Spybot hat Trojaner Bifrose.LA gefunden

#1 Hallo zusammen,
ich habe spybot search&destroy meinen pc durchsuchen lassen und es hat den trojaner bifrose.LA gefunden .
folgendes hat er hinzu gezeigt
benutzereinstellung
HKEY_USERS\S-1-5-21-1142793588-2157804360-3538953708-1000\Software\Bifrost


benutzereinstellung
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost

der spyware doctor hat diesen trojaner auch gefunden, nur antivir zeigt nichts an.
Nun meine Frage, ist er gefährlich und was kann ich dagegen tun.
Bitte dringend um Antwort, da mein PC sehr neu ist und ich keine Ahnung habe was ich damit anfangen soll
Danke für eure Antworten!!
viele grüße cc1

#2 Hallo,

findest du auf dem Rechner C:\WINDOWS\Bifrost ?

poste bitte mal das log von Combofix
http://virus-protect.org/artikel/tools/combofix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#3 also ich habe jetzt das log von combofix.

ComboFix 08-02-17.2 - user 2008-02-17 21:37:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1163 [GMT 1:00]
ausgeführt von:: C:\Users\user\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-01-17 bis 2008-02-17 ))))))))))))))))))))))))))))))
.

2008-02-17 13:22 . 2008-02-17 21:38 81,984 --a------ C:\Windows\System32\bdod.bin
2008-02-17 13:18 . 2008-02-17 13:18 <DIR> d-------- C:\Users\user\AppData\Roaming\BitDefender
2008-02-17 13:16 . 2008-02-17 13:18 <DIR> d-------- C:\Users\All Users\BitDefender
2008-02-17 13:16 . 2008-02-17 13:18 <DIR> d-------- C:\ProgramData\BitDefender
2008-02-17 13:16 . 2008-02-17 13:16 <DIR> d-------- C:\Program Files\BitDefender
2008-02-17 13:15 . 2008-02-17 13:16 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-16 21:45 . 2008-02-17 13:04 1,905 --a------ C:\Windows\diagwrn.xml
2008-02-16 21:45 . 2008-02-17 13:04 1,905 --a------ C:\Windows\diagerr.xml
2008-02-16 20:39 . 2008-02-16 20:39 <DIR> d-------- C:\Users\user\AppData\Roaming\PC Tools
2008-02-16 20:39 . 2008-02-17 21:33 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-16 20:39 . 2008-02-17 21:33 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-16 20:39 . 2008-02-17 10:01 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-16 20:39 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-16 20:39 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-16 20:39 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-16 20:39 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-16 11:26 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 16:09 . 2008-02-13 16:09 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 16:09 . 2008-02-13 16:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 16:06 . 2008-02-13 16:06 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\Users\All Users\Pinnacle VideoSpin
2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\ProgramData\Pinnacle VideoSpin
2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Users\All Users\VideoSpin
2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\ProgramData\VideoSpin
2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Program Files\Pinnacle
2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Program Files\Common Files\Yahoo!
2008-01-28 17:01 . 2008-01-28 17:01 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-01-28 17:01 . 2008-01-28 17:01 <DIR> d-------- C:\ProgramData\Pinnacle
2008-01-18 14:43 . 2008-01-18 14:43 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 20:22 --------- d-----w C:\Users\user\AppData\Roaming\tor
2008-02-17 20:12 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-17 20:12 --------- d-----w C:\Users\user\AppData\Roaming\Vidalia
2008-02-17 20:12 --------- d-----w C:\Users\user\AppData\Roaming\OpenOffice.org2
2008-02-13 15:06 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 15:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 15:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 15:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 15:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 18:33 --------- d-----w C:\Users\user\AppData\Roaming\Skype
2008-02-11 17:39 --------- d-----w C:\Users\user\AppData\Roaming\skypePM
2008-01-18 13:43 --------- d-----w C:\Program Files\QuickTime
2008-01-18 13:43 --------- d-----w C:\Program Files\iTunes
2008-01-12 15:27 --------- d-----w C:\Program Files\Java
2008-01-12 15:25 --------- d-----w C:\Program Files\Common Files\Java
2008-01-09 19:04 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 13:44 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 13:44 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 13:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 13:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 15:40 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-01-08 13:36 --------- d-----w C:\ProgramData\CheckPoint
2008-01-08 13:36 --------- d-----w C:\Program Files\Zone Labs
2008-01-08 13:26 --------- d-----w C:\Program Files\Vidalia Bundle
2008-01-08 13:17 --------- d-----w C:\Program Files\SpeedFan
2008-01-07 18:14 --------- d-----w C:\Program Files\CCleaner
2008-01-05 18:46 --------- d-----w C:\Users\user\AppData\Roaming\XnView
2008-01-04 11:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-26 17:30 --------- d-----w C:\Program Files\Transcribe
2007-12-22 21:07 --------- d-----w C:\Users\user\AppData\Roaming\gtk-2.0
2007-12-22 20:57 --------- d-----w C:\Program Files\GIMP-2.0
2007-12-22 16:34 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2007-12-22 16:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2007-12-21 14:35 --------- d-----w C:\Program Files\Tobit ClipInc
2007-12-18 18:20 --------- d-----w C:\Users\user\AppData\Roaming\ICQ
2007-12-12 14:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 14:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 14:03 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-27 15:46 77,824 ----a-w C:\Windows\System32\xcomm.dll
2007-11-23 13:39 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-23 13:39 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-23 11:27 1,549,576 ----a-w C:\Windows\CISUnins.exe
2007-11-23 11:27 1,549,576 ----a-w C:\Windows\CICUnins.exe
2007-11-20 15:36 174 --sha-w C:\Program Files\desktop.ini
2007-11-20 15:31 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-11-20 15:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-20 15:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-20 15:31 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-20 15:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-20 15:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-20 15:31 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-11-20 15:31 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-20 15:31 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-20 15:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-20 15:31 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-11-20 15:31 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-20 15:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-20 15:30 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-11-20 15:30 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-11-20 15:28 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-11-20 15:28 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-11-20 15:27 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-11-20 15:27 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-20 15:27 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-20 15:27 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-11-20 15:27 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-20 15:27 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-11-20 15:27 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-11-20 15:27 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-20 15:27 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-11-20 15:27 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-11-20 15:27 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2007-11-20 15:26 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-11-20 15:24 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-11-20 15:24 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-11-20 15:24 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-11-20 15:24 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-11-20 15:24 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-11-20 15:24 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-11-20 15:24 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-11-20 15:24 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-11-20 15:24 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-11-20 15:24 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-11-20 15:22 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-11-20 14:59 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-11-20 14:59 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-11-20 14:59 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-11-20 14:59 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-11-20 14:59 33,624 ----a-w C:\Windows\System32\wups.dll
2007-11-20 14:59 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-11-20 14:59 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-11-20 14:59 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-11-20 14:59 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-11-19 10:32 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-11-19 10:32 315,392 ----a-w C:\Windows\HideWin.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 14:43 1232896]
"StartCCC"="C:\AMD\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 07:02 11852288]
"ICQ"="C:\Program Files\ICQ\ICQ6\ICQ.exe" [2007-10-11 14:43 181496]
"{267C21F2-47AB-BF95-D96F-68C50E40EF03}"="C:\Users\user\AppData\Roaming\winxp2.exe" [ ]
"{1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998}"="C:\Users\user\AppData\Roaming\abcde.exe" [ ]
"th578z5984j594j3u"="C:\Users\user\AppData\Roaming\abcde.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-20 16:29 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 09:29 4472832 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-28 13:39 1826816 C:\Windows\SkyTel.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-20 21:34 249896]
"ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [2007-10-24 15:05 425984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-28 05:17 959976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-16 16:37 319488]

