(en), 4.054.239 Bytes 23 Verzeichnis(se), 155.336.814.592 Bytes frei |
|
|
||
17.02.2008, 23:50
Ehrenmitglied
Beiträge: 1441 |
#6
««
lade diese exe hoch..poste hier das Ergebnis (falls die exe auffindbar ist...) http://www.virustotal.com/de/ C:\Users\user\AppData\Roaming\abcde.exe - »» lade Kaspersky-Tool - scanne + poste den report hier (ich hoffe, das Proggie läuft auf Vista) - falls nicht...sag Bescheid http://virus-protect.org/artikel/tools/kaspersky.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
18.02.2008, 13:58
Member
Beiträge: 327 |
#7
cc1, und warum sagst Du nicht, dass Du Dir Bifrost mal angesehen hast?
Die Einträge von spybot search&destroy zu "bifrose.LA" gehören zum Client und sind total ungefährlich, sie werden bei mir auch angezeigt. Gefährlich wäre ein Bifrost-Server, der eventuell ohne Einverständnis läuft, aber der würde von spybot search&destroy nicht beanstandet werden. __________ darknight, die wo anders Heike ist. |
|
|
||
18.02.2008, 16:22
Member
Themenstarter Beiträge: 13 |
#8
0 bytes size received / Se ha recibido un archivo vacio
des ist des einzigste was der virustool anzeigt und kaspersky läuft leider unter vista nicht(es ist ein problem aufgetreten) @darknight :wie meinst du das? außerdem hat der spyware doctor bei mir noch den Trojan.Generic und Trojan-PWS.Tanspy gefunden. was kann ich dagegen machen, hängt das mit der bifrose zusammen und sind diese beiden gefährlich? als ich gerade nochmal spybot laufen ließ wurde der bifrose.LA trojaner nicht mehr gefunden und beim spyware doctor auch nicht dort wurden nur noch die 2 oben genannten trojaner gefudnen ist der jetzt weg oder besteht trotzdem noch gefahr? Dieser Beitrag wurde am 18.02.2008 um 20:52 Uhr von cc1 editiert.
|
|
|
||
18.02.2008, 23:35
Ehrenmitglied
Beiträge: 1441 |
#9
cc1
«« wende Comboscan an + poste hier die zwei Logs http://virus-protect.org/artikel/tools/comboscan.html ««« Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern Zitat Registry::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen danach: Combofix noch einmal anwenden - tippe 1 PC neustarten «««««««««««««««««««««««««««««««««««««««««««««««««««««««««« scanne mit Antivirus + poste den scanreport http://virus-protect.org/antivirus.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
19.02.2008, 14:23
Member
Themenstarter Beiträge: 13 |
#10
diese beiden logs von comboscan
Deckard's System Scanner v20071014.68 Run by user on 2008-02-19 14:16:24 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 16: 2008-02-17 20:36:13 UTC - RP77 - ComboFix created restore point 15: 2008-02-17 12:15:52 UTC - RP76 - Installed BitDefender Total Security 2008 14: 2008-02-16 10:31:31 UTC - RP75 - Windows Update 13: 2008-02-14 18:23:14 UTC - RP74 - Windows Update 12: 2008-02-13 18:22:18 UTC - RP73 - Windows Update -- First Restore Point -- 1: 2008-01-12 15:25:35 UTC - RP62 - Installed Java(TM) 6 Update 3 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as user.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:18:56, on 19.02.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\AMD\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe C:\Program Files\ICQ\ICQ6\ICQ.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Windows\ehome\ehmsas.exe C:\AMD\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\svchost.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe C:\Windows\System32\svchost.exe C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Users\user\Desktop\dss.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [AVP] "C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [StartCCC] C:\AMD\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [{267C21F2-47AB-BF95-D96F-68C50E40EF03}] C:\Users\user\AppData\Roaming\winxp2.exe O4 - HKCU\..\Run: [{1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998}] C:\Users\user\AppData\Roaming\abcde.exe O4 - HKCU\..\Run: [th578z5984j594j3u] C:\Users\user\AppData\Roaming\abcde.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: Diese Seite in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html O8 - Extra context menu item: Link-Ziel in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: setup_7.0.0.180_18.02.2008_17-09 - Kaspersky Lab - C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 12430 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 giveio - c:\windows\system32\giveio.sys R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R3 BDSelfPr - \??