| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ad-Aware blockt Win32.Backdoor.Bifrose - Besteht gefahr?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.04.2011, 18:35
| #16 |
 |  Ad-Aware blockt Win32.Backdoor.Bifrose - Besteht gefahr? Hier das OSAM_Log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:34:12 on 08.04.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Ad-Aware Update (Weekly).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "GoogleUpdateTaskUserS-1-5-21-746137067-1645522239-1177238915-1005Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Luke Firewalker\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-746137067-1645522239-1177238915-1005UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Luke Firewalker\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2009\OneClickStarter.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "bdeadmin.cpl" - ? - C:\WINDOWS\system32\bdeadmin.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AirPort Disk Prefs" - "Apple Inc." - C:\Programme\AirPort\APDiskPrefs.exe "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "%USB\VID_04C8&PID_0720.DeviceDesc%" (Camavb) - "Samsung Inc." - C:\WINDOWS\System32\Drivers\Camavb.sys "aoyi4qlo" (aoyi4qlo) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\aoyi4qlo.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\LUKEFI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "KeyScrambler" (KeyScrambler) - "QFX Software Corporation" - C:\WINDOWS\System32\drivers\keyscrambler.sys "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "NTPort Library Driver" (zntport) - "Zeal SoftStudio" - C:\WINDOWS\system32\drivers\zntport.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "pxscan" (pxscan) - "Prevx" - C:\WINDOWS\System32\drivers\pxscan.sys "pxsec" (pxsec) - "Prevx" - C:\WINDOWS\System32\drivers\pxsec.sys "pxtdapow" (pxtdapow) - ? - C:\DOKUME~1\LUKEFI~1\LOKALE~1\Temp\pxtdapow.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "Trimble USB GPS Driver" (TRMUSB5K) - "e-TEK Labs" - C:\WINDOWS\System32\drivers\TRMUSB5K.sys "TrmbTS" (TrmbTS) - "Trimble AB, Sweden" - C:\WINDOWS\System32\Drivers\TrmbTS.sys "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "Wippien Network Adapter 2.4" (wip0204) - "Wippien Software" - C:\WINDOWS\System32\DRIVERS\wip0204.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {D3F9A525-8824-497A-BE36-B23E22F141FC} "ACShell Class" - "Romain Petges" - C:\Programme\Attribute Changer\acshell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - ? - (File not found | COM-object registry key not found) {5B043439-4F53-436E-8CFE-28F80934DBE6} "PDF-XChange PDF Preview Provider (XP)" - ? - (File not found | COM-object registry key not found) {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - ? - (File not found | COM-object registry key not found) {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - ? - (File not found | COM-object registry key not found) {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {D6B4E769-5C4B-4C27-B3D1-050CF8209712} "Trimble T00 File Context Menu" - ? - C:\PROGRA~1\GEMEIN~1\Trimble\ShellEx\T00ShExU.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Gutscheinmieze" - ? - Gutscheinmieze\toolbar.dll (File not found) ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - ? - (File not found | COM-object registry key not found) {B745F984-EF2E-40D6-A9AC-D8CED7230E61} "ClsidExtension" - "QFX Software Corporation" - C:\Programme\KeyScrambler\KeyScramblerIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "Gutscheinmieze" - ? - Gutscheinmieze\toolbar.dll (File not found) {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll <binary data> "pcwPrivilegien" - ? - C:\PROGRA~1\PC-WELT\PCWRUN~1\PCWPRI~1.DLL (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {2B9F5787-88A5-4945-90E7-C4B18563BC5E} "CKeyScramblerBHO Object" - "QFX Software Corporation" - C:\Programme\KeyScrambler\KeyScramblerIE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} "PDF-XChange Viewer IE-Plugin" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Utility Tray.lnk" - "Silicon Integrated Systems Corporation" - C:\WINDOWS\system32\sistray.exe (Shortcut exists | File exists) "WirelessSelector.lnk" - "ITE Tech Inc." - C:\Programme\FSC\Wireless Utility\WirelessSelector.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AirPort Base Station Agent" - "Apple Inc." - "C:\Programme\AirPort\APAgent.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SiSPower" - "Silicon Integrated Systems Corporation" - Rundll32.exe SiSPower.dll,ModeAgent "TouchPadHotKey" - ? - C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Cherry Device Interface" (Cherry Device Interface) - "Cherry, Auerbach Germany, www.cherry.de" - C:\Programme\Cherry\CDI\cdi.exe "CSIScanner" (CSIScanner) - "Prevx" - C:\Programme\Prevx\prevx.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Programme\LogMeIn Hamachi\hamachi-2.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Programme\McAfee\SiteAdvisor\McSACore.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe "NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\WINDOWS\System32\TuneUpDefragService.exe "TuneUp Program Statistics Service" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\WINDOWS\System32\TUProgSt.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru gruß |