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-30 14:16:53 110592]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54 250368]

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-17 13:23]
R2 ClipInc001;ClipInc 001;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 001 []
R2 ClipInc002;ClipInc 002;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 002 []
R2 ClipInc003;ClipInc 003;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 003 []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-15 03:04]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27]
R3 bdfsfltr;bdfsfltr;C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-02-17 13:23]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 06:42]
R3 scan;BitDefender Threat Scanner;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Inhalt des "geplante Tasks" Ordners
"2008-02-17 12:05:33 C:\Windows\Tasks\User_Feed_Synchronization-{271E6CCD-C306-48CE-87FF-6A0F95E09CE0}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-02-17 20:40:00 C:\Windows\Tasks\User_Feed_Synchronization-{4A2EF822-F079-4FA9-8AAF-E8A9186BB7FA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 21:40:34
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

? [2644]
? [2708]
Scanne versteckte Autostart Einträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998} = C:\Users\user\AppData\Roaming\abcde.exe?a?\?R?o?a?m?i?n?g????????????????????????????????
th578z5984j594j3u = C:\Users\user\AppData\Roaming\abcde.exe?a?\?R?o?a?m?i?n?g?????????????????????????????????????????????????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-02-17 21:42:24
.
2008-02-16 10:32:02 --- E O F ---

#4 ««

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Users\user\AppData\Roaming" >>files.txt
notepad files.txt

__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#5 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8867-9EA6

Verzeichnis von C:\Users\user\AppData\Roaming

17.02.2008 14:00 <DIR> .
17.02.2008 14:00 <DIR> ..
16.01.2008 14:33 <DIR> Adobe
21.11.2007 15:31 <DIR> Apple Computer
19.11.2007 11:51 <DIR> ATI
17.02.2008 13:18 <DIR> BitDefender
21.11.2007 12:50 <DIR> Google
22.12.2007 22:07 <DIR> gtk-2.0
18.12.2007 19:20 <DIR> ICQ
21.11.2007 13:14 <DIR> ICQ Toolbar
19.11.2007 11:24 <DIR> Identities
19.11.2007 11:36 <DIR> InstallShield
21.11.2007 12:50 <DIR> Macromedia
02.11.2006 13:37 <DIR> Media Center Programs
21.11.2007 13:04 <DIR> Mozilla
17.02.2008 21:56 <DIR> OpenOffice.org2
16.02.2008 20:39 <DIR> PC Tools
11.02.2008 19:33 <DIR> Skype
11.02.2008 18:39 <DIR> skypePM
02.12.2007 13:47 <DIR> Tobit
17.02.2008 22:06 <DIR> tor
06.12.2007 17:39 4.054.239 UserTile.png
17.02.2008 21:52 <DIR> Vidalia
05.01.2008 19:46 <DIR> XnView
1 Datei(en), 4.054.239 Bytes
23 Verzeichnis(se), 155.336.814.592 Bytes frei

#6 ««
lade diese exe hoch..poste hier das Ergebnis (falls die exe auffindbar ist...)
http://www.virustotal.com/de/

C:\Users\user\AppData\Roaming\abcde.exe

-

»»
lade Kaspersky-Tool - scanne + poste den report hier (ich hoffe, das Proggie läuft auf Vista) - falls nicht...sag Bescheid
http://virus-protect.org/artikel/tools/kaspersky.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#7 cc1, und warum sagst Du nicht, dass Du Dir Bifrost mal angesehen hast?