\c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 ClipInc001 (ClipInc 001) - c:\program files\tobit clipinc\server\clipinc-server.exe 001 <Not Verified; ; ClipInc. Server> R2 ClipInc002 (ClipInc 002) - c:\program files\tobit clipinc\server\clipinc-server.exe 002 <Not Verified; ; ClipInc. Server> R2 ClipInc003 (ClipInc 003) - c:\program files\tobit clipinc\server\clipinc-server.exe 003 <Not Verified; ; ClipInc. Server> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-02-19 14:14:59 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{4A2EF822-F079-4FA9-8AAF-E8A9186BB7FA}.job 2008-02-18 16:10:27 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{271E6CCD-C306-48CE-87FF-6A0F95E09CE0}.job -- Files created between 2008-01-19 and 2008-02-19 ----------------------------- 2008-02-19 14:18:40 0 d-------- C:\Program Files\Trend Micro 2008-02-17 21:35:34 68096 --a------ C:\Windows\system32\zip.exe 2008-02-17 21:35:34 98816 --a------ C:\Windows\system32\sed.exe 2008-02-17 21:35:34 80412 --a------ C:\Windows\system32\grep.exe 2008-02-17 21:35:34 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-02-17 13:22:18 81984 --a------ C:\Windows\system32\bdod.bin 2008-02-17 13:16:32 0 d-------- C:\Users\All Users\BitDefender 2008-02-17 13:16:32 0 d-------- C:\Program Files\BitDefender 2008-02-17 13:15:01 0 d-------- C:\Program Files\Common Files\BitDefender 2008-02-16 20:39:52 0 d-a------ C:\Users\All Users\TEMP 2008-02-16 20:39:41 0 d-------- C:\Program Files\Spyware Doctor 2008-01-28 17:06:30 0 d-------- C:\Users\All Users\Pinnacle VideoSpin 2008-01-28 17:03:44 0 d-------- C:\Users\All Users\VideoSpin 2008-01-28 17:03:44 0 d-------- C:\Program Files\Pinnacle 2008-01-28 17:03:44 0 d-------- C:\Program Files\Common Files\Yahoo! 2008-01-28 17:01:31 0 d-------- C:\Users\All Users\Pinnacle -- Find3M Report --------------------------------------------------------------- 2008-02-19 14:16:52 641106 --a------ C:\Windows\system32\perfh007.dat 2008-02-19 14:16:52 116500 --a------ C:\Windows\system32\perfc007.dat 2008-02-19 14:10:32 0 d-------- C:\Users\user\AppData\Roaming\tor 2008-02-19 14:09:37 0 d-------- C:\Users\user\AppData\Roaming\OpenOffice.org2 2008-02-19 14:03:26 0 d-------- C:\Users\user\AppData\Roaming\Vidalia 2008-02-17 13:18:26 0 d-------- C:\Users\user\AppData\Roaming\BitDefender 2008-02-17 13:15:01 0 d-------- C:\Program Files\Common Files 2008-02-16 20:39:41 0 d-------- C:\Users\user\AppData\Roaming\PC Tools 2008-02-11 19:33:21 0 d-------- C:\Users\user\AppData\Roaming\Skype 2008-02-11 18:39:32 0 d-------- C:\Users\user\AppData\Roaming\skypePM 2008-01-18 14:43:57 0 d-------- C:\Program Files\iTunes 2008-01-18 14:43:50 0 d-------- C:\Program Files\iPod 2008-01-18 14:43:10 0 d-------- C:\Program Files\QuickTime 2008-01-16 14:33:04 0 d-------- C:\Users\user\AppData\Roaming\Adobe 2008-01-12 16:27:19 0 d-------- C:\Program Files\Java 2008-01-12 16:25:56 0 d-------- C:\Program Files\Common Files\Java 2008-01-09 20:04:18 0 d-------- C:\Program Files\Windows Mail 2008-01-09 14:44:06 0 d-------- C:\Program Files\Windows Sidebar 2008-01-08 16:40:54 0 d-------- C:\Program Files\Wise Registry Cleaner 2008-01-08 14:26:07 0 d-------- C:\Program Files\Vidalia Bundle 2008-01-08 14:17:47 0 d-------- C:\Program Files\SpeedFan 2008-01-07 19:14:48 0 d-------- C:\Program Files\CCleaner 2008-01-05 19:46:02 0 d-------- C:\Users\user\AppData\Roaming\XnView 2008-01-04 12:31:13 0 d-------- C:\Program Files\Common Files\Adobe 2007-12-26 18:30:10 0 d-------- C:\Program Files\Transcribe 2007-12-22 22:07:27 0 d-------- C:\Users\user\AppData\Roaming\gtk-2.0 2007-12-22 21:57:21 0 d-------- C:\Program Files\GIMP-2.0 2007-12-22 18:30:48 0 --a------ C:\Windows\nsreg.dat 2007-12-21 15:35:29 0 d-------- C:\Program Files\Tobit ClipInc 2007-12-06 17:39:21 4054239 --a------ C:\Users\user\AppData\Roaming\UserTile.png 2007-11-27 16:46:24 77824 --a------ C:\Windows\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator> 2007-11-25 10:46:30 0 -rahs---- C:\MSDOS.SYS 2007-11-25 10:46:30 0 -rahs---- C:\IO.SYS 2007-11-20 16:36:04 174 --ahs---- C:\Program Files\desktop.ini 2007-11-19 11:32:08 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20.11.2007 16:29] "RtHDVCpl"="RtHDVCpl.exe" [28.05.2007 09:29 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [28.05.2007 13:39 C:\Windows\SkyTel.