Probleme mit Wurm und Windows updates funktionieren nicht |
||
---|---|---|
#0
| ||
15.05.2007, 18:50
...neu hier
Beiträge: 7 |
||
|
||
15.05.2007, 19:03
Moderator
Beiträge: 7805 |
#2
Da Combofix schon einiges gereinigt hat, musst du ein neuen Hijackthis und Combofix Report erstellen und posten.
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
24.05.2007, 17:15
...neu hier
Themenstarter Beiträge: 7 |
#3
Sorry konnte die Berichte leider nicht früher Posten war beruflich unterwegs. Hole das jetzt mal nach! Danke
LG quentin910 Logfile of HijackThis v1.99.1 Scan saved at 17:07:59, on 24.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\Programme\ICQLite\ICQLite.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\twain_32\1200 CU PLUS\WATCH.exe C:\Programme\TextBridge Classic 2.0\Ereg\REMIND32.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Geizkragen\_Geizkragen.exe C:\PROGRA~1\MOZILLA\MOZILLA.EXE D:\sicherheit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freenet.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skcc32.exe -s O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skcc32.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: reminder-ScanSoft Produkt Registrierung.lnk = C:\Programme\TextBridge Classic 2.0\Ereg\REMIND32.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\1200 CU PLUS\WATCH.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{807FA027-EA50-48E9-BB83-8FD68A0FC512}: NameServer = 62.104.191.241 62.104.196.134 O20 - AppInit_DLLs: ifcstat.dll e1.dll confxxn.dll msjidpmo.dll O20 - Winlogon Notify: dbgmgr - ifcmgr32.dll (file missing) O20 - Winlogon Notify: msssmsda - C:\WINDOWS\system32\msssmsda.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe "Olga Majewski" - 2007-05-24 17:08:51 Service Pack 2 ComboFix 07-05.13.V - Running from: "C:\Dokumente und Einstellungen\Olga Majewski\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 )))))))))))))))))))))))))))))))))) 2007-05-24 17:10 77,804 --a------ C:\WINDOWS\system32\msssmsda.exe 2007-05-24 17:10 24,576 --a------ C:\WINDOWS\system32\msjidpmo.dll 2007-05-20 12:29 83,990 --a------ C:\WINDOWS\tgt86.exe 2007-05-20 12:29 53,248 --ah----- C:\WINDOWS\system32\confxxn.dll 2007-05-20 12:29 45,056 --ah----- C:\WINDOWS\system32\xxnprf32.dll 2007-05-20 12:29 40,960 --ah----- C:\WINDOWS\system32\xxnperf.exe 2007-05-15 18:45 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-11 17:06 192,512 --a------ C:\WINDOWS\csrcss.exe 2007-05-02 20:05 668 --a------ C:\datFind.bat 2007-04-29 11:04 57,344 --ah----- C:\WINDOWS\system32\mif97lo.dll 2007-04-29 11:04 45,056 --ah----- C:\WINDOWS\system32\in4ihwq.exe 2007-04-29 10:59 189,952 --a------ C:\WINDOWS\csrscde.exe 2007-04-27 20:24 177,152 --a------ C:\WINDOWS\wndtray.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-24 15:03:04 -------- d-----w C:\Programme\Geizkragen 2007-05-23 11:45:53 -------- d-----w C:\Programme\ICQToolbar 2007-05-20 11:44:42 -------- d-----w C:\Programme\MSN Messenger 2007-05-20 10:29:06 4 ----a-w C:\WINDOWS\system32\msssmsda.dat 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-21 09:29:50 -------- d-----w C:\Programme\Microsoft Picture It! PhotoPub 2007-04-19 19:35:36 179,200 ----a-w C:\WINDOWS\wincrt.exe 2007-04-19 06:15:56 28,672 ----a-w C:\WINDOWS\system32\e1.dll 2007-04-19 06:15:56 16 ----a-w C:\WINDOWS\hpsys.dat 2007-04-17 19:28:59 116,736 ----a-w C:\WINDOWS\sccsd32.exe 2007-04-16 10:59:09 177,152 ----a-w C:\WINDOWS\idl32.exe 2007-04-11 20:18:31 0 ----a-w C:\WINDOWS\tcsrahrk2.reg 2007-04-11 18:13:58 -------- d-----w C:\Programme\Alwil Software 2007-04-08 11:43:26 40,960 ---ha-w C:\WINDOWS\system32\ifcperf.exe 2007-04-08 11:40:53 20,480 ----a-w C:\WINDOWS\system32\scrilprh.dll 2007-04-08 11:40:53 16,384 ----a-w C:\WINDOWS\system32\mspradsn.exe 2007-04-08 11:40:51 98,304 ----a-w C:\WINDOWS\system32\msssmsda.dll 2007-03-25 09:09:39 48,156 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-03-25 09:09:39 316,594 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-03-08 21:51:21 -------- d-----w C:\Programme\ICQLite (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "InstantAccess"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE /h" "RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "himem.exe"="C:\\WINDOWS\\skcc32.exe -s" "SoundMnEx32"="C:\\WINDOWS\\skcc32.