Die Einträge von spybot search&destroy zu "bifrose.LA" gehören zum Client und sind total ungefährlich, sie werden bei mir auch angezeigt.

Gefährlich wäre ein Bifrost-Server, der eventuell ohne Einverständnis läuft, aber der würde von spybot search&destroy nicht beanstandet werden.
__________
darknight, die wo anders Heike ist.

#8 0 bytes size received / Se ha recibido un archivo vacio
des ist des einzigste was der virustool anzeigt
und kaspersky läuft leider unter vista nicht(es ist ein problem aufgetreten)
@darknight :wie meinst du das?
außerdem hat der spyware doctor bei mir noch den Trojan.Generic und Trojan-PWS.Tanspy gefunden. was kann ich dagegen machen, hängt das mit der bifrose zusammen und sind diese beiden gefährlich?


als ich gerade nochmal spybot laufen ließ wurde der bifrose.LA trojaner nicht mehr gefunden und beim spyware doctor auch nicht dort wurden nur noch die 2 oben genannten trojaner gefudnen ist der jetzt weg oder besteht trotzdem noch gefahr?

#9 cc1

««
wende Comboscan an + poste hier die zwei Logs
http://virus-protect.org/artikel/tools/comboscan.html

«««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"th578z5984j594j3u"=-
"{267C21F2-47AB-BF95-D96F-68C50E40EF03}"=-
"{1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998}"= -

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.
cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen
danach: Combofix noch einmal anwenden - tippe 1

PC neustarten

««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

scanne mit Antivirus + poste den scanreport
http://virus-protect.org/antivirus.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#10 diese beiden logs von comboscan

Deckard's System Scanner v20071014.68
Run by user on 2008-02-19 14:16:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
16: 2008-02-17 20:36:13 UTC - RP77 - ComboFix created restore point
15: 2008-02-17 12:15:52 UTC - RP76 - Installed BitDefender Total Security 2008
14: 2008-02-16 10:31:31 UTC - RP75 - Windows Update
13: 2008-02-14 18:23:14 UTC - RP74 - Windows Update
12: 2008-02-13 18:22:18 UTC - RP73 - Windows Update


-- First Restore Point --
1: 2008-01-12 15:25:35 UTC - RP62 - Installed Java(TM) 6 Update 3


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:56, on 19.02.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\AMD\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\ICQ\ICQ6\ICQ.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\user\Desktop\dss.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AVP] "C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\AMD\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [{267C21F2-47AB-BF95-D96F-68C50E40EF03}] C:\Users\user\AppData\Roaming\winxp2.exe
O4 - HKCU\..\Run: [{1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998}] C:\Users\user\AppData\Roaming\abcde.exe
O4 - HKCU\..\Run: [th578z5984j594j3u] C:\Users\user\AppData\Roaming\abcde.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Diese Seite in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Link-Ziel in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: setup_7.0.0.180_18.02.2008_17-09 - Kaspersky Lab - C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12430 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 BDSelfPr - \??\c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ClipInc001 (ClipInc 001) - c:\program files\tobit clipinc\server\clipinc-server.exe 001 <Not Verified; ; ClipInc. Server>
R2 ClipInc002 (ClipInc 002) - c:\program files\tobit clipinc\server\clipinc-server.exe 002 <Not Verified; ; ClipInc. Server>
R2 ClipInc003 (ClipInc 003) - c:\program files\tobit clipinc\server\clipinc-server.exe 003 <Not Verified; ; ClipInc. Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-19 14:14:59 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{4A2EF822-F079-4FA9-8AAF-E8A9186BB7FA}.job
2008-02-18 16:10:27 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{271E6CCD-C306-48CE-87FF-6A0F95E09CE0}.job


-- Files created between 2008-01-19 and 2008-02-19 -----------------------------

2008-02-19 14:18:40 0 d-------- C:\Program Files\Trend Micro
2008-02-17 21:35:34 68096 --a------ C:\Windows\system32\zip.exe
2008-02-17 21:35:34 98816 --a------ C:\Windows\system32\sed.exe
2008-02-17 21:35:34 80412 --a------ C:\Windows\system32\grep.exe
2008-02-17 21:35:34 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-17 13:22:18 81984 --a------ C:\Windows\system32\bdod.bin
2008-02-17 13:16:32 0 d-------- C:\Users\All Users\BitDefender
2008-02-17 13:16:32 0 d-------- C:\Program Files\BitDefender
2008-02-17 13:15:01 0 d-------- C:\Program Files\Common Files\BitDefender
2008-02-16 20:39:52 0 d-a------ C:\Users\All Users\TEMP
2008-02-16 20:39:41 0 d-------- C:\Program Files\Spyware Doctor
2008-01-28 17:06:30 0 d-------- C:\Users\All Users\Pinnacle VideoSpin
2008-01-28 17:03:44 0 d-------- C:\Users\All Users\VideoSpin
2008-01-28 17:03:44 0 d-------- C:\Program Files\Pinnacle
2008-01-28 17:03:44 0 d-------- C:\Program Files\Common Files\Yahoo!
2008-01-28 17:01:31 0 d-------- C:\Users\All Users\Pinnacle


