Trojaner gefunden: Click.MNB, Vundo.AU & Fotomoto.1.F

#1 Hallo wiedermal,

Hab 3 Trojaner auf meinem System:
Click.MNB
Vundo.AU
Fotomoto.F.1

Mein Antivirus meldet diese die ganze Zeit und mein Internet wird auch langsamer.
Wenn ich die Trojaner löschen möchte dann geht das zwar, aber nach 5 min. kommt wieder die Meldung.
Den Trojaner Click.MNB hat er unter gefunden:
"C:\Users\***\AppData\Loc...\poiu[1]"
"C:\Users\***\AppData...\huxrtirr.exe"
"C:\Users\***\AppData...\ayuhilby.exe"

Den Trojaner Vundo.AU hat er unter gefunden:
"C:\Users\***\AppData\Loc...\hctp[1]"
"C:\Users\***\AppData...\bsserbox.dll"
"C:\Users\***\AppData...\junymkysw.dll"
"C:\Users\***\AppData...\sfdtbclh.dll"

Den Trojaner Fotomoto.F.1 hat er unter gefunden:
"C:\Users\***\AppData...\pochki20071106[1]"
"C:\Users\***\AppData...\sifdjnia.exe"
"C:\Users\***\AppData...\xcnqtmod.exe"
"C:\Users\***\AppData...\nulhynjd.exe"

Die Daten sind derzeit in Quarantäne. Hab das HijackThis Logfile ausgewärtet auf http://www.hijackthis.de/de ist aber nichts rausgekommen ich schreibs aber trozdem nochmal unten hin.

Der Rest kommt gleich

Lg Peter

PS:WinVista

HjickThis:

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 12:49:51, on 03.12.2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\PETERB~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/at/ÿç
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [TrueDownloaderAutoStart] C:\Program Files\TrueDownloader\TrueDownloader.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Unknown owner - c:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: InterBase InterClient Server (InterServer) - InterBase - C:\Program Files\Borland\InterBase\InterClient\bin\interserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

#2 ComboFix:

Zitat

ComboFix 07-12-02.6 - Peter *** 2007-12-03 13:14:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.990 [GMT 1:00]
ausgeführt von:: C:\Users\***\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\Cfx32.lic
C:\Windows\system32\cfx32.ocx
C:\Windows\System32\mpqss.bak1
C:\Windows\System32\mpqss.bak2
C:\Windows\System32\mpqss.ini
C:\Windows\System32\mpqss.ini2
C:\Windows\System32\mpqss.tmp
C:\Windows\system32\ssqpm.dll

.
((((((((((((((((((((((( Dateien erstellt von 2007-11-03 bis 2007-12-03 ))))))))))))))))))))))))))))))
.