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16] "nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe]) "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-07-07 16:04] "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 16:20] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2007-05-20 13:47] "himem.exe"="C:\WINDOWS\skcc32.exe" [] "SoundMnEx32"="C:\WINDOWS\skcc32.exe" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" [2007-05-20 13:49] "Microsoft Works Update Detection"="C:\Programme\Microsoft Works\WkDetect.exe" [2000-07-21 16:39] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" "Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbgmgr HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msssmsda [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="ifcstat.dll e1.dll confxxn.dll msjidpmo.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works portfolio C:\Programme\Microsoft Works\WksSb.exe /AllUsers HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works update detection C:\Programme\Microsoft Works\WkDetect.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerocheck C:\WINDOWS\System32\NeroCheck.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\worksfud C:\Programme\Microsoft Works\wkfud.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-24 17:11:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-24 17:12:19 C:\ComboFix-quarantined-files.txt ... 2007-05-24 17:12 C:\ComboFix2.txt ... 2007-05-15 18:46 |
|
|
||
24.05.2007, 17:47
Moderator
Beiträge: 7805 |
#4
Mache bitte ein neues Combofix Report, mit einer neu heruntergeladen Version und nutze folgende Scanner zur Kontrolle.
Mache noch einen Kontrollscan mit drweb Cureit: http://freedrweb.com/?lng=de sowie Ewido Micro: http://downloads.ewido.net/ewido_micro.exe Poste bitte alle Reporte und logfiles. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
26.05.2007, 16:46
...neu hier
Themenstarter Beiträge: 7 |
#5
so ich habe drweb Cureit durchlaufen lassen er hatte 2 sachen gefunden und desinfiziert...jetzt noch ein neuer bericht von comboFix
"Olga Majewski" - 2007-05-26 16:40:47 Service Pack 2 ComboFix 07-05.26.3.V - Running from: "C:\Dokumente und Einstellungen\Olga Majewski\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 )))))))))))))))))))))))))))))))))) 2007-05-26 16:07 <DIR> d-------- C:\Dokumente und Einstellungen\OLGAMA~1\DoctorWeb 2007-05-26 16:07 <DIR> d-------- C:\DOKUME~1\OLGAMA~1\DoctorWeb 2007-05-20 12:29 83,990 --a------ C:\WINDOWS\tgt86.exe 2007-05-20 12:29 53,248 --ah----- C:\WINDOWS\system32\confxxn.dll 2007-05-20 12:29 45,056 --ah----- C:\WINDOWS\system32\xxnprf32.dll 2007-05-20 12:29 40,960 --ah----- C:\WINDOWS\system32\xxnperf.exe 2007-05-15 18:45 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-11 17:06 192,512 --a------ C:\WINDOWS\csrcss.exe 2007-05-02 20:05 668 --a------ C:\datFind.bat 2007-04-29 11:04 57,344 --ah----- C:\WINDOWS\system32\mif97lo.dll 2007-04-29 11:04 45,056 --ah----- C:\WINDOWS\system32\in4ihwq.exe 2007-04-29 10:59 189,952 --a------ C:\WINDOWS\csrscde.exe 2007-04-27 20:24 177,152 --a------ C:\WINDOWS\wndtray.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-26 14:16:46 -------- d-----w C:\Programme\Geizkragen 2007-05-26 13:40:10 -------- d-----w C:\Programme\ICQToolbar 2007-05-20 11:44:42 -------- d-----w C:\Programme\MSN Messenger 2007-05-20 10:29:06 4 ----a-w C:\WINDOWS\system32\msssmsda.dat 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-21 09:29:50 -------- d-----w C:\Programme\Microsoft Picture It! PhotoPub 2007-04-19 19:35:36 179,200 ----a-w C:\WINDOWS\wincrt.exe 2007-04-19 06:15:56 16 ----a-w C:\WINDOWS\hpsys.dat 2007-04-17 19:28:59 116,736 ----a-w C:\WINDOWS\sccsd32.exe 2007-04-16 10:59:09 177,152 ----a-w C:\WINDOWS\idl32.exe 2007-04-11 20:18:31 0 ----a-w C:\WINDOWS\tcsrahrk2.reg 2007-04-11 18:13:58 -------- d-----w C:\Programme\Alwil Software 2007-04-08 11:43:26 40,960 ---ha-w C:\WINDOWS\system32\ifcperf.exe 2007-04-08 11:40:53 20,480 ----a-w C:\WINDOWS\system32\scrilprh.dll 2007-04-08 11:40:53 16,384 ----a-w C:\WINDOWS\system32\mspradsn.exe 2007-03-25 09:09:39 48,156 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-03-25 09:09:39 316,594 ----a-w C:\WINDOWS\system32\perfh007.