-- Find3M Report ---------------------------------------------------------------

2008-02-19 14:16:52 641106 --a------ C:\Windows\system32\perfh007.dat
2008-02-19 14:16:52 116500 --a------ C:\Windows\system32\perfc007.dat
2008-02-19 14:10:32 0 d-------- C:\Users\user\AppData\Roaming\tor
2008-02-19 14:09:37 0 d-------- C:\Users\user\AppData\Roaming\OpenOffice.org2
2008-02-19 14:03:26 0 d-------- C:\Users\user\AppData\Roaming\Vidalia
2008-02-17 13:18:26 0 d-------- C:\Users\user\AppData\Roaming\BitDefender
2008-02-17 13:15:01 0 d-------- C:\Program Files\Common Files
2008-02-16 20:39:41 0 d-------- C:\Users\user\AppData\Roaming\PC Tools
2008-02-11 19:33:21 0 d-------- C:\Users\user\AppData\Roaming\Skype
2008-02-11 18:39:32 0 d-------- C:\Users\user\AppData\Roaming\skypePM
2008-01-18 14:43:57 0 d-------- C:\Program Files\iTunes
2008-01-18 14:43:50 0 d-------- C:\Program Files\iPod
2008-01-18 14:43:10 0 d-------- C:\Program Files\QuickTime
2008-01-16 14:33:04 0 d-------- C:\Users\user\AppData\Roaming\Adobe
2008-01-12 16:27:19 0 d-------- C:\Program Files\Java
2008-01-12 16:25:56 0 d-------- C:\Program Files\Common Files\Java
2008-01-09 20:04:18 0 d-------- C:\Program Files\Windows Mail
2008-01-09 14:44:06 0 d-------- C:\Program Files\Windows Sidebar
2008-01-08 16:40:54 0 d-------- C:\Program Files\Wise Registry Cleaner
2008-01-08 14:26:07 0 d-------- C:\Program Files\Vidalia Bundle
2008-01-08 14:17:47 0 d-------- C:\Program Files\SpeedFan
2008-01-07 19:14:48 0 d-------- C:\Program Files\CCleaner
2008-01-05 19:46:02 0 d-------- C:\Users\user\AppData\Roaming\XnView
2008-01-04 12:31:13 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-26 18:30:10 0 d-------- C:\Program Files\Transcribe
2007-12-22 22:07:27 0 d-------- C:\Users\user\AppData\Roaming\gtk-2.0
2007-12-22 21:57:21 0 d-------- C:\Program Files\GIMP-2.0
2007-12-22 18:30:48 0 --a------ C:\Windows\nsreg.dat
2007-12-21 15:35:29 0 d-------- C:\Program Files\Tobit ClipInc
2007-12-06 17:39:21 4054239 --a------ C:\Users\user\AppData\Roaming\UserTile.png
2007-11-27 16:46:24 77824 --a------ C:\Windows\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2007-11-25 10:46:30 0 -rahs---- C:\MSDOS.SYS
2007-11-25 10:46:30 0 -rahs---- C:\IO.SYS
2007-11-20 16:36:04 174 --ahs---- C:\Program Files\desktop.ini
2007-11-19 11:32:08 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20.11.2007 16:29]
"RtHDVCpl"="RtHDVCpl.exe" [28.05.2007 09:29 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [28.05.2007 13:39 C:\Windows\SkyTel.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [20.11.2007 21:34]
"ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [24.10.2007 15:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.05.2007 03:06]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [28.06.2007 05:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10.01.2008 15:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15.01.2008 03:22]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25.10.2007 16:37]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25.10.2007 16:33]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10.12.2007 14:53]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09.10.2007 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [16.11.2007 16:37]
"AVP"="C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" [12.10.2007 15:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09.01.2008 14:43]
"StartCCC"="C:\AMD\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 12:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 13:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 13:36]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [26.08.2007 07:02]
"ICQ"="C:\Program Files\ICQ\ICQ6\ICQ.exe" [11.10.2007 14:43]
"{267C21F2-47AB-BF95-D96F-68C50E40EF03}"="C:\Users\user\AppData\Roaming\winxp2.exe" []
"{1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998}"="C:\Users\user\AppData\Roaming\abcde.exe" []
"th578z5984j594j3u"="C:\Users\user\AppData\Roaming\abcde.exe" []

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [17.08.2007 22:57:56]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [30.11.2007 14:16:53]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [20.11.2006 15:30:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bdx scan


