antixake

Hallo,

mein freund wollte auch mal seinen PC auf Spyware etc. durchchecken lassen.

Hier ist das Hijack This Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:21, on 01.02.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ICQ6\ICQ.exe
C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\SysWOW64\mmrtkrnl.exe
C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pille\Desktop\HiJackThis202.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = bearshare.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files (x86)\Dealio\kb125\Dealio.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files (x86)\Dealio\kb125\Dealio.dll
O3 - Toolbar: ekxdvft - {E5CBFDFA-6B88-4C04-AC4C-C6875D808503} - C:\Windows\ekxdvft.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [Tarantula] "C:\Program Files (x86)\Razer\Tarantula\razerhid.exe"
O4 - HKLM\..\Run: [au] C:\Program Files (x86)\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files (x86)\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Pille\AppData\LocalLow\Dealio\kb125\res\D ealioSearch.html
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files (x86)\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files (x86)\Dealio\kb125\Dealio.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8906 bytes


schon mal danke im vorraus

Mfg
antixake

Humdinger

Hallo

Das Vista ist schwer infiziert.

Bitte arbeite diese
>>>Anleitung<<<
ab und poste wie angegeben die Reporte

Den unteren Teil für Vista User bitte!

antixake

Hier ist der CounterSpy Log:


Scan History Details
Start Date: 01.02.2008 19:26:36
End Date: 01.02.2008 20:54:06
Total Time: 87 Min 30 Sec
Detected security risks

BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0 DF2-3A0A-4D94-853C-54A12A745905}\1.0\HELPDIR


Morpheus P2P Program more information...
Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F73 6-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F73 6-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F73 6-0F62-4214-A4B4-CAA6738D4C07}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F73 6-0F62-4214-A4B4-CAA6738D4C07}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F73 6-0F62-4214-A4B4-CAA6738D4C07}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F73 6-0F62-4214-A4B4-CAA6738D4C07}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F73 6-0F62-4214-A4B4-CAA6738D4C07}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F73 6-0F62-4214-A4B4-CAA6738D4C07}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F73 6-0F62-4214-A4B4-CAA6738D4C07}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C28 5D18D-43A2-4AEF-83FB-BF280E660A97}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C28 5D18D-43A2-4AEF-83FB-BF280E660A97}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C28 5D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C28 5D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C28 5D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C28 5D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C28 5D18D-43A2-4AEF-83FB-BF280E660A97}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C28 5D18D-43A2-4AEF-83FB-BF280E660A97}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C28 5D18D-43A2-4AEF-83FB-BF280E660A97}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER. 1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER. 1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\ CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\ CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\ CURVER
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\ CURVER


Backdoor.Rbot Backdoor more information...
Details: Rbot is the name of a family of backdoor trojans, also known as worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Files detected
C:\Program Files (x86)\Valve\platform\steam_dev.exe


Cookie: Tracking Cookies Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\gast\appdata\roaming\microsoft\windows\co okies\low\gast@2o7[2].txt
c:\users\gast\appdata\roaming\microsoft\windows\co okies\low\gast@bs.serving-sys[2].txt
c:\users\gast\appdata\roaming\microsoft\windows\co okies\low\gast@doubleclick[1].txt
c:\users\gast\appdata\roaming\microsoft\windows\co okies\low\gast@serving-sys[2].txt

antixake

Hier ist der neue Hijack This Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:44, on 01.02.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ICQ6\ICQ.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\SysWOW64\mmrtkrnl.exe
C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files (x86)\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Users\Pille\Desktop\Sonstiges\HiJackThis202.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = bearshare.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files (x86)\Dealio\kb125\Dealio.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files (x86)\Dealio\kb125\Dealio.dll
O3 - Toolbar: ekxdvft - {E5CBFDFA-6B88-4C04-AC4C-C6875D808503} - C:\Windows\ekxdvft.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [Tarantula] "C:\Program Files (x86)\Razer\Tarantula\razerhid.exe"
O4 - HKLM\..\Run: [au] C:\Program Files (x86)\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files (x86)\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Pille\AppData\LocalLow\Dealio\kb125\res\D ealioSearch.html
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files (x86)\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files (x86)\Dealio\kb125\Dealio.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9216 bytes

antixake

Hier ist die Log Datei von Vista Scan:


Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\Windows *****
***** ***** ***** ***** *****