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [20.11.2007 21:34] "ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [24.10.2007 15:05] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.05.2007 03:06] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [28.06.2007 05:17] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10.01.2008 15:27] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15.01.2008 03:22] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25.10.2007 16:37] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25.10.2007 16:33] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10.12.2007 14:53] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09.10.2007 15:46] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [16.11.2007 16:37] "AVP"="C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" [12.10.2007 15:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09.01.2008 14:43] "StartCCC"="C:\AMD\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 12:35] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 13:35] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 13:36] "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [26.08.2007 07:02] "ICQ"="C:\Program Files\ICQ\ICQ6\ICQ.exe" [11.10.2007 14:43] "{267C21F2-47AB-BF95-D96F-68C50E40EF03}"="C:\Users\user\AppData\Roaming\winxp2.exe" [] "{1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998}"="C:\Users\user\AppData\Roaming\abcde.exe" [] "th578z5984j594j3u"="C:\Users\user\AppData\Roaming\abcde.exe" [] C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [17.08.2007 22:57:56] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [30.11.2007 14:16:53] Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [20.11.2006 15:30:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bdx scan [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- Hosts ----------------------------------------------------------------------- 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 7900 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-02-19 14:20:35 ------------ und der zweite Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6000) Architecture: X86; Language: German CPU 0: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz Percentage of Memory in Use: 50% Physical Memory (total/avail): 2046.69 MiB / 1021.11 MiB Pagefile Memory (total/avail): 4314.6 MiB / 2623.1 MiB Virtual Memory (total/avail): 2047.88 MiB / 1914.5 MiB C: is Fixed (NTFS) - 232.88 GiB total, 143.67 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST3250410AS ATA Device - 232.88 GiB - 1 partition \PARTITION0 (bootable) - Installierbares Dateisystem - 232.88 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: ZoneAlarm Firewall v7.1.099.000 (Check Point, LTD.) FW: Bitdefender Firewall v8.0 (BitDefender) AV: Avira AntiVir PersonalEdition v 7.0.2.154 (Avira GmbH) AV: Bitdefender Antivirus v8.0 (BitDefender) AS: BitDefender Antispyware v8.0 (BitDefender) AS: Spyware Doctor v5.5.0.178 (PC Tools) AS: Avira AntiVir PersonalEdition v 7.0.2.154 (Avira GmbH) AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) [COLOR=RED]Disabled[/COLOR] [COLOR=RED]Outdated[/COLOR] AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\user\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=USER-PC ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\user LOCALAPPDATA=C:\Users\user\AppData\Local LOGONSERVER=\\USER-PC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\AMD\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Pinnacle\Shared Files PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\user\AppData\Local\Temp TMP=C:\Users\user\AppData\Local\Temp tvdumpflags=8 USERDOMAIN=user-PC USERNAME=user USERPROFILE=C:\Users\user windir=C:\Windows -- User Profiles --------------------------------------------------------------- user Gast (new local, guest, net ready) -- Add/Remove Programs --------------------------------------------------------- Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll" Adobe Reader 8.1.0 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003} Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45} Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE BitDefender Total Security 2008 --> MsiExec.exe /I{F4F09997-F426-4019-B29B-6F1FE74852AC} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" EPSON-Drucker-Software --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe" Grand Theft Auto San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{086BADF8-9B1F-4E89-B207-2EDA520972D6}\setup.exe" -l0x7 -removeonly ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} OpenOffice.org 2.3 --> MsiExec.exe /I{A625D45F-1DC4-47FB-ABCF-6B27684AA717} Pinnacle VideoSpin --> MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60} Privoxy 3.0.6 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe" QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA} Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe" Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG Tobit.Software ClipInc. --> C:\Windows\CISUnins.exe "C:\Program Files\Tobit ClipInc\Server\CISUnins.inf" Tor 0.1.2.18 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe" Vidalia 0.0.14 