2007-12-03 12:46 . 2007-12-03 12:46 73,280 --a------ C:\Windows\System32\iexhnyqm.dll
2007-12-03 12:37 . 2007-12-03 12:37 244 --ah----- C:\sqmnoopt03.sqm
2007-12-03 12:37 . 2007-12-03 12:37 232 --ah----- C:\sqmdata03.sqm
2007-12-02 15:42 . 2007-12-03 12:49 <DIR> d-------- C:\hijackthis
2007-12-02 15:42 . 2007-12-02 15:41 212,849 --a------ C:\hijackthis.zip
2007-12-02 10:31 . 2007-12-02 10:31 244 --ah----- C:\sqmnoopt02.sqm
2007-12-02 10:31 . 2007-12-02 10:31 232 --ah----- C:\sqmdata02.sqm
2007-11-28 10:33 . 2007-11-28 10:34 <DIR> d-------- C:\Program Files\FS2004SDK
2007-11-28 10:32 . 2007-11-28 10:33 <DIR> d-------- C:\Windows\Downloaded Installations
2007-11-28 09:22 . 2007-11-28 09:22 1,461,736 --a------ C:\Windows\System32\PerfStringBackup.INI
2007-11-26 19:07 . 2007-11-26 19:09 109,368 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2007-11-26 19:05 . 2007-11-26 19:05 0 --a------ C:\Windows\mtstack.INI
2007-11-26 13:33 . 1999-03-06 13:25 1,347,344 --a------ C:\Windows\System32\Msvbvm50.1
2007-11-26 13:33 . 1999-03-17 19:47 87,552 --a------ C:\Windows\System32\sp_Project.ocx
2007-11-26 13:33 . 1999-03-06 14:20 64,000 --a------ C:\Windows\System32\apigid32.dll
2007-11-26 13:33 . 1999-03-06 13:25 30,720 --a------ C:\Windows\System32\DwgThumbnail.ocx
2007-11-26 13:33 . 1999-03-06 13:25 29,696 --a------ C:\Windows\System32\VB5StKit.dll
2007-11-26 13:33 . 1999-03-17 19:47 20,480 --a------ C:\Windows\System32\spCatch.dll
2007-11-26 13:09 . 1997-10-15 10:54 299,520 --a------ C:\Windows\uninst.exe
2007-11-26 12:40 . 2007-11-26 12:40 1,644 --a------ C:\Windows\ODBCINST.INI
2007-11-26 12:40 . 2007-11-26 12:40 288 --a------ C:\Windows\ODBC.INI
2007-11-26 12:39 . 2007-11-26 12:39 <DIR> d-------- C:\Windows\OCCACHE
2007-11-26 12:38 . 1999-02-05 01:56 148,480 --a------ C:\Windows\fsivba.dll
2007-11-26 12:37 . 2007-11-26 12:38 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-26 12:34 . 2007-11-26 14:24 <DIR> d-------- C:\Program Files\ACAD2000
2007-11-26 09:53 . 2007-11-26 09:58 <DIR> d-------- C:\Program Files\vasfmc2
2007-11-25 21:13 . 2007-11-25 21:15 <DIR> d-------- C:\Program Files\Pinnacle
2007-11-25 19:41 . 2007-11-29 22:20 <DIR> d-------- C:\Users\All Users\FreePDF
2007-11-25 19:41 . 2007-11-29 22:20 <DIR> d-------- C:\ProgramData\FreePDF
2007-11-25 19:41 . 2007-11-25 19:41 <DIR> d-------- C:\Program Files\FreePDF_XP
2007-11-25 19:41 . 2005-01-06 18:33 119,152 --a------ C:\Windows\System32\redmon.hlp
2007-11-25 19:41 . 2005-01-06 18:33 116,224 --a------ C:\Windows\System32\redmonnt.dll
2007-11-25 19:41 . 2005-01-06 18:33 45,056 --a------ C:\Windows\System32\unredmon.exe