01.02.2008 bootstat.dat 21 09:67.584
01.02.2008 ntbtlog.txt 21 06:120.846
01.02.2008 WindowsUpdate.log 19 23:1.394.126
27.01.2008 ffvrdgt.exe 07 39:81.920
27.01.2008 ekxdvft.dll 07 39:176.128
02.01.2008 WindowsShell.Manifest 16 18:749
02.01.2008 explorer.exe 13 56:3.087.360
31.12.2007 DownloadStudio.INI 15 04:23
29.12.2007 hip 21 13:32
27.12.2007 cadkasdeinst01.exe 01 15:73.216
23.12.2007 win.ini 14 15:144
18.12.2007 Setup1.exe 12 58:290.816
18.12.2007 ST6UNST.EXE 12 58:74.752
11.12.2007 SB652E189.tmp 18 53:48
08.12.2007 BRPP2KA.INI 15 44:27
08.12.2007 BRWMARK.INI 15 44:425
07.12.2007 game.ini 13 27:331
19.11.2007 bfsvc.exe 21 22:55.296
19.11.2007 nsreg.dat 16 23:0
15.02.2007 brunin03.dll 13 54:131.072
28.12.2006 avmadd32.dll 01 00:68.096
28.12.2006 instwcli.inf 01 00:7.045
02.11.2006 WMSysPr9.prx 16 04:316.640
02.11.2006 twunk_16.exe 16 02:49.680
02.11.2006 twunk_32.exe 16 02:31.232
02.11.2006 twain_32.dll 16 02:50.688
02.11.2006 twain.dll 16 02:94.784


Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\Windows\system32 *****
***** ***** ***** ***** *****

01.02.2008 Ikeext.etl 21 09:65.536
01.02.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 21 09:3.552
01.02.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 21 09:3.552
31.01.2008 FNTCACHE.DAT 22 05:241.400
31.01.2008 GameUXLegacyGDFs.dll 22 00:4.247.552
31.01.2008 gameux.dll 22 00:1.916.416
31.01.2008 msshsq.dll 21 59:318.976
31.01.2008 perfh009.dat 21 52:618.272
31.01.2008 perfc009.dat 21 52:107.416
31.01.2008 perfh007.dat 21 52:651.112
31.01.2008 perfc007.dat 21 52:120.908
31.01.2008 PerfStringBackup.INI 09 12:1.461.736
10.01.2008 sbunattend.exe 13 53:13.312
10.01.2008 netcfg.exe 13 51:30.208
10.01.2008 tcpipcfg.dll 13 51:232.960
10.01.2008 netiougc.exe 13 51:25.600
02.01.2008 mrt.exe 19 16:18.719.864
02.01.2008 wmploc.DLL 14 04:8.148.480
02.01.2008 wmp.dll 14 04:13.585.920
02.01.2008 spwmp.dll 14 04:9.216
02.01.2008 dxmasf.dll 14 04:5.120
02.01.2008 msdxm.ocx 14 04:5.120
02.01.2008 MediaMetadataHandler.dll 14 04:402.944
02.01.2008 shell32.dll 14 02:12.783.104
02.01.2008 schannel.dll 14 02:339.968
02.01.2008 ntprint.exe 14 02:61.952
02.01.2008 ntprint.dll 14 02:264.192
02.01.2008 dhcpcmonitor.dll 14 02:12.288
02.01.2008 dhcpcsvc.dll 14 02:271.360
02.01.2008 dhcpcsvc6.dll 14 02:150.528
02.01.2008 authui.dll 14 02:2.270.720
02.01.2008 WindowsCodecs.dll 14 02:851.968
02.01.2008 avicap32.dll 14 02:76.800
02.01.2008 msvfw32.dll 14 02:143.360
02.01.2008 mciavi32.dll 14 02:93.184
02.01.2008 avifil32.dll 14 02:106.496
02.01.2008 msvidc32.dll 14 02:38.400
02.01.2008 msrle32.dll 14 02:15.872
02.01.2008 sendmail.dll 14 02:76.288
02.01.2008 ssBranded.scr 14 02:8.432.128
02.01.2008 riched20.dll 14 00:615.936
02.01.2008 riched32.dll 14 00:10.240
02.01.2008 kmddsp.tsp 14 00:46.592
02.01.2008 rasser.dll 14 00:29.184
02.01.2008 rascfg.dll 14 00:92.160
02.01.2008 rasdiag.dll 14 00:65.536
02.01.2008 ndptsp.tsp 14 00:59.392