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe" Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6} Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220} Wise Registry Cleaner 2.9.5 --> "C:\Program Files\Wise Registry Cleaner\unins000.exe" XnView 1.91.6 --> "C:\Program Files\XnView\unins000.exe" ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type25122 / Error Event Submitted/Written: 02/19/2008 02:12:32 PM Event ID/Source: 1000 / Application Error Event Description: Fehlerhafte Anwendung setup_7.0.0.180_18.02.2008_17-09.exe, Version 7.0.0.180, Zeitstempel 0x470f68bf, fehlerhaftes Modul setup_7.0.0.180_18.02.2008_17-09.exe, Version 7.0.0.180, Zeitstempel 0x470f68bf, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c16b, Prozess-ID 0x9d8, Anwendungsstartzeit setup_7.0.0.180_18.02.2008_17-09.exe0. Event Record #/Type25119 / Error Event Submitted/Written: 02/19/2008 02:10:43 PM Event ID/Source: 1000 / Application Error Event Description: Fehlerhafte Anwendung setup_7.0.0.180_18.02.2008_17-09.exe, Version 7.0.0.180, Zeitstempel 0x470f68bf, fehlerhaftes Modul setup_7.0.0.180_18.02.2008_17-09.exe, Version 7.0.0.180, Zeitstempel 0x470f68bf, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c16b, Prozess-ID 0x418, Anwendungsstartzeit setup_7.0.0.180_18.02.2008_17-09.exe0. Event Record #/Type25114 / Success Event Submitted/Written: 02/19/2008 02:10:34 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type25110 / Success Event Submitted/Written: 02/19/2008 02:10:33 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type25096 / Success Event Submitted/Written: 02/19/2008 02:09:22 PM Event ID/Source: 902 / Software Licensing Service Event Description: Der Softwarelizenzierungsdienst wurde gestartet. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type39929 / Warning Event Submitted/Written: 02/19/2008 02:15:54 PM Event ID/Source: 4 / Client Side Rendering Spooler Event Description: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist. Event Record #/Type39928 / Warning Event Submitted/Written: 02/19/2008 02:15:54 PM Event ID/Source: 4 / Client Side Rendering Spooler Event Description: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist. Event Record #/Type39904 / Error Event Submitted/Written: 02/19/2008 02:12:31 PM Event ID/Source: 7034 / Service Control Manager Event Description: setup_7.0.0.180_18.02.2008_17-091 Event Record #/Type39903 / Error Event Submitted/Written: 02/19/2008 02:12:31 PM Event ID/Source: 7022 / Service Control Manager Event Description: setup_7.0.0.180_18.02.2008_17-09 Event Record #/Type39900 / Warning Event Submitted/Written: 02/19/2008 02:10:38 PM Event ID/Source: 3004 / WinDefend Event Description: Vom %user-PC27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %user-PC27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %user-PC275 Scan-ID: {BE38601D-7405-48D8-96E3-87781A6C52F1} Benutzer: user-PC\user Name: %user-PC271 ID: %user-PC272 Schweregrad-ID: %user-PC273 Kategorie-ID: %user-PC274 Gefundener Pfad: %user-PC276 Warnungsart: %user-PC278 Feststellungstyp: 1.1.1505.02 -- End of Deckard's System Scanner: finished at 2008-02-19 14:20:35 ------------ |
|
|
||
19.02.2008, 14:26
Ehrenmitglied
Beiträge: 1441 |
#11
cc1
1- http://www.funkytoad.com/download/HostsXpert.zip Press 'Restore Microstoft's Hosts File' and press 'OK' Exit Program. damit das alles gelöscht wird............... Code -- Hosts -----------------------------------------------------------------------2- wende bitte das Combofix.script korrekt an (siehe oben) Zitat Registry:: - dann starte den Rechner neu 3- dann poste das neue Log von Combofix + die 2 Logs von Comboscan __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
19.02.2008, 14:45
Member
Themenstarter Beiträge: 13 |
#12
äh wenn ich Restore Microstoft's Hosts File drücke kommt die meldung, error c:\Windows\system32\drivers\ETC\hosts
|
|
|
||
19.02.2008, 16:00
Ehrenmitglied
Beiträge: 1441 |
#13
«
öffne die Hostfile mit HijackThis http://virus-protect.org/hjtkurz.html HOSTFILE: *öffne das HijackThis *Do a system scan only *Config *Misc Tools *Open Hosts file Manager *delet line(s) lösche alles , lasse nur stehen: (das darf nicht gelöscht werden!) 127.0.0.1 localhost speichern, HijackThis schliessen, ------ wenn du es dir manuell nicht zutraust, versuche es mit AVZ http://virus-protect.org/artikel/tools/avz.html Restore System Settings - Clear Hosts File ------ dann erledige das script von combofix __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
19.02.2008, 17:48
Member
Themenstarter Beiträge: 13 |
#14
127.0.0.1 localhost diese datei finde ich leider dort nicht um bei avz zeigt es wirre zahlen an?
