Trojaner entfernen

Status
Not open for further replies.
B

bernie8

New member
Hallo zusammen
ich möchte mich erst mal für eure Mühe im Vorraus bedanken. Ich habe ein riesen Problem(Spy loocked). Ich hatte mich zwar schon mit dem Thema hier beschäftigt, doch konnte ich ihn leider nicht vollständig löschen.
Hier die hijack list:

Logfile of HijackThis v1.99.1
Scan saved at 22:27:23, on 05.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\ArcorOnline\AOButler.exe
c:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Programme\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Programme\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Programme\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /M "Stylus C86" /EF "HKCU"
O4 - HKCU\..\Run: [Smileys] C:\Programme\Smiley Cave\gui.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135870550359
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6083ED71-55E7-459F-85CF-2A09EA021281}: NameServer = 195.50.140.250 195.50.140.114
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Norton Internet Security\comHost.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe



Kann mir irgend jemand helfen???
 
hallo raman,

ich poste jetzt beide sachen, die der mir ausgespuckt hat.

"Lder" - 2007-06-06 7:33:13 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Dokumente und Einstellungen\Lder\Desktop\"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programme\install.log


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NM
-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-06 )))))))))))))))))))))))))))))))


2007-06-05 22:08 <DIR> d-------- C:\avenger
2007-05-10 16:23 <DIR> d-------- C:\Multimedia Files
2007-05-10 16:22 <DIR> d-------- C:\Programme\Microsoft GIF Animator
2007-05-09 16:13 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-05-09 16:13 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-05-09 16:13 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-05-09 16:13 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-05-09 16:13 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-05-09 16:12 945,936 --a------ C:\WINDOWS\system32\msjava.dll
2007-05-09 16:12 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-05-09 16:12 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-05-09 16:12 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-05-09 16:12 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-05-09 16:12 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-05-09 16:12 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-05-09 16:12 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-05-09 16:12 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-05-09 16:12 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-05-09 16:12 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-05-09 16:12 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-05-09 16:12 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-05-09 15:53 <DIR> d-------- C:\joomla-1-0-12-stable-deutsch-komplett
2007-05-09 15:52 18,944 --a------ C:\WINDOWS\eraser.exe
2007-05-09 15:52 <DIR> d-------- C:\Programme\LeechFTP
2007-05-08 06:47 <DIR> d-------- C:\33


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-05 08:02:11 -------- d-----w C:\Programme\Norton Internet Security
2007-06-04 08:53:04 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-05-23 13:20:51 7,168 --s-a-w C:\WINDOWS\system32\eeuydc.dll
2007-05-19 16:42:03 -------- d-----w C:\Programme\ArcorOnline
2007-05-08 11:51:45 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-05-08 11:51:45 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-05-08 11:51:45 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-05-06 16:08:06 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-30 08:28:48 -------- d-----w C:\DOKUME~1\LDER~1\ANWEND~1\AAV
2007-04-30 08:27:09 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-04-30 08:26:04 -------- d-----w C:\Programme\Gemeinsame Dateien\AAV
2007-04-28 15:50:58 -------- d-----w C:\Programme\Google
2007-04-27 20:51:54 -------- d-----w C:\DOKUME~1\LDER~1\ANWEND~1\Skype
2007-04-27 20:27:49 -------- d-----w C:\DOKUME~1\LDER~1\ANWEND~1\Google
2007-04-24 13:42:11 3,025 ----a-w C:\WINDOWS\mozver.dat
2007-04-22 04:52:50 -------- d-----w C:\Programme\QIP20
2007-04-19 11:44:53 -------- d-----w C:\Programme\ABC Amber Audio Converter
2007-04-19 11:11:35 -------- d-----w C:\DOKUME~1\LDER~1\ANWEND~1\Miranda IM
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 16:54:12 -------- d-----w C:\DOKUME~1\LDER~1\ANWEND~1\AquaNox
2007-04-17 14:36:03 -------- d-----w C:\Programme\qip
2007-04-17 14:23:10 3,584 ----a-w C:\WINDOWS\system32\ic32.dll
2007-04-17 14:23:10 18,944 ----a-w C:\WINDOWS\system32\wk32.dll
2007-03-25 05:46:38 71,452 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 05:46:38 406,630 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll [2005-11-22 13:46]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 22:12]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 18:42]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll [2005-09-24 21:20]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2006-11-22 12:10]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar2.dll [2007-04-25 13:57]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-28 18:59]
{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}=C:\Programme\Video ActiveX Access\iesplg.dll []
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll [2006-01-17 17:04]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 14:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 15:45 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-08-02 16:35 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2006-12-13 19:22]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-05-10 14:32]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2006-05-25 19:35]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-06-20 13:58]
"MMTray"="C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 13:26]
"mmtask"="C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:26]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 13:45 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Arcor Online"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 12:49]
"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 05:00]
"Smileys"="C:\Programme\Smiley Cave\gui.exe" []
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 10:18]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 18:59]
"Arcor Online"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"user32.dll"=C:\Programme\Video ActiveX Access\iesmn.exe
"rare"=C:\Programme\Video ActiveX Access\imsmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{44e670f2-d57b-4815-a576-955d17dbbf2d}"="C:\WINDOWS\system32\eeuydc.dll" [2007-05-23 15:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-05-25 19:22:28 C:\WINDOWS\tasks\Norton AntiVirus - Vollständige Systemprüfung ausführen - Lüder.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-06 07:38:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C86 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /M "Stylus C86" /EF "HKCU"????????? ?????????#????????????a?w????????????????`????????????????????b?w????`???????+???8???????????h??w????`???????z??w`???????????)??|???????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-06 7:39:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-06 07:39

--- E O F ---


und das zweite:

Code: 
2005-12-28 10:17      456    --a------    C:\Qoobox\Quarantine\C\Programme\INSTALL.LOG.vir
2007-06-06 07:35      1188    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
2007-06-06 07:35      12322    --a------    C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf


Auflistung der Ordnerpfade fr Volume 441974
Volumenummer: 08B8-53F5
C:\QOOBOX
\---Quarantine
    +---C
    |   \---Programme
    |           INSTALL.LOG.vir
    |           
    \---Registry_backups
            LEGACY_NM.reg.cf
            services_nm.reg.cf


Danke schon mal für eure Mühe...
 
Status
Not open for further replies.
Back
Top