hijackThis-Check Up

#1 Wollte mal fragen, ob an diesem HiJack LOg alles in Ordnung ist.

Logfile of HijackThis v1.99.1
Scan saved at 14:19:22, on 05.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
F:\PROGZ\AntiVir PersonalEdition Classic\sched.exe
F:\PROGZ\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
F:\PROGZ\AntiVir PersonalEdition Classic\avgnt.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
F:\PROGZ\Winamp\winamp.exe
F:\PROGZ\ICQ6\ICQ.exe
F:\PROGZ\Mozilla Firefox\firefox.exe
F:\PROGZ\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "F:\PROGZ\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "E:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGZ\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - F:\PROGZ\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\PROGZ\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\PROGZ\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\PROGZ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\PROGZ\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - F:\PROGZ\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\PROGZ\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

#2 Dein Java ist veraltet
http://java.sun.com/javase/downloads/index.jsp
Srcolle runter nach "Java Runtime Environment (JRE) 6u1
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Klicke auf "Download"
Setze in haeckchen bei "Accept License Agreement".
Klicke “Windows Offline Installation, Multi-language” um
“jre-6-windows-i586.exe”zum Desktop zu installieren
Schliesse alle Programme auch dein Webbrowser
Ueber "Start -> Einstellungen -> Systemsteuerung -> Software
Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE)
Nachdem alles entfernt wurde,Rechner neu starten
Installiere jetzt vom Desktop aus “jre-6-windows-i586.exe”

Es gibt ein schoenes um zu schecken ob man alle Updates hat:Software Inspector
http://secunia.com/software_inspector/

So sollte es am ende aussehen

__________
MfG Argus

#3 danke für die schnelle hilfe. ich werde jetzt das neue Java installieren....

ich hab nochmal einen Rootkid Revealer Scan gemacht:

Zitat

HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg 23.02.2007 17:49 0 bytes Access is denied.
E:\Dokumente und Einstellungen\soegel.BIERQUARTIER\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\cuy64av6.default\Cache\23AFA165d01 05.05.2007 14:47 16.04 KB Hidden from Windows API.
E:\Dokumente und Einstellungen\soegel.BIERQUARTIER\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\cuy64av6.default\Cache\AD78DC90d01 05.05.2007 14:47 16.25 KB Hidden from Windows API.
E:\Dokumente und Einstellungen\soegel.BIERQUARTIER\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\cuy64av6.default\Cache\CAA143C2d01 05.05.2007 14:47 22.61 KB Hidden from Windows API.
E:\Dokumente und Einstellungen\soegel.BIERQUARTIER\Lokale Einstellungen\Temp\b061ad.msi 05.05.2007 14:56 3.11 MB Hidden from Windows API.
E:\Dokumente und Einstellungen\soegel.BIERQUARTIER\Lokale Einstellungen\Temp\bt1313.bat 05.05.2007 14:49 86.83 KB Hidden from Windows API.
E:\Dokumente und Einstellungen\soegel.BIERQUARTIER\Lokale Einstellungen\Temp\InstHelp.dll 05.05.2007 14:50 56.00 KB Hidden from Windows API.
E:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_1_0_1010.MSI 05.05.2007 14:55 3.11 MB Hidden from Windows API.
E:\sUBs 05.05.2007 14:50 0 bytes Hidden from Windows API.
E:\sUBs\combofix.exe 05.05.2007 14:50 291.54 KB Hidden from Windows API.
E:\sUBs\international.reg 05.05.2007 14:50 830 bytes Hidden from Windows API.
E:\sUBs\international2.reg 05.05.2007 14:50 834 bytes Hidden from Windows API.
E:\sUBs\region.reg 05.05.2007 14:50 1.03 KB Hidden from Windows API.
E:\sUBs\tsf 05.05.2007 14:50 0 bytes Hidden from Windows API.
E:\sUBs\tsf\attrib.exe 05.05.2007 14:50 11.00 KB Hidden from Windows API.
E:\sUBs\tsf\find.exe 05.05.2007 14:50 9.00 KB Hidden from Windows API.
E:\sUBs\tsf\findstr.exe 05.05.2007 14:50 27.50 KB Hidden from Windows API.
E:\sUBs\tsf\handle.exe 05.05.2007 14:49 177.52 KB Hidden from Windows API.
E:\sUBs\tsf\nircmd.exe 05.05.2007 14:49 25.50 KB Hidden from Windows API.
E:\sUBs\tsf\NTP.EXE 05.05.2007 14:49 5.13 KB Hidden from Windows API.
E:\sUBs\tsf\Ntrights.exe 05.05.2007 14:49 38.27 KB Hidden from Windows API.
E:\sUBs\tsf\RestartIt!.exe 05.05.2007 14:49 8.00 KB Hidden from Windows API.
E:\sUBs\tsf\sc.exe 05.05.2007 14:49 30.50 KB Hidden from Windows API.
E:\sUBs\tsf\sid2user.exe 05.05.2007 14:49 48.00 KB Hidden from Windows API.
E:\sUBs\tsf\sort.exe 05.05.2007 14:50 24.00 KB Hidden from Windows API.
E:\sUBs\tsf\swreg.exe 05.05.2007 14:49 41.50 KB Hidden from Windows API.
E:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 15.03.2007 22:41 252.00 KB Visible in Windows API, but not in MFT or directory index.
E:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 15.03.2007 22:41 111.50 KB Visible in Windows API, but not in MFT or directory index.
E:\WINDOWS\Prefetch\AAWSEPERSONAL.EXE-132B2CE6.pf 05.05.2007 14:49 27.49 KB Hidden from Windows API.
E:\WINDOWS\Prefetch\COMBOFIX.EXE-284380C1.pf 05.05.2007 14:49 12.58 KB Hidden from Windows API.
E:\WINDOWS\Prefetch\FIND.EXE-0EEAD1A7.pf 05.05.2007 14:50 9.87 KB Hidden from Windows API.
E:\WINDOWS\Prefetch\NIRCMD.EXE-02C055AC.pf 05.05.2007 14:50 7.65 KB Hidden from Windows API.
E:\WINDOWS\Prefetch\SUPERANTISPYWARE1241.EXE-06A966B7.pf 05.05.2007 14:56 46.69 KB Hidden from Windows API.
E:\WINDOWS\Prefetch\SWREG.EXE-0163B7DA.pf 05.05.2007 14:50 28.09 KB Hidden from Windows API.