äh sorry hab sie jetzt doch gefunden aber wie kann ich jetzt nur die nicht löschen diese markieren oder alle anderen? der log von combofix ComboFix 08-02-17.2 - user 2008-02-19 21:43:50.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1157 [GMT 1:00] ausgeführt von:: C:\Users\user\Desktop\ComboFix.exe Command switches used :: C:\Users\user\Desktop\cfscript.txt * Neuer Wiederherstellungspunkt wurde erstellt . ((((((((((((((((((((((( Dateien erstellt von 2008-01-19 bis 2008-02-19 )))))))))))))))))))))))))))))) . 2008-02-19 14:18 . 2008-02-19 14:18 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-19 14:15 . 2008-02-19 14:15 <DIR> d-------- C:\Deckard 2008-02-17 22:12 . 2008-02-17 22:26 87 --a------ C:\Users\user\listen.bat 2008-02-17 13:22 . 2008-02-19 21:47 81,984 --a------ C:\Windows\System32\bdod.bin 2008-02-17 13:18 . 2008-02-17 13:18 <DIR> d-------- C:\Users\user\AppData\Roaming\BitDefender 2008-02-17 13:16 . 2008-02-17 13:18 <DIR> d-------- C:\Users\All Users\BitDefender 2008-02-17 13:16 . 2008-02-17 13:18 <DIR> d-------- C:\ProgramData\BitDefender 2008-02-17 13:16 . 2008-02-17 13:16 <DIR> d-------- C:\Program Files\BitDefender 2008-02-17 13:15 . 2008-02-17 13:16 <DIR> d-------- C:\Program Files\Common Files\BitDefender 2008-02-16 21:45 . 2008-02-17 13:04 1,905 --a------ C:\Windows\diagwrn.xml 2008-02-16 21:45 . 2008-02-17 13:04 1,905 --a------ C:\Windows\diagerr.xml 2008-02-16 20:39 . 2008-02-16 20:39 <DIR> d-------- C:\Users\user\AppData\Roaming\PC Tools 2008-02-16 20:39 . 2008-02-19 21:43 <DIR> d-a------ C:\Users\All Users\TEMP 2008-02-16 20:39 . 2008-02-19 21:43 <DIR> d-a------ C:\ProgramData\TEMP 2008-02-16 20:39 . 2008-02-18 16:41 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-16 20:39 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys 2008-02-16 20:39 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys 2008-02-16 20:39 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys 2008-02-16 20:39 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys 2008-02-16 11:26 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-13 16:09 . 2008-02-13 16:09 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-13 16:09 . 2008-02-13 16:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-13 16:06 . 2008-02-13 16:06 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\Users\All Users\Pinnacle VideoSpin 2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\ProgramData\Pinnacle VideoSpin 2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Users\All Users\VideoSpin 2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\ProgramData\VideoSpin 2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Program Files\Pinnacle 2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Program Files\Common Files\Yahoo! 2008-01-28 17:01 . 2008-01-28 17:01 <DIR> d-------- C:\Users\All Users\Pinnacle 2008-01-28 17:01 . 2008-01-28 17:01 <DIR> d-------- C:\ProgramData\Pinnacle . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-19 20:32 --------- d-----w C:\Users\user\AppData\Roaming\tor 2008-02-19 20:21 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-02-19 20:21 --------- d-----w C:\Users\user\AppData\Roaming\OpenOffice.org2 2008-02-19 20:13 --------- d-----w C:\Users\user\AppData\Roaming\Vidalia 2008-02-13 15:06 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 15:04 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 15:04 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 15:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 15:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-11 18:33 --------- d-----w C:\Users\user\AppData\Roaming\Skype 2008-02-11 17:39 --------- d-----w C:\Users\user\AppData\Roaming\skypePM 2008-01-18 13:43 --------- d-----w C:\Program Files\QuickTime 2008-01-18 13:43 --------- d-----w C:\Program Files\iTunes 2008-01-18 13:43 --------- d-----w C:\Program Files\iPod 2008-01-12 15:27 --------- d-----w C:\Program Files\Java 2008-01-12 15:25 --------- d-----w C:\Program Files\Common Files\Java 2008-01-09 19:04 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 13:44 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-01-09 13:44 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-01-09 13:44 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-09 13:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-08 15:40 --------- d-----w C:\Program Files\Wise Registry Cleaner 2008-01-08 13:36 --------- d-----w C:\ProgramData\CheckPoint 2008-01-08 13:36 --------- d-----w C:\Program Files\Zone Labs 2008-01-08 13:26 --------- d-----w C:\Program Files\Vidalia Bundle 2008-01-08 13:17 --------- d-----w C:\Program Files\SpeedFan 2008-01-07 18:14 --------- d-----w C:\Program Files\CCleaner 2008-01-05 18:46 --------- d-----w C:\Users\user\AppData\Roaming\XnView 2008-01-04 11:31 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-26 17:30 --------- d-----w C:\Program Files\Transcribe 2007-12-22 21:07 --------- d-----w C:\Users\user\AppData\Roaming\gtk-2.0 2007-12-22 20:57 --------- d-----w C:\Program Files\GIMP-2.0 2007-12-22 16:34 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2007-12-22 16:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2007-12-21 14:35 --------- d-----w C:\Program Files\Tobit ClipInc 2007-12-12 14:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-12 14:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-12 14:03 