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7900 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-19 14:20:35 ------------

und der zweite

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: German

CPU 0: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 2046.69 MiB / 1021.11 MiB
Pagefile Memory (total/avail): 4314.6 MiB / 2623.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.5 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 143.67 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250410AS ATA Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.1.099.000 (Check Point, LTD.)
FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Avira AntiVir PersonalEdition v 7.0.2.154
(Avira GmbH)
AV: Bitdefender Antivirus v8.0 (BitDefender)
AS: BitDefender Antispyware v8.0 (BitDefender)
AS: Spyware Doctor v5.5.0.178 (PC Tools)
AS: Avira AntiVir PersonalEdition v 7.0.2.154
(Avira GmbH)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) [COLOR=RED]Disabled[/COLOR] [COLOR=RED]Outdated[/COLOR]
AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\user\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\user
LOCALAPPDATA=C:\Users\user\AppData\Local
LOGONSERVER=\\USER-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\AMD\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Pinnacle\Shared Files
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\user\AppData\Local\Temp
TMP=C:\Users\user\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=user-PC
USERNAME=user
USERPROFILE=C:\Users\user
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

user

Gast (new local, guest, net ready)


-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.0 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitDefender Total Security 2008 --> MsiExec.exe /I{F4F09997-F426-4019-B29B-6F1FE74852AC}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
EPSON-Drucker-Software --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Grand Theft Auto San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{086BADF8-9B1F-4E89-B207-2EDA520972D6}\setup.exe" -l0x7 -removeonly
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
OpenOffice.org 2.3 --> MsiExec.exe /I{A625D45F-1DC4-47FB-ABCF-6B27684AA717}
Pinnacle VideoSpin --> MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
Privoxy 3.0.6 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Tobit.Software ClipInc. --> C:\Windows\CISUnins.exe "C:\Program Files\Tobit ClipInc\Server\CISUnins.inf"
Tor 0.1.2.18 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
Vidalia 0.0.14 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Wise Registry Cleaner 2.9.5 --> "C:\Program Files\Wise Registry Cleaner\unins000.exe"
XnView 1.91.6 --> "C:\Program Files\XnView\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type25122 / Error
Event Submitted/Written: 02/19/2008 02:12:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlerhafte Anwendung setup_7.0.0.180_18.02.2008_17-09.exe, Version 7.0.0.180, Zeitstempel 0x470f68bf, fehlerhaftes Modul setup_7.0.0.180_18.02.2008_17-09.exe, Version 7.0.0.180, Zeitstempel 0x470f68bf, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c16b,
Prozess-ID 0x9d8, Anwendungsstartzeit setup_7.0.0.180_18.02.2008_17-09.exe0.

Event Record #/Type25119 / Error
Event Submitted/Written: 02/19/2008 02:10:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlerhafte Anwendung setup_7.0.0.180_18.02.2008_17-09.exe, Version 7.0.0.180, Zeitstempel 0x470f68bf, fehlerhaftes Modul setup_7.0.0.180_18.02.2008_17-09.exe, Version 7.0.0.180, Zeitstempel 0x470f68bf, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c16b,
Prozess-ID 0x418, Anwendungsstartzeit setup_7.0.0.180_18.02.2008_17-09.exe0.

Event Record #/Type25114 / Success
Event Submitted/Written: 02/19/2008 02:10:34 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type25110 / Success
Event Submitted/Written: 02/19/2008 02:10:33 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type25096 / Success
Event Submitted/Written: 02/19/2008 02:09:22 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Der Softwarelizenzierungsdienst wurde gestartet.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type39929 / Warning
Event Submitted/Written: 02/19/2008 02:15:54 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist.

Event Record #/Type39928 / Warning
Event Submitted/Written: 02/19/2008 02:15:54 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist.

Event Record #/Type39904 / Error
Event Submitted/Written: 02/19/2008 02:12:31 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
setup_7.0.0.180_18.02.2008_17-091

Event Record #/Type39903 / Error
Event Submitted/Written: 02/19/2008 02:12:31 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
setup_7.0.0.180_18.02.2008_17-09

Event Record #/Type39900 / Warning
Event Submitted/Written: 02/19/2008 02:10:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %user-PC27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %user-PC27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%user-PC275

Scan-ID: {BE38601D-7405-48D8-96E3-87781A6C52F1}

Benutzer: user-PC\user

Name: %user-PC271

ID: %user-PC272

Schweregrad-ID: %user-PC273

Kategorie-ID: %user-PC274

Gefundener Pfad: %user-PC276

Warnungsart: %user-PC278

Feststellungstyp: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-02-19 14:20:35 ------------

#11 cc1

1-
http://www.funkytoad.com/download/HostsXpert.zip
Press 'Restore Microstoft's Hosts File' and press 'OK'
Exit Program.

damit das alles gelöscht wird...............

Code

-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7900 more entries in hosts file.