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16] "nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe] "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-07-07 16:04] "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 16:20] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2007-05-20 13:47] "himem.exe"="C:\WINDOWS\skcc32.exe" [] "SoundMnEx32"="C:\WINDOWS\skcc32.exe" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-05-20 13:49] "Microsoft Works Update Detection"="C:\Programme\Microsoft Works\WkDetect.exe" [2000-07-21 16:39] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbgmgr] ifcmgr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msssmsda] C:\WINDOWS\system32\msssmsda.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= ifcstat.dll confxxn.dll e1.dll msjidpmo.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Erinnerungen in Microsoft Works-Kalender.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen in Microsoft Works-Kalender.lnk backup=C:\WINDOWS\pss\Erinnerungen in Microsoft Works-Kalender.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] C:\Programme\Microsoft Works\wkfud.exe ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-26 16:43:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-26 16:44:20 C:\ComboFix-quarantined-files.txt ... 2007-05-24 17:12 C:\ComboFix2.txt ... 2007-05-24 18:11 C:\ComboFix3.txt ... 2007-05-24 17:12 --- E O F --- Das Ewido Micro ging leider nicht hat so lange gedauert mit dem runterladen der database und der pc hat nur ein 56 k modem sorry wenn es total wichtig mache ich es aber natürlich noch lg |
|
|
||
26.05.2007, 17:05
Moderator
Beiträge: 7805 |
#6
Problem ist, der Rechner sit stark verseucht. Im Grunde waere es wohl einfacher und schneller den Rechner neu aufzusetzen. Leider ist es bei einem Modem natuerloich langwiriger, die ganzen Updates zu installieren. Vieleicht hast du ja die Moeglichkeit daas bei einem Bekannten zu machen, der einen DSL Anschluss besitzt!?
Schicke bitte einmal folgende Dateien an unten angegebene Adresse. Am besten vorher packen und mit einem Password versehen...... 2007-05-20 12:29 83,990 --a------ C:\WINDOWS\tgt86.exe 2007-05-20 12:29 53,248 --ah----- C:\WINDOWS\system32\confxxn.dll 2007-05-20 12:29 45,056 --ah----- C:\WINDOWS\system32\xxnprf32.dll 2007-05-20 12:29 40,960 --ah----- C:\WINDOWS\system32\xxnperf.exe 2007-05-11 17:06 192,512 --a------ C:\WINDOWS\csrcss.exe 2007-04-29 11:04 57,344 --ah----- C:\WINDOWS\system32\mif97lo.dll 2007-04-29 11:04 45,056 --ah----- C:\WINDOWS\system32\in4ihwq.exe 2007-04-29 10:59 189,952 --a------ C:\WINDOWS\csrscde.exe C:\WINDOWS\system32\msssmsda.dll C:\WINDOWS\system32\msssmsda.exe 2007-04-19 19:35:36 179,200 ----a-w C:\WINDOWS\wincrt.exe 2007-04-17 19:28:59 116,736 ----a-w C:\WINDOWS\sccsd32.exe 2007-04-16 10:59:09 177,152 ----a-w C:\WINDOWS\idl32.exe 2007-04-08 11:43:26 40,960 ---ha-w C:\WINDOWS\system32\ifcperf.exe 2007-04-08 11:40:53 20,480 ----a-w C:\WINDOWS\system32\scrilprh.dll 2007-04-08 11:40:53 16,384 ----a-w C:\WINDOWS\system32\mspradsn.exe __________ MfG Ralf SEO-Spam Hunter |
|
|
||
"Mach bitte ein eigener Thread auf und poste da
1.Benutze CleunUp
Download CleanUp
Anleitung: http://www.virus-protect.org/cleanup.html
2 ComboFix
Download ComboFix zum Desktop
Doppelklick combofix.exe
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt).
Poste nachher den logfile C:\ combofix.txt in dein folgender Bericht zuzammen mit ein log von HijackThis"
Hoffe ich mache alles richtig und ihr könnt mir helfen.