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-11-27 15:46 77,824 ----a-w C:\Windows\System32\xcomm.dll 2007-11-23 13:39 32 ----a-w C:\Users\All Users\ezsid.dat 2007-11-23 13:39 32 ----a-w C:\ProgramData\ezsid.dat 2007-11-23 11:27 1,549,576 ----a-w C:\Windows\CISUnins.exe 2007-11-23 11:27 1,549,576 ----a-w C:\Windows\CICUnins.exe 2007-11-20 15:36 174 --sha-w C:\Program Files\desktop.ini 2007-11-20 15:31 87,040 ----a-w C:\Windows\System32\msoert2.dll 2007-11-20 15:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-20 15:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-20 15:31 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-20 15:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-20 15:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-20 15:31 39,424 ----a-w C:\Windows\System32\ACCTRES.dll 2007-11-20 15:31 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-20 15:31 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-20 15:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-20 15:31 205,824 ----a-w C:\Windows\System32\msoeacct.dll 2007-11-20 15:31 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-20 15:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-20 15:30 49,664 ----a-w C:\Windows\System32\csrsrv.dll 2007-11-20 15:30 376,320 ----a-w C:\Windows\System32\winsrv.dll 2007-11-20 15:28 414,208 ----a-w C:\Windows\System32\msscp.dll 2007-11-20 15:28 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll 2007-11-20 15:27 86,016 ----a-w C:\Windows\System32\icfupgd.dll 2007-11-20 15:27 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2007-11-20 15:27 7,680 ----a-w C:\Windows\System32\spwmp.dll 2007-11-20 15:27 61,952 ----a-w C:\Windows\System32\cmifw.dll 2007-11-20 15:27 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2007-11-20 15:27 396,800 ----a-w C:\Windows\System32\MPSSVC.dll 2007-11-20 15:27 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll 2007-11-20 15:27 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2007-11-20 15:27 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll 2007-11-20 15:27 16,896 ----a-w C:\Windows\System32\wfapigp.dll 2007-11-20 15:27 104,448 ----a-w C:\Windows\System32\DWWIN.EXE 2007-11-20 15:26 1,191,936 ----a-w C:\Windows\System32\msxml3.dll 2007-11-20 15:24 57,856 ----a-w C:\Windows\System32\SLUINotify.dll 2007-11-20 15:24 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll 2007-11-20 15:24 39,936 ----a-w C:\Windows\System32\slcinst.dll 2007-11-20 15:24 351,232 ----a-w C:\Windows\System32\SLUI.exe 2007-11-20 15:24 33,280 ----a-w C:\Windows\System32\slwmi.dll 2007-11-20 15:24 268,288 ----a-w C:\Windows\System32\mcbuilder.exe 2007-11-20 15:24 223,232 ----a-w C:\Windows\System32\SLC.dll 2007-11-20 15:24 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe 2007-11-20 15:24 186,368 ----a-w C:\Windows\System32\SLLUA.exe 2007-11-20 15:24 1,335,296 ----a-w C:\Windows\System32\msxml6.dll 2007-11-20 15:22 750,080 ----a-w C:\Windows\System32\qmgr.dll 2007-11-20 14:59 80,896 ----a-w C:\Windows\System32\wudriver.dll 2007-11-20 14:59 549,720 ----a-w C:\Windows\System32\wuapi.dll 2007-11-20 14:59 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2007-11-20 14:59 43,352 ----a-w C:\Windows\System32\wups2.dll 2007-11-20 14:59 33,624 ----a-w C:\Windows\System32\wups.dll 2007-11-20 14:59 31,232 ----a-w C:\Windows\System32\wuapp.exe 2007-11-20 14:59 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2007-11-20 14:59 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2007-11-20 14:59 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2007-11-19 10:32 319,456 ----a-w C:\Windows\DIFxAPI.dll 2007-11-19 10:32 315,392 ----a-w C:\Windows\HideWin.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381FFDE8-2394-4F90-B10D-FC6124A40F8C} [HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}] [HKEY_CLASSES_ROOT\BitDefender Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 14:43 1232896] "StartCCC"="C:\AMD\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 07:02 11852288] "ICQ"="C:\Program Files\ICQ\ICQ6\ICQ.exe" [2007-10-11 14:43 181496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-20 16:29 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 09:29 4472832 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-05-28 13:39 1826816 C:\Windows\SkyTel.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-20 21:34 249896] "ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [2007-10-24 15:05 425984] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-28 05:17 959976] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-16 16:37 319488] "AVP"="C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" [2007-10-12 15:29 212992] C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-30 14:16:53 110592] Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54 250368] R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-17 13:23] R2 ClipInc001;ClipInc 001;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [] R2 ClipInc002;ClipInc 002;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 002 [] R2 ClipInc003;ClipInc 003;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 003 [] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot [] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-15 03:04] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27] R3 bdfsfltr;bdfsfltr;C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03] R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-02-17 