|
08.04.2011, 18:37
| #17 |
| | Ad-Aware blockt Win32.Backdoor.Bifrose - Besteht gefahr? und noch die MBR_log:
__________________MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000081c Kernel Drivers (total 124): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E6000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9EA7000 spqw.sys 0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xB9E8F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xB9E60000 ACPI.sys 0xB9E4F000 pci.sys 0xBA0A8000 isapnp.sys 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9E30000 ftdisk.sys 0xBA4C4000 ACPIEC.sys 0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xBA330000 PartMgr.sys 0xBA0C8000 pxscan.sys 0xBA0D8000 VolSnap.sys 0xB9E18000 atapi.sys 0xBA0E8000 disk.sys 0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9DF8000 fltMgr.sys 0xB9DE6000 sr.sys 0xBA108000 pxsec.sys 0xBA118000 Lbd.sys 0xBA128000 PxHelp20.sys 0xB9DCF000 KSecDD.sys 0xB9D42000 Ntfs.sys 0xB9D15000 NDIS.sys 0xBA138000 uagp35.sys 0xB9CFB000 Mup.sys 0xBA158000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB9CCB000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xB9B8D000 \SystemRoot\system32\DRIVERS\sisgrp.sys 0xB9B79000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA168000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xB9B43000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA430000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xB9B23000 \SystemRoot\system32\DRIVERS\Ch2kPS2.sys 0xB9B09000 \SystemRoot\System32\drivers\keyscrambler.sys 0xBA438000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA178000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA188000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA198000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB9AE6000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA440000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xB9AC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA448000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\SiSGbeXP.sys 0xB9A3C000 \SystemRoot\system32\DRIVERS\ar5211.sys 0xB9A14000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB99DE000 \SystemRoot\System32\Drivers\aoyi4qlo.SYS 0xBA70E000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB9C01000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB99C7000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA1C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA1D8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA4A8000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB99B6000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA4B0000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA340000 \SystemRoot\system32\DRIVERS\raspti.sys 0xBA348000 \SystemRoot\system32\DRIVERS\hamachi.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5DE000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB98B8000 \SystemRoot\system32\DRIVERS\update.sys 0xB9BED000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA248000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xA336E000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xA334A000 \SystemRoot\system32\drivers\portcls.sys 0xBA268000 \SystemRoot\system32\drivers\drmk.sys 0xBA620000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA7F4000 \SystemRoot\System32\Drivers\Null.SYS 0xBA622000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA3A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA3B0000 \SystemRoot\System32\drivers\vga.sys 0xBA624000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA626000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA3B8000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA3C0000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB9CC3000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA32EF000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA3296000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA326E000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA3248000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA3226000 \SystemRoot\System32\drivers\afd.sys 0xBA2A8000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA3C8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xBA3D0000 \SystemRoot\system32\DRIVERS\srvkp.sys 0xA31FB000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xBA685000 \SystemRoot\System32\Drivers\PQNTDrv.SYS 0xA3163000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA2B8000 \SystemRoot\System32\Drivers\Fips.SYS 0xA309D000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xBA62A000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xBA2E8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA3085000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA644000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xA3346000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA3E8000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA775000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\SiSGRV.dll 0xBF45D000 \SystemRoot\System32\ATMFD.DLL 0xA2F30000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xBA2F8000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xA2F2C000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA2BD3000 \SystemRoot\system32\drivers\wdmaud.sys 0xA2D30000 \SystemRoot\system32\drivers\sysaudio.sys 0xA2962000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xBA450000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA281A000 \SystemRoot\system32\DRIVERS\srv.sys 0xBA68D000 \??