2-
wende bitte das Combofix.script korrekt an (siehe oben)

Zitat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"th578z5984j594j3u"=-
"{267C21F2-47AB-BF95-D96F-68C50E40EF03}"=-
"{1E7D6AB2-310F-EF91-B08A-DA6E8AF4A998}"= -

- dann starte den Rechner neu

3-
dann poste das neue Log von Combofix + die 2 Logs von Comboscan
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#12 äh wenn ich Restore Microstoft's Hosts File drücke kommt die meldung, error c:\Windows\system32\drivers\ETC\hosts

#13 «

öffne die Hostfile mit HijackThis
http://virus-protect.org/hjtkurz.html

HOSTFILE:

*öffne das HijackThis
*Do a system scan only
*Config
*Misc Tools
*Open Hosts file Manager
*delet line(s)

lösche alles , lasse nur stehen: (das darf nicht gelöscht werden!)
127.0.0.1 localhost

speichern, HijackThis schliessen,

------

wenn du es dir manuell nicht zutraust, versuche es mit AVZ
http://virus-protect.org/artikel/tools/avz.html

Restore System Settings - Clear Hosts File

------

dann erledige das script von combofix
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#14 127.0.0.1 localhost diese datei finde ich leider dort nicht um bei avz zeigt es wirre zahlen an?
äh sorry hab sie jetzt doch gefunden aber wie kann ich jetzt nur die nicht löschen diese markieren oder alle anderen?


der log von combofix

ComboFix 08-02-17.2 - user 2008-02-19 21:43:50.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1157 [GMT 1:00]
ausgeführt von:: C:\Users\user\Desktop\ComboFix.exe
Command switches used :: C:\Users\user\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-01-19 bis 2008-02-19 ))))))))))))))))))))))))))))))
.

2008-02-19 14:18 . 2008-02-19 14:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-19 14:15 . 2008-02-19 14:15 <DIR> d-------- C:\Deckard
2008-02-17 22:12 . 2008-02-17 22:26 87 --a------ C:\Users\user\listen.bat
2008-02-17 13:22 . 2008-02-19 21:47 81,984 --a------ C:\Windows\System32\bdod.bin
2008-02-17 13:18 . 2008-02-17 13:18 <DIR> d-------- C:\Users\user\AppData\Roaming\BitDefender
2008-02-17 13:16 . 2008-02-17 13:18 <DIR> d-------- C:\Users\All Users\BitDefender
2008-02-17 13:16 . 2008-02-17 13:18 <DIR> d-------- C:\ProgramData\BitDefender
2008-02-17 13:16 . 2008-02-17 13:16 <DIR> d-------- C:\Program Files\BitDefender
2008-02-17 13:15 . 2008-02-17 13:16 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-16 21:45 . 2008-02-17 13:04 1,905 --a------ C:\Windows\diagwrn.xml
2008-02-16 21:45 . 2008-02-17 13:04 1,905 --a------ C:\Windows\diagerr.xml
2008-02-16 20:39 . 2008-02-16 20:39 <DIR> d-------- C:\Users\user\AppData\Roaming\PC Tools
2008-02-16 20:39 . 2008-02-19 21:43 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-16 20:39 . 2008-02-19 21:43 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-16 20:39 . 2008-02-18 16:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-16 20:39 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-16 20:39 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-16 20:39 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-16 20:39 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-16 11:26 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 16:09 . 2008-02-13 16:09 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 16:09 . 2008-02-13 16:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 16:06 . 2008-02-13 16:06 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\Users\All Users\Pinnacle VideoSpin
2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\ProgramData\Pinnacle VideoSpin
2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Users\All Users\VideoSpin
2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\ProgramData\VideoSpin
2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Program Files\Pinnacle
2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Program Files\Common Files\Yahoo!
2008-01-28 17:01 . 2008-01-28 17:01 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-01-28 17:01 . 2008-01-28 17:01 <DIR> d-------- C:\ProgramData\Pinnacle