13:23] R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 06:42] R3 scan;BitDefender Threat Scanner;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S2 setup_7.0.0.180_18.02.2008_17-09;setup_7.0.0.180_18.02.2008_17-09;"C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" [2007-10-12 15:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Inhalt des "geplante Tasks" Ordners "2008-02-19 16:31:16 C:\Windows\Tasks\User_Feed_Synchronization-{271E6CCD-C306-48CE-87FF-6A0F95E09CE0}.job" - C:\Windows\system32\msfeedssync.exe "2008-02-19 20:45:00 C:\Windows\Tasks\User_Feed_Synchronization-{4A2EF822-F079-4FA9-8AAF-E8A9186BB7FA}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-19 21:48:06 Windows 6.0.6000 NTFS detected NTDLL code modification: ZwClose Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-02-19 21:50:04 ComboFix2.txt 2008-02-19 13:32:07 ComboFix3.txt 2008-02-17 20:42:26 . 2008-02-16 10:32:02 --- E O F --- und die 2 logs von comboscan Logfile of HijackThis v1.99.1 Scan saved at 22:02:37, on 19.02.2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe C:\AMD\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ICQ\ICQ6\ICQ.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Windows\ehome\ehmsas.exe C:\AMD\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe \?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\user\Desktop\dss.exe C:\Windows\system32\conime.exe C:\Users\user\Desktop\user.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [AVP] "C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [StartCCC] C:\AMD\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ\ICQ6\ICQ.exe" silent O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: Diese Seite in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html O8 - Extra context menu item: Link-Ziel in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: setup_7.0.0.180_18.02.2008_17-09 - Unknown owner - C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" -r (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing) Deckard's System Scanner v20071014.68 Run by user on 2008-02-19 22:01:19 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as user.exe) ------------------------------------------------ Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-19 22:02:37 Platform: Windows Vista (6.00.6000) MSIE: Internet Explorer (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\System32\csrss.exe C:\Windows\System32\wininit.exe C:\Windows\System32\csrss.exe C:\Windows\System32\services.exe C:\Windows\System32\lsass.exe C:\Windows\System32\lsm.exe C:\Windows\System32\winlogon.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe C:\Windows\System32\svchost.exe C:\Windows\System32\SLsvc.exe C:\Windows\System32\svchost.exe C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\System32\svchost.exe C:\Windows\System32\taskeng.exe C:\Windows\System32\dwm.exe C:\Windows\explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe C:\AMD\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ICQ\ICQ6\ICQ.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.bin C:\Windows\ehome\ehmsas.exe C:\AMD\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe C:\Windows\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\SearchIndexer.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe C:\Windows\System32\SearchProtocolHost.exe C:\Windows\System32\taskeng.exe C:\Windows\System32\SearchFilterHost.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\System32\wbem\WmiPrvSE.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\user\Desktop\dss.exe C:\Windows\System32\conime.exe C:\Users\user\Desktop\user.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\servicing\TrustedInstaller.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [AVP] "C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [StartCCC] C:\AMD\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ\ICQ6\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: Diese Seite in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html O8 - Extra context menu item: Link-Ziel in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: setup_7.0.0.180_18.02.2008_17-09 - Kaspersky Lab - C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 12620 bytes -- Files created between 2008-01-19 and 2008-02-19 ----------------------------- 2008-02-19 14:18:40 0 d-------- C:\Program Files\Trend Micro 2008-02-17 21:35:34 68096 --a------ C:\Windows\system32\zip.exe 2008-02-17 21:35:34 98816 --a------ C:\Windows\system32\sed.exe 2008-02-17 21:35:34 80412 --a------ C:\Windows\system32\grep.exe 2008-02-17 21:35:34 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-02-17 13:22:18 81984 --a------ C:\Windows\system32\bdod.bin 2008-02-17 13:16:32 0 d-------- C:\Users\All Users\BitDefender 2008-02-17 13:16:32 0 d-------- C:\Program Files\BitDefender 2008-02-17 13:15:01 0 d-------- C:\Program Files\Common Files\BitDefender 2008-02-16 20:39:52 0 d-a------ C:\Users\All Users\TEMP 2008-02-16 20:39:41 0 d-------- C:\Program Files\Spyware Doctor 2008-01-28 17:06:30 0 d-------- C:\Users\All Users\Pinnacle VideoSpin 2008-01-28 17:03:44 0 d-------- C:\Users\All Users\VideoSpin 2008-01-28 17:03:44 0 d-------- C:\Program Files\Pinnacle 2008-01-28 17:03:44 0 d-------- C:\Program Files\Common Files\Yahoo! 