34 discrepancies found

was soll ich damit jetzt eigentlich tun?

#4 Da muss Raman mal ran,er ist der Rootkit Spezialist
__________
MfG Argus

#5 ok, aber ich muss den Rootkid Revealer jetz schließen, wegen dem neustart vor der Java installation. aber da ist ja eh keine repair funktion oder so -.-

ich hab zeit...

#6 Das was Rootkitrevealer da meldet, kannst du ignorieren. Was du mal machen koenntest waere die Daentraegerreinigung zu nutzen (ausser alte Dateien komprimieren) Zusaetzlich noch die Systemwiederherstellung uber "weitere Optionen" saeubern.
http://support.microsoft.com/default.aspx?scid=kb;de;315246
__________
MfG Ralf
SEO-Spam Hunter

#7 hä, wenn ich laut der verlinkten anleitung vorgehe, also das hier:

Zitat

Zum Starten des Dienstprogramms Datenträgerbereinigung klicken Sie auf Start, zeigen auf Programme, zeigen auf Zubehör, zeigen auf Systemprogramme und klicken anschließend auf Datenträgerbereinigung.

dann kommt bei mir nur ein kleines Fenster mit der Auswahl der partition/Festplatte, wenn ich dann OK klicke gehts gleich los.

wo ist denn da die auswahl, wo ich "alte dateien koprimieren" deaktiviren kann. eine konsole ist da auch nicht.
auch kein "weitere optionen button"...

bin ich im falschen fenster?

#8 Du musst halt warten, bis die Anzeige erscheint. DAs kann je nach Rechner einige Minuten dauern....
__________
MfG Ralf
SEO-Spam Hunter

#9 nein, da kommt nur das fenster. danach nichts

#10 Auch, wenn du es im abgesicherten Modus macht und unter start/Ausfuehren cleanmgr eingibst?
__________
MfG Ralf
SEO-Spam Hunter

#11 Guten Tag an das Team

Da ich mit lästigen IE-Pop´s belästigt werde, obwohl ich mit dem Firefox-Explorer arbeite, bitte ich höflich um Hilfestellung.

Da ich alleine mit HijackThis nicht schlau werde, möchte ich Euch im Forum fragen, was das Logfile aussagt.

Logfile of HijackThis v1.99.1
Scan saved at 12:47:29, on 16.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\retadpu1000272.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rsvp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wetter.com/v2/?SID=&LANG=CH&LOC=7000&LOCFROM=0203&type=WORLD&id=62041
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051807 serial=DR12CES-7976137-NGQ lang=FR
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Markierte Adresse als Outlook-Kontakt speichern - C:\Program Files\SmartTools\OlAdrAss\STPAdrAssIE.hat
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175267227625
O20 - Winlogon Notify: urqrron - C:\WINDOWS\SYSTEM32\urqrron.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe


Vielen Dank für Eure Unterstützung.


Herzliche Grüsse



Manuela

#12 Nutze bitte Combofix und poste den erstellten Report.
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Ralf
SEO-Spam Hunter

#13 Hallo Ralf

Danke für Deine Antwort.