2007-11-25 19:40 . 2007-11-25 19:41 <DIR> d-------- C:\Program Files\gs
2007-11-24 22:35 . 2007-11-24 22:41 <DIR> d-------- C:\Program Files\FS Panel Studio
2007-11-23 21:36 . 2007-11-24 07:10 <DIR> d-------- C:\Users\Peter Buchegger\{8c6b9621-4296-46f3-b8e6-6cf62c122967}
2007-11-23 21:30 . 2003-03-19 04:04 765,952 --------- C:\Windows\System32\msvcp71d.dll
2007-11-23 21:30 . 2002-01-05 20:16 737,280 --------- C:\Windows\System32\msvcp70d.dll
2007-11-23 21:30 . 2003-03-19 04:03 544,768 --------- C:\Windows\System32\msvcr71d.dll
2007-11-23 21:30 . 2002-01-05 20:16 536,576 --------- C:\Windows\System32\msvcr70d.dll
2007-11-23 21:30 . 2004-06-03 11:47 385,100 --------- C:\Windows\System32\MSVCRTD.DLL
2007-11-23 21:30 . 1998-11-02 19:57 196,096 --------- C:\Windows\System32\MACD32.DLL
2007-11-23 21:30 . 1998-11-02 19:57 138,752 --------- C:\Windows\System32\MASE32.DLL
2007-11-23 21:30 . 1998-11-02 19:57 136,192 --------- C:\Windows\System32\MAMC32.DLL
2007-11-23 21:30 . 1998-11-02 19:57 57,856 --------- C:\Windows\System32\MASD32.DLL
2007-11-23 21:30 . 1998-11-02 19:57 27,648 --------- C:\Windows\System32\MA32.DLL
2007-11-22 21:17 . 2007-11-22 21:18 <DIR> d-------- C:\Program Files\CCS 2004
2007-11-22 21:17 . 2007-11-22 21:17 56,320 --a------ C:\Windows\SSEUninstaller.exe
2007-11-22 21:16 . 1998-06-18 07:00 102,912 --a------ C:\Windows\System32\VB6STKIT.DLL
2007-11-22 21:16 . 2007-11-22 21:16 44,544 --a------ C:\Windows\System32\Gif89.dll
2007-11-22 21:16 . 2006-01-05 22:46 40,960 --a------ C:\Windows\System32\AbstractHyperlink.ocx
2007-11-22 21:16 . 2007-11-22 21:16 32,768 --a------ C:\Windows\System32\ShellLnkSSE.dll
2007-11-20 15:05 . 2007-11-20 15:05 <DIR> d-------- C:\Program Files\Lovett Software
2007-11-20 15:05 . 2007-11-20 15:04 724,992 --a------ C:\Windows\iun6002.exe
2007-11-19 10:30 . 2007-11-19 14:21 <DIR> d-------- C:\Program Files\FSFDT
2007-11-16 22:40 . 2001-03-08 18:30 24,064 --------- C:\Windows\System32\msxml3a.dll
2007-11-15 23:19 . 2007-11-15 23:19 118,649 --a------ C:\Windows\System32\SLY7yI1xV-M
2007-11-15 23:04 . 2007-11-15 23:21 119,280 --a------ C:\Windows\System32\related
2007-11-15 19:53 . 2007-12-03 12:23 <DIR> d-------- C:\Users\Peter Buchegger\AppData\Roaming\teamspeak2
2007-11-15 19:53 . 2007-11-15 19:53 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-15 19:47 . 2007-11-15 19:47 1,748,588 --a------ C:\Windows\System32\pc-windows-xp.2up.pdf
2007-11-14 23:29 . 2007-11-14 23:29 116,489 --a------ C:\Windows\System32\5SH6se6a6vI
2007-11-14 23:24 . 2007-11-14 23:24 115,798 --a------ C:\Windows\System32\cPf4XhsTrwI