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 20:32 --------- d-----w C:\Users\user\AppData\Roaming\tor
2008-02-19 20:21 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-19 20:21 --------- d-----w C:\Users\user\AppData\Roaming\OpenOffice.org2
2008-02-19 20:13 --------- d-----w C:\Users\user\AppData\Roaming\Vidalia
2008-02-13 15:06 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 15:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 15:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 15:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 15:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 18:33 --------- d-----w C:\Users\user\AppData\Roaming\Skype
2008-02-11 17:39 --------- d-----w C:\Users\user\AppData\Roaming\skypePM
2008-01-18 13:43 --------- d-----w C:\Program Files\QuickTime
2008-01-18 13:43 --------- d-----w C:\Program Files\iTunes
2008-01-18 13:43 --------- d-----w C:\Program Files\iPod
2008-01-12 15:27 --------- d-----w C:\Program Files\Java
2008-01-12 15:25 --------- d-----w C:\Program Files\Common Files\Java
2008-01-09 19:04 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 13:44 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 13:44 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 13:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 13:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 15:40 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-01-08 13:36 --------- d-----w C:\ProgramData\CheckPoint
2008-01-08 13:36 --------- d-----w C:\Program Files\Zone Labs
2008-01-08 13:26 --------- d-----w C:\Program Files\Vidalia Bundle
2008-01-08 13:17 --------- d-----w C:\Program Files\SpeedFan
2008-01-07 18:14 --------- d-----w C:\Program Files\CCleaner
2008-01-05 18:46 --------- d-----w C:\Users\user\AppData\Roaming\XnView
2008-01-04 11:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-26 17:30 --------- d-----w C:\Program Files\Transcribe
2007-12-22 21:07 --------- d-----w C:\Users\user\AppData\Roaming\gtk-2.0
2007-12-22 20:57 --------- d-----w C:\Program Files\GIMP-2.0
2007-12-22 16:34 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2007-12-22 16:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2007-12-21 14:35 --------- d-----w C:\Program Files\Tobit ClipInc
2007-12-12 14:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 14:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 14:03 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-27 15:46 77,824 ----a-w C:\Windows\System32\xcomm.dll
2007-11-23 13:39 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-23 13:39 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-23 11:27 1,549,576 ----a-w C:\Windows\CISUnins.exe
2007-11-23 11:27 1,549,576 ----a-w C:\Windows\CICUnins.exe
2007-11-20 15:36 174 --sha-w C:\Program Files\desktop.ini
2007-11-20 15:31 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-11-20 15:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-20 15:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-20 15:31 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-20 15:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-20 15:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-20 15:31 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-11-20 15:31 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-20 15:31 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-20 15:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-20 15:31 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-11-20 15:31 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-20 15:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-20 15:30 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-11-20 15:30 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-11-20 15:28 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-11-20 15:28 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-11-20 15:27 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-11-20 15:27 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-20 15:27 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-20 15:27 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-11-20 15:27 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-20 15:27 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-11-20 15:27 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-11-20 15:27 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-20 15:27 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-11-20 15:27 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-11-20 15:27 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2007-11-20 15:26 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-11-20 15:24 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-11-20 15:24 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-11-20 15:24 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-11-20 15:24 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-11-20 15:24 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-11-20 15:24 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-11-20 15:24 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-11-20 15:24 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-11-20 15:24 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-11-20 15:24 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-11-20 15:22 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-11-20 14:59 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-11-20 14:59 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-11-20 14:59 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-11-20 14:59 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-11-20 14:59 33,624 ----a-w C:\Windows\System32\wups.dll
2007-11-20 14:59 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-11-20 14:59 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-11-20 14:59 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-11-20 14:59 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-11-19 10:32 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-11-19 10:32 315,392 ----a-w C:\Windows\HideWin.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 14:43 1232896]
"StartCCC"="C:\AMD\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 07:02 11852288]
"ICQ"="C:\Program Files\ICQ\ICQ6\ICQ.exe" [2007-10-11 14:43 181496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-20 16:29 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 09:29 4472832 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-28 13:39 1826816 C:\Windows\SkyTel.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-20 21:34 249896]
"ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [2007-10-24 15:05 425984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-28 05:17 959976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-16 16:37 319488]
"AVP"="C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" [2007-10-12 15:29 212992]

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-30 14:16:53 110592]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54 250368]

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-17 13:23]
R2 ClipInc001;ClipInc 001;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 001 []
R2 ClipInc002;ClipInc 002;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 002 []
R2 ClipInc003;ClipInc 003;C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe 003 []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-15 03:04]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27]
R3 bdfsfltr;bdfsfltr;C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-02-17 13:23]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 06:42]
R3 scan;BitDefender Threat Scanner;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
S2 setup_7.0.0.180_18.02.2008_17-09;setup_7.0.0.180_18.02.2008_17-09;"C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" [2007-10-12 15:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Inhalt des "geplante Tasks" Ordners
"2008-02-19 16:31:16 C:\Windows\Tasks\User_Feed_Synchronization-{271E6CCD-C306-48CE-87FF-6A0F95E09CE0}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-02-19 20:45:00 C:\Windows\Tasks\User_Feed_Synchronization-{4A2EF822-F079-4FA9-8AAF-E8A9186BB7FA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 21:48:06
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-02-19 21:50:04
ComboFix2.txt 2008-02-19 13:32:07
ComboFix3.txt 2008-02-17 20:42:26
.
2008-02-16 10:32:02 --- E O F ---

und die 2 logs von comboscan

Logfile of HijackThis v1.99.1
Scan saved at 22:02:37, on 19.02.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\AMD\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ICQ\ICQ6\ICQ.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\user\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Users\user\Desktop\user.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AVP] "C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\AMD\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ\ICQ6\ICQ.exe" silent
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Diese Seite in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Link-Ziel in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: setup_7.0.0.180_18.02.2008_17-09 - Unknown owner - C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" -r (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)





Deckard's System Scanner v20071014.68
Run by user on 2008-02-19 22:01:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as user.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-19 22:02:37
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ICQ\ICQ6\ICQ.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\SearchProtocolHost.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\user\Desktop\dss.exe
C:\Windows\System32\conime.exe
C:\Users\user\Desktop\user.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AVP] "C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\AMD\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Diese Seite in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Link-Ziel in Firefox öffnen - file://C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\libd8q4g.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6\ICQ.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: setup_7.0.0.180_18.02.2008_17-09 - Kaspersky Lab - C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--
End of file - 12620 bytes

-- Files created between 2008-01-19 and 2008-02-19 -----------------------------

2008-02-19 14:18:40 0 d-------- C:\Program Files\Trend Micro
2008-02-17 21:35:34 68096 --a------ C:\Windows\system32\zip.exe
2008-02-17 21:35:34 98816 --a------ C:\Windows\system32\sed.exe
2008-02-17 21:35:34 80412 --a------ C:\Windows\system32\grep.exe
2008-02-17 21:35:34 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-17 13:22:18 81984 --a------ C:\Windows\system32\bdod.bin
2008-02-17 13:16:32 0 d-------- C:\Users\All Users\BitDefender
2008-02-17 13:16:32 0 d-------- C:\Program Files\BitDefender
2008-02-17 13:15:01 0 d-------- C:\Program Files\Common Files\BitDefender
2008-02-16 20:39:52 0 d-a------ C:\Users\All Users\TEMP
2008-02-16 20:39:41 0 d-------- C:\Program Files\Spyware Doctor
2008-01-28 17:06:30 0 d-------- C:\Users\All Users\Pinnacle VideoSpin
2008-01-28 17:03:44 0 d-------- C:\Users\All Users\VideoSpin
2008-01-28 17:03:44 0 d-------- C:\Program Files\Pinnacle
2008-01-28 17:03:44 0 d-------- C:\Program Files\Common Files\Yahoo!
2008-01-28 17:01:31 0 d-------- C:\Users\All Users\Pinnacle