***** ***** ***** ***** *****
***** Scanning C:\Windows\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost



***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****


Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 7.468 K
smss.exe 420 Services 0 608 K
csrss.exe 484 Services 0 4.884 K
wininit.exe 524 Services 0 3.368 K
csrss.exe 544 Console 1 10.092 K
services.exe 576 Services 0 4.944 K
lsass.exe 588 Services 0 7.040 K
lsm.exe 596 Services 0 5.516 K
winlogon.exe 700 Console 1 4.860 K
svchost.exe 788 Services 0 5.572 K
svchost.exe 864 Services 0 6.468 K
svchost.exe 900 Services 0 17.284 K
svchost.exe 996 Services 0 12.352 K
svchost.exe 308 Services 0 102.432 K
svchost.exe 328 Services 0 28.764 K
audiodg.exe 592 Services 0 16.108 K
SLsvc.exe 776 Services 0 5.660 K
svchost.exe 1052 Services 0 12.684 K
svchost.exe 1216 Services 0 14.208 K
spoolsv.exe 1416 Services 0 8.604 K
avguard.exe 1444 Services 0 44.948 K
svchost.exe 1500 Services 0 10.760 K
dwm.exe 1924 Console 1 39.832 K
explorer.exe 1972 Console 1 43.376 K
sched.exe 1148 Services 0 3.888 K
MSASCui.exe 2088 Console 1 5.780 K
rundll32.exe 2112 Console 1 3.776 K
sidebar.exe 2120 Console 1 22.728 K
IGDCTRL.EXE 2164 Services 0 6.268 K
ehtray.exe 2172 Console 1 1.532 K
rundll32.exe 2192 Console 1 5.976 K
Steam.exe 2232 Console 1 16.792 K
PnkBstrA.exe 2324 Services 0 4.216 K
ehmsas.exe 2332 Console 1 4.120 K
ICQ.exe 2472 Console 1 64.248 K
svchost.exe 2492 Services 0 4.248 K
svchost.exe 2608 Services 0 6.180 K
TeamViewer_Host.exe 2624 Services 0 2.972 K
svchost.exe 2648 Services 0 2.036 K
SearchIndexer.exe 2692 Services 0 25.184 K
taskeng.exe 2288 Console 1 9.520 K
pptd40nt.exe 488 Console 1 4.664 K
StCenter.exe 1332 Console 1 7.952 K
taskeng.exe 1380 Services 0 5.636 K
BrMfcWnd.exe 3116 Console 1 6.904 K
winampa.exe 3188 Console 1 5.272 K
mmrtkrnl.exe 3196 Console 1 3.604 K
sidebar.exe 3236 Console 1 16.280 K
razerhid.exe 3248 Console 1 5.472 K
soffice.exe 3320 Console 1 4.216 K
BrccMCtl.exe 3344 Console 1 14.096 K
soffice.bin 3356 Console 1 9.708 K
SearchSettings.exe 3376 Console 1 7.808 K
BrMfcMon.exe 3492 Console 1 5.704 K
WmiPrvSE.exe 3900 Services 0 8.844 K
SteamService.exe 3840 Services 0 8.000 K
SearchProtocolHost.exe 2132 Services 0 10.240 K
conime.exe 3264 Console 1 4.864 K
wuauclt.exe 4148 Console 1 6.488 K
SBCSSvc.exe 2872 Services 0 13.116 K
SBCSTray.exe 2732 Console 1 6.256 K
avgnt.exe 4984 Console 1 1.308 K
SearchFilterHost.exe 2836 Services 0 6.524 K
cmd.exe 2444 Console 1 3.108 K
tasklist.exe 4408 Console 1 5.800 K



Microsoft Windows [Version 6.0.6000]


http://www.paules-pc-forum.de
***** Malware Team *****


***** Ende des Scans 01.02.2008 um 21:18:29,86 ***

ReinMan

C:\Windows\SysWOW64\conime.exe

C:\Program Files (x86)\Search Settings\SearchSettings.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = bearshare.com

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\kb125\SearchSettings.dll

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\Search Settings\SearchSettings.exe

O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe

Unbekannt
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Die Einträge "fixt" du bitte in dem du sie markierst und auf "Fix check" gehst. Neustarten und neues Logfile posten.

Lade dir noch "Ewido" runter und mach einen "Speicher-Scan" "Registry-Scan
und einen "kompletten System-Scan" alles was Ewido findet löschst du bitte.

http://www.chip.de/downloads/AVG-Ant..._13014984.html

Humdinger

Hallo


C:\Windows\SysWOW64\conime.exe
Das bitte nicht mit HijackThis per Fix bereinigen. Die anderen genannten aber bitte mal machen.



C:\Windows\ffvrdgt.exe
C:\Windows\ekxdvft.dll

Diese bitte zur Analyse
per Mail (möglichst als ZIP Datei) mit dem Betreff

malware modernboards antixake
schicken an:

MalwareTEAM@t-online.de

mach dann auch noch:

ComboFix
Beende nun dein Antiviren- & Antispywareprogramm
Doppelklicken auf: combofix.exe
Gib eine 1 ein, um den Scan zu starten, wenn du danach gefragt wirst.
Die Datenträgerbereinigung abwarten (bis ca. 20 Min/ Neustart kann erfolgen)
mit der rechten Maustaste den Text markieren -> kopieren -> vollständig posten

ReinMan

Wieso soll er die " C:\Windows\SysWOW64\conime.exe" Datei nicht fixen ? sie läuft angeblich nicht im Windows-Ordner. Also macht er darauf einen Rechtsklick>auf Viren überprüfen dann weiß er mehr.

Humdinger

Weil es erfahrungsgemäß keine Malware ist. Auch ein Virenscanner wird sicherlich hierbei nichts finden.