2007-11-14 23:23 . 2007-11-14 23:23 118,238 --a------ C:\Windows\System32\VpWk1k-YNKM
2007-11-14 23:18 . 2007-11-14 23:18 86,377 --a------ C:\Windows\System32\aXaNZFqHxP8
2007-11-14 22:39 . 2007-11-24 22:38 <DIR> d-------- C:\Users\Peter Buchegger\AppData\Roaming\FileZilla
2007-11-14 22:38 . 2007-11-14 22:38 <DIR> d-------- C:\Program Files\FileZilla Client
2007-11-14 09:25 . 2007-11-14 09:25 15,475,959 --a------ C:\Windows\System32\sag_video_final_dsl.wmv
2007-11-14 09:22 . 2007-11-14 09:22 <DIR> d-------- C:\Program Files\SquawkBox3
2007-11-14 00:36 . 2007-11-14 00:36 <DIR> d-------- C:\Users\Peter Buchegger\temp
2007-11-14 00:36 . 2007-11-14 00:38 <DIR> d-------- C:\Users\Peter Buchegger\AppData\Roaming\TeamViewer
2007-11-14 00:36 . 2007-11-14 00:36 <DIR> d-------- C:\Program Files\TeamViewer3
2007-11-13 23:54 . 2007-11-14 00:02 259 --a------ C:\Windows\synergy.sgc
2007-11-13 23:45 . 2007-11-13 23:45 <DIR> d-------- C:\Program Files\Synergy
2007-11-12 12:45 . 2007-11-12 12:45 311,296 --a------ C:\Windows\System32\mswmdm.dll
2007-11-12 12:45 . 2007-11-12 12:45 36,864 --a------ C:\Windows\System32\wmdmps.dll
2007-11-12 12:45 . 2007-11-12 12:45 31,744 --a------ C:\Windows\System32\wmdmlog.dll
2007-11-12 12:44 . 2007-11-12 12:44 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-11-12 12:44 . 2007-11-12 12:44 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-11-12 12:44 . 2007-11-12 12:44 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-11-12 12:44 . 2007-11-12 12:44 4,096 --a------ C:\Windows\System32\msdxm.ocx
2007-11-12 12:44 . 2007-11-12 12:44 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-11-08 22:56 . 2007-11-08 22:56 123 --a------ C:\Windows\System32\oe3_live
2007-11-05 14:05 . 1999-05-03 22:20 286,720 --a------ C:\Windows\System32\matrix2.scr
2007-11-05 00:26 . 2007-11-05 00:28 <DIR> d-------- C:\Program Files\VisionGS PE
2007-11-05 00:15 . 2007-11-18 20:22 347,351,675 --a------ C:\Windows\MEMORY.DMP
2007-11-04 23:45 . 2007-11-05 09:13 <DIR> d-------- C:\Users\Peter Buchegger\{45480ce9-4572-4df6-9768-2e214de16a27}
2007-11-04 23:45 . 2007-11-05 09:13 <DIR> d-------- C:\Program Files\Webcam Simulator
2007-11-04 22:26 . 2007-04-02 12:09 123,053,416 --a------ C:\Users\Peter Buchegger\LifeCam1_3VX.exe
2007-11-04 00:00 . 2007-11-23 14:35 <DIR> d-------- C:\Users\All Users\OrbNetworks
2007-11-04 00:00 . 2007-11-23 14:35 <DIR> d-------- C:\ProgramData\OrbNetworks
2007-11-04 00:00 . 2007-12-03 11:07 <DIR> d-------- C:\Program Files\Winamp Remote
2007-11-03 22:00 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll
2007-11-03 19:30 . 2007-11-03 19:30 108,400 --a------ C:\Windows\System32\3rYoRaxgOE0