Ich habe Deine Anweisung befolgt.

"Olivier Wilhelm" - 2007-05-16 15:38:24 Service Pack 2
ComboFix 07-05.13.2.V - Running from: "C:\Documents and Settings\Olivier Wilhelm\Bureau\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\tuvtsts.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\drivers\core.sys


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 ))))))))))))))))))))))))))))))))))


2007-05-16 15:00 <REP> d-------- C:\Program Files\Roguescanfix
2007-05-16 13:36 <REP> d-------- C:\VundoFix Backups
2007-05-16 13:15 4,704 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-16 12:03 82,944 --a------ C:\intvuvmp.exe
2007-05-16 12:03 17,408 --a------ C:\WINDOWS\system32\winkve32.dll
2007-05-16 11:54 <REP> d-------- C:\Program Files\XoftSpySE
2007-05-15 10:04 <REP> d-------- C:\DOCUME~1\OLIVIE~1\APPLIC~1\Help
2007-05-11 13:23 <REP> d-------- C:\DOCUME~1\OLIVIE~1\APPLIC~1\WinRAR
2007-05-11 07:58 <REP> d-------- C:\Program Files\CasinoOnNet
2007-04-26 11:51 89,168 --a------ C:\DOCUME~1\OLIVIE~1\APPLIC~1\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-16 12:29:29 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\AdobeUM
2007-05-16 08:39:54 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-05-10 05:53:49 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-10 05:27:06 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-10 05:27:06 -------- d-----w C:\Program Files\SAGEM WiFi manager
2007-04-10 05:27:00 -------- d-----w C:\Program Files\SAGEM
2007-04-10 05:10:24 -------- d-----w C:\Program Files\Wanadoo
2007-04-09 12:09:38 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Lavasoft
2007-04-09 12:09:33 -------- d-----w C:\Program Files\Lavasoft
2007-04-09 12:09:12 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-04-06 15:12:08 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Apple Computer
2007-04-06 12:16:10 -------- d-----w C:\Program Files\QuickTime
2007-04-06 12:15:12 -------- d-----w C:\Program Files\Apple Software Update
2007-04-05 17:56:42 -------- d--h--w C:\Program Files\Zero G Registry
2007-04-05 13:53:27 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-05 10:23:31 1,168 ----a-w C:\WINDOWS\mozver.dat
2007-04-05 10:12:06 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Talkback
2007-04-05 10:11:49 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-04 18:56:21 -------- d-----w C:\Program Files\Ubi Soft
2007-04-04 12:20:10 -------- d-----w C:\Program Files\OO Software
2007-04-04 10:44:01 -------- d-----w C:\Program Files\SmartTools
2007-04-02 21:09:13 -------- d-----w C:\Program Files\WinISO
2007-03-30 17:07:10 -------- d-----w C:\Program Files\Ahead
2007-03-30 17:07:07 -------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-03-30 16:39:16 -------- d-----w C:\Program Files\Yahoo!
2007-03-29 19:43:33 64,688 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-03-29 19:43:33 446,896 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-03-29 19:36:23 -------- d-----w C:\Program Files\Windows Plus
2007-03-29 19:36:17 -------- d-----w C:\Program Files\Windows NT
2007-03-29 19:36:14 -------- d-----w C:\Program Files\Services en ligne
2007-03-29 19:36:03 -------- d-----w C:\Program Files\Realtek
2007-03-29 19:36:02 -------- d-----w C:\Program Files\Online Services
2007-03-29 19:36:02 -------- d-----w C:\Program Files\Oca History Tool
2007-03-29 19:35:16 -------- d-----w C:\Program Files\NewTech Infosystems
2007-03-29 19:35:04 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-29 19:34:56 -------- d-----w C:\Program Files\Movie Maker
2007-03-29 19:34:53 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-29 19:34:53 -------- d-----w C:\Program Files\Messenger
2007-03-29 19:34:39 -------- d-----w C:\Program Files\GemMasterFrench
2007-03-29 19:34:37 -------- d-----w C:\Program Files\FrenchOtto
2007-03-29 19:34:28 -------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-03-29 19:34:28 -------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-03-29 19:34:28 -------- d-----w C:\Program Files\Fichiers communs\NewTech Infosystems
2007-03-29 19:34:26 -------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2007-03-29 19:34:26 -------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-03-29 19:34:01 -------- d-----w C:\Program Files\CyberLink
2007-03-29 19:33:13 -------- d-----w C:\Program Files\Acer Zone
2007-03-29 19:33:13 -------- d-----w C:\Program Files\Acer WLAN 11g USB Dongle
2007-03-29 18:55:36 -------- d-----w C:\Program Files\Fichiers communs\Corel
2007-03-29 18:55:35 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Corel
2007-03-29 18:55:20 -------- d-----w C:\Program Files\Corel
2007-03-29 18:04:52 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\vlc