-- Find3M Report ---------------------------------------------------------------

2008-02-19 21:53:56 0 d-------- C:\Users\user\AppData\Roaming\OpenOffice.org2
2008-02-19 21:53:51 0 d-------- C:\Users\user\AppData\Roaming\Vidalia
2008-02-19 21:32:57 0 d-------- C:\Users\user\AppData\Roaming\tor
2008-02-19 21:29:51 641106 --a------ C:\Windows\system32\perfh007.dat
2008-02-19 21:29:51 116500 --a------ C:\Windows\system32\perfc007.dat
2008-02-17 13:18:26 0 d-------- C:\Users\user\AppData\Roaming\BitDefender
2008-02-17 13:15:01 0 d-------- C:\Program Files\Common Files
2008-02-16 20:39:41 0 d-------- C:\Users\user\AppData\Roaming\PC Tools
2008-02-11 19:33:21 0 d-------- C:\Users\user\AppData\Roaming\Skype
2008-02-11 18:39:32 0 d-------- C:\Users\user\AppData\Roaming\skypePM
2008-01-18 14:43:57 0 d-------- C:\Program Files\iTunes
2008-01-18 14:43:50 0 d-------- C:\Program Files\iPod
2008-01-18 14:43:10 0 d-------- C:\Program Files\QuickTime
2008-01-16 14:33:04 0 d-------- C:\Users\user\AppData\Roaming\Adobe
2008-01-12 16:27:19 0 d-------- C:\Program Files\Java
2008-01-12 16:25:56 0 d-------- C:\Program Files\Common Files\Java
2008-01-09 20:04:18 0 d-------- C:\Program Files\Windows Mail
2008-01-09 14:44:06 0 d-------- C:\Program Files\Windows Sidebar
2008-01-08 16:40:54 0 d-------- C:\Program Files\Wise Registry Cleaner
2008-01-08 14:26:07 0 d-------- C:\Program Files\Vidalia Bundle
2008-01-08 14:17:47 0 d-------- C:\Program Files\SpeedFan
2008-01-07 19:14:48 0 d-------- C:\Program Files\CCleaner
2008-01-05 19:46:02 0 d-------- C:\Users\user\AppData\Roaming\XnView
2008-01-04 12:31:13 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-26 18:30:10 0 d-------- C:\Program Files\Transcribe
2007-12-22 22:07:27 0 d-------- C:\Users\user\AppData\Roaming\gtk-2.0
2007-12-22 21:57:21 0 d-------- C:\Program Files\GIMP-2.0
2007-12-22 18:30:48 0 --a------ C:\Windows\nsreg.dat
2007-12-21 15:35:29 0 d-------- C:\Program Files\Tobit ClipInc
2007-12-06 17:39:21 4054239 --a------ C:\Users\user\AppData\Roaming\UserTile.png
2007-11-27 16:46:24 77824 --a------ C:\Windows\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2007-11-25 10:46:30 0 -rahs---- C:\MSDOS.SYS
2007-11-25 10:46:30 0 -rahs---- C:\IO.SYS
2007-11-20 16:36:04 174 --ahs---- C:\Program Files\desktop.ini
2007-11-19 11:32:08 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20.11.2007 16:29]
"RtHDVCpl"="RtHDVCpl.exe" [28.05.2007 09:29 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [28.05.2007 13:39 C:\Windows\SkyTel.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [20.11.2007 21:34]
"ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" [24.10.2007 15:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.05.2007 03:06]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [28.06.2007 05:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10.01.2008 15:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15.01.2008 03:22]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25.10.2007 16:37]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25.10.2007 16:33]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10.12.2007 14:53]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09.10.2007 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [16.11.2007 16:37]
"AVP"="C:\Users\Public\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.02.2008_17-09.exe" [12.10.2007 15:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09.01.2008 14:43]
"StartCCC"="C:\AMD\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 12:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 13:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 13:36]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [26.08.2007 07:02]
"ICQ"="C:\Program Files\ICQ\ICQ6\ICQ.exe" [11.10.2007 14:43]

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [17.08.2007 22:57:56]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [30.11.2007 14:16:53]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [20.11.2006 15:30:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bdx scan


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-19 22:03:40 ------------

#15

Zitat

aber wie kann ich jetzt nur die nicht löschen diese markieren oder alle anderen?

alle markieren - bis auf 127.0.0.1 localhost , das bleibt. - delete line - speichern und hijackThis schliessen...
mach dich hier schlau:
http://virus-protect.org/host.html

du kannst versuchen , es uebers notepad (texteditor zu machen)



»»
scanne mit dr. web + poste den report
http://virus-protect.org/cureit.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/