2008-01-28 17:01:31 0 d-------- C:\Users\All Users\Pinnacle -- Find3M Report --------------------------------------------------------------- 2008-02-19 21:53:56 0 d-------- C:\Users\user\AppData\Roaming\OpenOffice.org2 2008-02-19 21:53:51 0 d-------- C:\Users\user\AppData\Roaming\Vidalia 2008-02-19 21:32:57 0 d-------- C:\Users\user\AppData\Roaming\tor 2008-02-19 21:29:51 641106 --a------ C:\Windows\system32\perfh007.dat 2008-02-19 21:29:51 116500 --a------ C:\Windows\system32\perfc007.dat 2008-02-17 13:18:26 0 d-------- C:\Users\user\AppData\Roaming\BitDefender 2008-02-17 13:15:01 0 d-------- C:\Program Files\Common Files 2008-02-16 20:39:41 0 d-------- C:\Users\user\AppData\Roaming\PC Tools 2008-02-11 19:33:21 0 d-------- C:\Users\user\AppData\Roaming\Skype 2008-02-11 18:39:32 0 d-------- C:\Users\user\AppData\Roaming\skypePM 2008-01-18 14:43:57 0 d-------- C:\Program Files\iTunes 2008-01-18 14:43:50 0 d-------- C:\Program Files\iPod 2008-01-18 14:43:10 0 d-------- C:\Program Files\QuickTime 2008-01-16 14:33:04 0 d-------- C:\Users\user\AppData\Roaming\Adobe 2008-01-12 16:27:19 0 d-------- C:\Program Files\Java 2008-01-12 16:25:56 0 d-------- C:\Program Files\Common Files\Java 2008-01-09 20:04:18 0 d-------- C:\Program Files\Windows Mail 2008-01-09 14:44:06 0 d-------- C:\Program Files\Windows Sidebar 2008-01-08 16:40:54 0 d-------- C:\Program Files\Wise Registry Cleaner 2008-01-08 14:26:07 0 d-------- C:\Program Files\Vidalia Bundle 2008-01-08 14:17:47 0 d-------- C:\Program Files\SpeedFan 2008-01-07 19:14:48 0 d-------- C:\Program Files\CCleaner 2008-01-05 19:46:02 0 d-------- C:\Users\user\AppData\Roaming\XnView 2008-01-04 12:31:13 0 d-------- C:\Program Files\Common Files\Adobe 2007-12-26 18:30:10 0 d-------- C:\Program Files\Transcribe 2007-12-22 22:07:27 0 d-------- C:\Users\user\AppData\Roaming\gtk-2.0 2007-12-22 21:57:21 0 d-------- C:\Program Files\GIMP-2.0 2007-12-22 18:30:48 0 --a------ C:\Windows\nsreg.dat 2007-12-21 15:35:29 0 d-------- C:\Program Files\Tobit ClipInc 2007-12-06 17:39:21 4054239 --a------ C:\Users\user\AppData\Roaming\UserTile.png 2007-11-27 16:46:24 77824 --a------ C:\Windows\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator> 2007-11-25 10:46:30 0 -rahs---- C:\MSDOS.SYS 2007-11-25 10:46:30 0 -rahs---- C:\IO.SYS 2007-11-20 16:36:04 174 --ahs---- C:\Program Files\desktop.ini 2007-11-19 11:32:08 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20.11.2007 16:29] "RtHDVCpl"="RtHDVCpl.exe" [28.05.2007 09:29 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [28.05.2007 13:39 C:\Windows\SkyTel.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [20.11.2007 21:34] "ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [24.10.2007 15:05] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.05.2007 03:06] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [28.06.2007 05:17] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10.01.2008 15:27] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15.01.2008 03:22] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25.10.2007 16:37] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25.10.2007 16:33] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10.12.2007 14:53] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09.10.2007 15:46] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [16.11.2007 16:37] "AVP"="C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" [12.10.2007 15:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09.01.2008 14:43] "StartCCC"="C:\AMD\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 12:35] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 13:35] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 13:36] "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [26.08.2007 07:02] "ICQ"="C:\Program Files\ICQ\ICQ6\ICQ.exe" [11.10.2007 14:43] C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [17.08.2007 22:57:56] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [30.11.2007 14:16:53] Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [20.11.2006 15:30:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bdx scan [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-02-19 22:03:40 ------------ Dieser Beitrag wurde am 19.02.2008 um 22:05 Uhr von cc1 editiert.
|
|
|
||
19.02.2008, 23:39
Ehrenmitglied
Beiträge: 1441 |
#15
Zitat aber wie kann ich jetzt nur die nicht löschen diese markieren oder alle anderen?alle markieren - bis auf 127.0.0.1 localhost , das bleibt. - delete line - speichern und hijackThis schliessen... mach dich hier schlau: http://virus-protect.org/host.html du kannst versuchen , es uebers notepad (texteditor zu machen) »» scanne mit dr. web + poste den report http://virus-protect.org/cureit.html __________ Gruss Pinguin bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/ |
|
|
||
ich habe spybot search&destroy meinen pc durchsuchen lassen und es hat den trojaner bifrose.LA gefunden .
folgendes hat er hinzu gezeigt
benutzereinstellung
HKEY_USERS\S-1-5-21-1142793588-2157804360-3538953708-1000\Software\Bifrost
benutzereinstellung
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost
der spyware doctor hat diesen trojaner auch gefunden, nur antivir zeigt nichts an.
Nun meine Frage, ist er gefährlich und was kann ich dagegen tun.
Bitte dringend um Antwort, da mein PC sehr neu ist und ich keine Ahnung habe was ich damit anfangen soll
Danke für eure Antworten!!
viele grüße cc1