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 11:37 --------- d-----w C:\Users\Peter Buchegger\AppData\Roaming\Skype
2007-12-03 11:35 --------- d-----w C:\Users\Peter Buchegger\AppData\Roaming\OpenOffice.org2
2007-12-03 11:23 --------- d-----w C:\Program Files\Winamp
2007-12-03 11:23 --------- d-----w C:\Program Files\VRC
2007-11-26 18:16 --------- d-----w C:\Program Files\TrueDownloader
2007-11-25 03:28 --------- d-----w C:\Program Files\FSAcars
2007-11-23 20:34 --------- d-----w C:\ProgramData\Pinnacle
2007-11-20 11:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 08:37 156,881 ----a-w C:\Users\Peter Buchegger\AppData\Roaming\nvModes.dat
2007-11-16 21:45 --------- d-----w C:\ProgramData\CyberLink
2007-11-16 21:39 --------- d-----w C:\Program Files\CyberLink
2007-11-14 12:15 --------- d-----w C:\Users\Peter Buchegger\AppData\Roaming\dvdcss
2007-11-12 12:01 174 --sha-w C:\Program Files\desktop.ini
2007-11-12 11:58 --------- d-----w C:\Program Files\Windows Mail
2007-11-12 11:58 --------- d-----w C:\Program Files\Windows Calendar
2007-11-12 11:46 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-12 11:46 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-12 11:46 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-12 11:46 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-12 11:46 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-12 11:46 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-12 11:46 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-12 11:46 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-12 11:46 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-12 11:46 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-12 11:46 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-12 11:46 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-12 11:46 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-12 11:46 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-12 11:46 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-12 11:46 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-12 11:46 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-12 11:46 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-12 11:46 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-12 11:42 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-11-12 11:42 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-11-12 11:42 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-11-12 11:42 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-11-12 11:42 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-12 11:42 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-11-12 11:42 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-11-12 11:42 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-11-12 11:42 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-11-12 11:42 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-12 11:42 3,470,008 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-12 11:42 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-11-12 11:42 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-11-12 11:42 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-11-12 11:42 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-11-12 11:42 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-11-12 11:42 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-11-12 11:42 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-11-09 07:26 --------- d-----w C:\Program Files\ICQ6
2007-11-04 01:00 3,012 ----a-w C:\drmHeader.bin
2007-11-02 00:56 --------- d-----w C:\Program Files\screenpusher
2007-11-01 21:16 --------- d-----w C:\ProgramData\Avira
2007-11-01 21:16 --------- d-----w C:\Program Files\Avira
2007-10-30 15:05 --------- d-----w C:\Program Files\Crazy Machines - Neues aus dem Labor
2007-10-30 14:24 --------- d-----w C:\Users\Peter Buchegger\AppData\Roaming\DivX
2007-10-29 20:40 803,840 ----a-w C:\Windows\system32\drivers\tcpip.sys
2007-10-29 20:40 22,016 ----a-w C:\Windows\System32\netiougc.exe
2007-10-29 20:40 217,272 ----a-w C:\Windows\system32\drivers\netio.sys
2007-10-29 20:40 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2007-10-29 20:40 --------- d-----w C:\ProgramData\CheckPoint
2007-10-29 19:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-29 19:39 --------- d-----w C:\ProgramData\Symantec
2007-10-29 12:17 --------- d---a-w C:\ProgramData\TEMP
2007-10-24 08:17 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-24 07:50 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-10-24 06:50 --------- d-----w C:\Program Files\Windows Communicator
2007-10-23 18:04 --------- d-----w C:\Program Files\DivX
2007-10-23 09:20 --------- d-----w C:\Program Files\Java
2007-10-23 08:51 --------- d-----w C:\Program Files\Inno Setup 5
2007-10-23 07:41 --------- d-----w C:\Program Files\ElastoMania111
2007-10-22 08:33 --------- d-----w C:\Program Files\Eltima Software
2007-10-22 08:30 --------- d-----w C:\Program Files\COM-Port datalogger v1-2-2
2007-10-16 06:26 --------- d-----w C:\Program Files\Google
2007-10-15 18:24 --------- d-----w C:\Users\Peter Buchegger\AppData\Roaming\Microsoft Games
2007-10-12 17:26 --------- d-----w C:\Program Files\Borland
2007-10-12 17:16 --------- d-----w C:\Program Files\Common Files\Borland Shared
2007-10-11 18:36 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-11 18:36 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-11 18:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-11 18:35 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 18:35 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-11 18:35 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-10 14:41 --------- d-----w C:\Program Files\Onlinetimer
2007-10-09 11:01 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-10-01 09:12 0 ----a-w C:\Users\Peter Buchegger\AppData\Roaming\wklnhst.dat
2007-09-11 19:46 35,079,921 ----a-w C:\Users\Public\xampp-win32-1.6.3a-installer.exe
2007-09-09 15:47 3,568,008 ----a-w C:\Users\Public\LEVELD-PMDG_0609.zip
2007-09-09 15:44 2,961,070 ----a-w C:\Users\Public\ogs120.zip
2007-09-08 21:53 457,028 ----a-w C:\Users\Public\WideFS.zip
2007-08-30 20:41 77,414,298 ----a-w C:\Users\Public\aStudio4b528.exe
2007-08-24 14:34 6,059,985 ----a-w C:\Users\Public\FreeTrack_v2.0.exe
2007-07-26 09:19 7,659,710 ----a-w C:\Users\Public\Panel.zip
2007-04-05 14:32 3,610,009 ----a-w C:\Users\Public\FSUIPC_SDK.zip
2006-06-21 20:55 8,661,936 ----a-w C:\Users\Public\winamp524_full_bundle_emusic-7plus.exe
2004-05-02 21:19 13,529 ----a-w C:\Users\Public\PBOOT.EXE
2007-07-23 18:19 61 --sh--w C:\Windows\cnerolf.bin
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6cecfa3-747b-41cf-97ed-d4beafa45bb5}]
2007-12-03 12:46 73280 --a------ C:\Windows\system32\iexhnyqm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 16:10]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2006-11-02 10:45]
"TrueDownloaderAutoStart"="C:\Program Files\TrueDownloader\TrueDownloader.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]
"PMCRemote"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-22 10:30]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 06:09]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" []
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 10:10 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 16:42]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-04-26 16:54]
"Acer Tour"="" []
"PLFSet"="C:\Windows\PLFSet.dll" [2007-03-09 17:51]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-05-04 05:23]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 10:16]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37]
"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 16:49]
"SetPanel"="C:\Acer\APanel\APanel.cmd" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Windows Mobile-based device management"="%WINDIR%\WindowsMobile\wmdcBase.exe" []
"NvSvc"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"nwiz"="nwiz.exe" []
"openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 09:55]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-01 22:18]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27]