\C:\WINDOWS\system32\drivers\zntport.sys 0xA2159000 \SystemRoot\System32\Drivers\HTTP.sys 0xA1B86000 \??\C:\DOKUME~1\LUKEFI~1\LOKALE~1\Temp\pxtdapow.sys 0x7C910000 \WINDOWS\system32\ntdll.dll 0x10000000 \Programme\DAEMON Tools Lite\daemon.dll Processes (total 48): 0 System Idle Process 4 System 488 C:\WINDOWS\system32\smss.exe 572 csrss.exe 620 C:\WINDOWS\system32\winlogon.exe 664 C:\WINDOWS\system32\services.exe 676 C:\WINDOWS\system32\lsass.exe 876 C:\WINDOWS\system32\svchost.exe 1268 svchost.exe 1412 C:\WINDOWS\system32\svchost.exe 1520 svchost.exe 1696 svchost.exe 1964 C:\Programme\Lavasoft\Ad-Aware\AAWService.exe 184 C:\WINDOWS\system32\spoolsv.exe 260 C:\WINDOWS\explorer.exe 348 C:\Programme\Avira\AntiVir Desktop\sched.exe 1056 C:\Programme\Synaptics\SynTP\SynTPEnh.exe 1060 C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe 1068 C:\WINDOWS\RTHDCPL.EXE 1084 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 1108 C:\Programme\AirPort\APAgent.exe 1132 C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe 1224 C:\WINDOWS\system32\sistray.exe 1308 C:\Programme\FSC\Wireless Utility\WirelessSelector.exe 1564 C:\Programme\Avira\AntiVir Desktop\avguard.exe 920 C:\Programme\Bonjour\mDNSResponder.exe 1612 svchost.exe 1624 C:\Programme\Prevx\prevx.exe 1840 C:\Programme\LogMeIn Hamachi\hamachi-2.exe 1024 C:\Programme\Java\jre6\bin\jqs.exe 1160 C:\Programme\McAfee\SiteAdvisor\McSACore.exe 1196 C:\Programme\Avira\AntiVir Desktop\avshadow.exe 1332 C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe 1476 C:\Programme\CDBurnerXP\NMSAccessU.exe 1880 C:\WINDOWS\system32\svchost.exe 2024 C:\WINDOWS\system32\TUProgSt.exe 4032 C:\Programme\Prevx\prevx.exe 2296 C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe 3636 unsecapp.exe 3644 wmiprvse.exe 3732 C:\WINDOWS\system32\rundll32.exe 3888 C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe 2084 C:\WINDOWS\system32\wbem\wmiapsrv.exe 736 alg.exe 3016 C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe 2404 C:\WINDOWS\system32\svchost.exe 1824 C:\Programme\Mozilla Firefox\firefox.exe 3504 L:\Downloads\Sicherheit\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\L: --> \\.\PhysicalDrive0 at offset 0x0000000c`d8b2e600 (NTFS) PhysicalDrive0 Model Number: HitachiHTS543216L9A300, Rev: FB2OC40C Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! Gruß el_ukas |
|
08.04.2011, 18:52
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ad-Aware blockt Win32.Backdoor.Bifrose - Besteht gefahr? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
__________________Denk dran beide Tools zu updaten vor dem Scan!!
__________________ |
|
09.04.2011, 15:18
| #19 |
| | Ad-Aware blockt Win32.Backdoor.Bifrose - Besteht gefahr? SuperAntiSpyware_Log: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/09/2011 at 04:07 PM Application Version : 4.50.1002 Core Rules Database Version : 6795 Trace Rules Database Version: 4607 Scan type : Complete Scan Total Scan Time : 02:24:46 Memory items scanned : 641 Memory threats detected : 0 Registry items scanned : 8009 Registry threats detected : 0 File items scanned : 142733 File threats detected : 1 Trojan.Agent/CDesc[Generic] C:\SYSTEM VOLUME INFORMATION\_RESTORE{D72491C4-64F3-4BDD-B3D8-0B3D1BCE5B6A}\RP1\A0000091.DLL Malwarebytes-AntiMalware_Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6318 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.04.2011 13:35:07 mbam-log-2011-04-09 (13-35-07).txt Scan type: Full scan (C:\|L:\|) Objects scanned: 306289 Time elapsed: 1 hour(s), 42 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Gruß el_ukas |
|
09.04.2011, 15:25
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ad-Aware blockt Win32.Backdoor.Bifrose - Besteht gefahr? Nur ein Überrest. Rechner wieder ok?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.04.2011, 16:04
| #21 |
| | Ad-Aware blockt Win32.Backdoor.Bifrose - Besteht gefahr? Cool...Danke vielmals. Ein neu aufspielen ist in jedem Fall überflüssig?? Gruß el_ukas |
|
09.04.2011, 16:19
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ad-Aware blockt Win32.Backdoor.Bifrose - Besteht gefahr? Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ad-Aware blockt Win32.Backdoor.Bifrose - Besteht gefahr? |
| ad-aware, airfoil, antivir, antivir guard, avira, bho, bonjour, cdburnerxp, desktop, dll, excel, explorer, firefox, hal.dll, helper, hijackthis, hkus\s-1-5-18, log-datei, malware, microsoft, mozilla, ntdll.dll, plug-in, programme, rundll, sicherheit, siteadvisor, software, suche, system, temp, tracker, usbport.sys, win32.backdoor.bifrose, winamp, windows xp, write, {dfefcdee-cf1a-4fc8-88ad-48514e463b27} |
Linear-Darstellung