2007-03-29 17:21:58 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-03-29 16:38:03 -------- d-----w C:\Program Files\Fichiers communs\Macromedia Shared
2007-03-29 16:18:18 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\CyberLink
2007-03-29 15:34:33 -------- d-----w C:\Program Files\BitComet
2007-03-29 15:25:06 -------- d-----w C:\Program Files\Opanda
2007-03-29 14:25:19 -------- d-----w C:\Program Files\Microsoft Office Personal Portfolio
2007-03-29 14:25:16 -------- d-----w C:\Program Files\directx
2007-03-29 13:52:08 -------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-03-29 13:06:48 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Uniblue
2007-03-29 13:04:54 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\WordToPDF
2007-03-29 13:03:56 -------- d-----w C:\Program Files\VideoLAN
2007-03-29 12:51:14 -------- d-----w C:\Program Files\MSXML 4.0
2007-03-29 12:44:37 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-03-29 12:26:01 -------- d-----w C:\Program Files\Alwil Software
2007-03-29 12:25:25 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Dossier de téléchargement Share-to-Web
2007-03-29 11:56:44 -------- d-----w C:\Program Files\Hewlett-Packard
2007-03-29 11:56:42 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-03-29 11:55:53 -------- d-----w C:\DOCUME~1\OLIVIE~1\APPLIC~1\Dossier de téléchargement Share-to-Web
2007-03-29 11:55:17 -------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-03-29 11:39:58 -------- d-----w C:\Program Files\Securitoo
2007-03-29 11:09:39 -------- d--h--w C:\DOCUME~1\OLIVIE~1\APPLIC~1\GTek
2007-03-29 11:09:34 29,184 ----a-w C:\WINDOWS\system32\drivers\goprot51.sys
2007-03-29 11:08:39 -------- d-----w C:\Program Files\Intel
2007-03-29 11:08:39 -------- d-----w C:\Program Files\Fichiers communs\Intel
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"LaunchApp"="Alaunch"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ntiMUI"="c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
@=""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Acer Empowering Technology Monitor"="C:\\WINDOWS\\system32\\SysMonitor.exe"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
"CCUTRAYICON"="C:\\Program Files\\Intel\\IntelDH\\CCU\\CCU_TrayIcon.exe"
"NMSSupport"="\"C:\\Program Files\\Fichiers communs\\Intel\\IntelDH\\NMS\\Support\\IntelHCTAgent.exe\" /startup"
"ImageItEncrypt"="C:\\WINDOWS\\system32\\ImageItEncrypt.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"CorelDRAW Graphics Suite 11b"="C:\\Program Files\\Corel\\Corel Graphics 12\\Languages\\FR\\Programs\\Registration.exe /title=\"CorelDRAW Graphics Suite 12\" /date=051807 serial=DR12CES-7976137-NGQ lang=FR"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ooccctrl.exe"="C:\\Program Files\\OO Software\\CleverCache\\ooccctrl.exe /tasktray"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"LaunchApp"="Alaunch" [])
"RTHDCPL"="RTHDCPL.EXE" [])
"Alcmtr"="ALCMTR.EXE" [])
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15]
"@"="" [])
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 22:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 22:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 22:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 22:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 22:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 19:54]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-04-13 02:03]
"NMSSupport"="C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 18:10]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe" [2003-12-03 01:52]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"ooccctrl.exe"="C:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2005-11-09 02:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 22:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDA72771-EEC5-493C-867D-3713DC90657E}"="C:\WINDOWS\system32\urqrron.dll" []


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-16 15:42:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-16 15:43:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-16 15:43


Freundliche Grüsse


Manuela

PS:
Gerade sehe ich, dass ein Ordner namens Casinoonnet auf der Festplatte gespeichert ist.

Das habe ich nicht installiert.

Das Problem ist damit aber nicht verbunden?

#14 Priuefe bitte diese DAtei c:\windows\system32\urqrron.dll bei Jotti oder VT
__________
MfG Ralf
SEO-Spam Hunter

#15 Hallo Ralf

Diese Datei kann ich im Ordner System32 gar nicht finden.

Also habe ich die Suche laufen lassen und stelle fest, dass sie zu den heruntergeladenen Programm "VundoFix" gehört. Das Programm wird hier um Forum empfohlen. Genauer gesagt folgt nach dem "dll" noch ein "bat".

Der Virenscanner meldet Alarm, wenn ich diese Datei anklicke, um mit dem Rechtsklick in die Eigenschaften zu sehen.

Freundliche Grüsse


Manuela