Hier sind die gewünschten Daten:
HifackThis
Logfile of HijackThis v1.99.1
Scan saved at 18:39:35, on 15.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\twain_32\1200 CU PLUS\WATCH.exe
C:\Programme\TextBridge Classic 2.0\Ereg\REMIND32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Geizkragen\_Geizkragen.exe
C:\PROGRA~1\MOZILLA\MOZILLA.EXE
C:\WINDOWS\System32\msssmsda.exe
D:\sicherheit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freenet.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skcc32.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skcc32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: reminder-ScanSoft Produkt Registrierung.lnk = C:\Programme\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\1200 CU PLUS\WATCH.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{807FA027-EA50-48E9-BB83-8FD68A0FC512}: NameServer = 62.104.191.241 62.104.196.134
O20 - AppInit_DLLs: ifcstat.dll e1.dll diagisr.dll pns6klale4.dll
O20 - Winlogon Notify: dbgmgr - ifcmgr32.dll (file missing)
O20 - Winlogon Notify: msssmsda - C:\WINDOWS\system32\msssmsda.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
ComboFix
"Olga Majewski" - 2007-05-15 18:41:55 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Dokumente und Einstellungen\Olga Majewski\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))
2007-05-15 18:15 77,804 --a------ C:\WINDOWS\system32\msssmsda.exe
2007-05-11 17:06 192,512 --a------ C:\WINDOWS\csrcss.exe
2007-05-02 20:05 668 --a------ C:\datFind.bat
2007-04-29 11:04 61,440 --ah----- C:\WINDOWS\system32\pns6klale4.dll
2007-04-29 11:04 57,344 --ah----- C:\WINDOWS\system32\mif97lo.dll
2007-04-29 11:04 45,056 --ah----- C:\WINDOWS\system32\in4ihwq.exe
2007-04-29 10:59 189,952 --a------ C:\WINDOWS\csrscde.exe
2007-04-27 20:24 53,248 --ah----- C:\WINDOWS\system32\isrprf32.dll
2007-04-27 20:24 53,248 --ah----- C:\WINDOWS\system32\diagisr.dll
2007-04-27 20:24 177,152 --a------ C:\WINDOWS\wndtray.exe
2007-04-19 21:35 179,200 --a------ C:\WINDOWS\wincrt.exe
2007-04-19 08:15 28,672 --a------ C:\WINDOWS\system32\e1.dll
2007-04-19 08:15 16 --a------ C:\WINDOWS\hpsys.dat
2007-04-17 21:28 116,736 --a------ C:\WINDOWS\sccsd32.exe
2007-04-16 12:59 177,152 --a------ C:\WINDOWS\idl32.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-15 16:15:53 4 ----a-w C:\WINDOWS\system32\msssmsda.dat
2007-05-15 16:14:27 -------- d-----w C:\Programme\Geizkragen
2007-05-13 18:24:57 -------- d-----w C:\Programme\ICQToolbar
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-29 09:04:49 -------- d-----w C:\Programme\MSN Messenger
2007-04-21 09:29:50 -------- d-----w C:\Programme\Microsoft Picture It! PhotoPub
2007-04-11 20:18:31 0 ----a-w C:\WINDOWS\tcsrahrk2.reg
2007-04-11 18:13:58 -------- d-----w C:\Programme\Alwil Software
2007-04-08 11:43:26 40,960 ---ha-w C:\WINDOWS\system32\ifcperf.exe
2007-04-08 11:40:53 20,480 ----a-w C:\WINDOWS\system32\scrilprh.dll
2007-04-08 11:40:53 16,384 ----a-w C:\WINDOWS\system32\mspradsn.exe
2007-04-08 11:40:51 98,304 ----a-w C:\WINDOWS\system32\msssmsda.dll
2007-03-25 09:09:39 48,156 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 09:09:39 316,594 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-08 21:51:21 -------- d-----w C:\Programme\ICQLite
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"InstantAccess"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE /h"
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"himem.exe"="C:\\WINDOWS\\skcc32.exe -s"
"SoundMnEx32"="C:\\WINDOWS\\skcc32.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe])
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-07-07 16:04]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 16:20]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2007-04-19 21:54]
"himem.exe"="C:\WINDOWS\skcc32.exe" []
"SoundMnEx32"="C:\WINDOWS\skcc32.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" [2007-04-29 11:05]
"Microsoft Works Update Detection"="C:\Programme\Microsoft Works\WkDetect.exe" [2000-07-21 16:39]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbgmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msssmsda
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="ifcstat.dll e1.dll diagisr.dll pns6klale4.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works portfolio
C:\Programme\Microsoft Works\WksSb.exe /AllUsers
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works update detection
C:\Programme\Microsoft Works\WkDetect.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerocheck
C:\WINDOWS\System32\NeroCheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\worksfud
C:\Programme\Microsoft Works\wkfud.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 18:45:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-15 18:45:44
C:\ComboFix-quarantined-files.txt ... 2007-05-15 18:45
((((((((((((((((((((((((((((((( Files Created from 15.0-01-07 to 15.05.2007 ))))))))))))))))))))))))))))))))))
Wäre echt super wenn ihr mir helfen könnt!
Danke schon mal im Vorraus