C:\Users\Peter Buchegger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-06-24 22:00:25]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 12:11:50]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-11 06:11:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnllk]
urqnllk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
LPDService REG_MULTI_SZ LPDSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6073b115-6d89-11dc-b42e-ca58ff3e3ae4}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4b976ba-81f4-11dc-aaad-a0371d53d8d9}]
\shell\AutoRun\command - E:\OnSpcLCK.exe

.
Inhalt des "geplante Tasks" Ordners
"2007-12-03 12:33:00 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\cmd.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 13:36:30
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TrueDownloaderAutoStart = C:\Program Files\TrueDownloader\TrueDownloader.exe /silent??*?>3M???C?\?W?i?n?d?o?w?s?\?s?y?s?t?e?m?3?2?\?k?s?u?s?e?r?.?d?l?l?????!?>3o?????o? ?n?o?t? ?r?e?q?u?i?r?e? ?v?a?l?i?d?a?t?e?d? ?U?R?L?s?????????>3d???C?\?W?i?n?d?o?w?s?\?s?y?s?t?e?m?3?2?\?w?s

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-12-03 13:38:10 - machine was rebooted
.
--- E O F ---

#3 und hier unsere BAT:

Zitat

Verzeichnis von C:\Windows\system32

03.12.2007 14:36 3.200 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
03.12.2007 14:36 3.200 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
03.12.2007 12:46 73.280 iexhnyqm.dll
28.11.2007 09:22 610.142 perfh009.dat
28.11.2007 09:22 103.924 perfc009.dat
28.11.2007 09:22 641.344 perfh007.dat
28.11.2007 09:22 116.706 perfc007.dat
28.11.2007 09:22 1.461.736 PerfStringBackup.INI
26.11.2007 19:09 109.368 GDIPFONTCACHEV1.DAT
26.11.2007 19:05 392.704 FNTCACHE.DAT
22.11.2007 21:16 32.768 ShellLnkSSE.dll
22.11.2007 21:16 44.544 Gif89.dll
16.11.2007 22:43 14.848 BASSMOD.dll
15.11.2007 23:21 119.280 related
15.11.2007 23:19 118.649 SLY7yI1xV-M
15.11.2007 19:47 1.748.588 pc-windows-xp.2up.pdf
14.11.2007 23:29 116.489 5SH6se6a6vI
14.11.2007 23:24 115.798 cPf4XhsTrwI
14.11.2007 23:23 118.238 VpWk1k-YNKM
14.11.2007 23:18 86.377 aXaNZFqHxP8
14.11.2007 09:25 15.475.959 sag_video_final_dsl.wmv
12.11.2007 12:46 467.456 riched20.dll
12.11.2007 12:46 8.192 riched32.dll
12.11.2007 12:46 38.400 kmddsp.tsp
12.11.2007 12:46 22.016 rasser.dll
12.11.2007 12:46 77.824 rascfg.dll
12.11.2007 12:46 52.736 rasdiag.dll
12.11.2007 12:46 49.664 ndptsp.tsp
12.11.2007 12:46 1.820 rasctrnm.h
12.11.2007 12:46 32.768 rasmxs.dll
12.11.2007 12:46 384.000 netcfgx.dll
12.11.2007 12:46 564.736 msftedit.dll
12.11.2007 12:46 13.824 icsunattend.exe
12.11.2007 12:46 286.208 ipnathlp.dll
12.11.2007 12:46 13.824 wshqos.dll
12.11.2007 12:46 33.280 traffic.dll
12.11.2007 12:46 15.360 pacerprf.dll
12.11.2007 12:46 694.784 localspl.dll
12.11.2007 12:46 36.864 cdd.dll
12.11.2007 12:46 134.656 dps.dll
12.11.2007 12:45 36.864 wmdmps.dll
12.11.2007 12:45 31.744 wmdmlog.dll
12.11.2007 12:45 311.296 mswmdm.dll
12.11.2007 12:44 8.147.968 wmploc.DLL
12.11.2007 12:44 10.617.344 wmp.dll
12.11.2007 12:44 7.680 spwmp.dll
12.11.2007 12:44 4.096 dxmasf.dll
12.11.2007 12:44 4.096 msdxm.ocx
12.11.2007 12:44 356.864 MediaMetadataHandler.dll
12.11.2007 12:42 704.000 PhotoScreensaver.scr
12.11.2007 12:42 11.315.200 shell32.dll
12.11.2007 12:42 269.824 schannel.dll
12.11.2007 12:42 61.440 ntprint.exe
12.11.2007 12:42 220.160 ntprint.dll
12.11.2007 12:42 3.504.824 ntkrnlpa.exe
12.11.2007 12:42 3.470.008 ntoskrnl.exe
12.11.2007 12:42 10.240 dhcpcmonitor.dll
12.11.2007 12:42 204.800 dhcpcsvc.dll
12.11.2007 12:42 120.320 dhcpcsvc6.dll
12.11.2007 12:42 1.984.512 authui.dll
12.11.2007 12:42 712.192 WindowsCodecs.dll
12.11.2007 12:42 65.024 avicap32.dll
12.11.2007 12:42 123.904 msvfw32.dll
12.11.2007 12:42 82.944 mciavi32.dll
12.11.2007 12:42 88.576 avifil32.dll
12.11.2007 12:42 31.232 msvidc32.dll
12.11.2007 12:42 12.800 msrle32.dll
12.11.2007 12:42 69.632 sendmail.dll
12.11.2007 12:42 8.138.240 ssBranded.scr
08.11.2007 22:56 123 oe3_live
03.11.2007 19:30 108.400 3rYoRaxgOE0
02.11.2007 08:12 18.238.072 mrt.exe
02.11.2007 00:42 111.380 WSEK3nUhpcs
02.11.2007 00:36 112.113 UHZLbZpzms4
01.11.2007 23:56 110.788 vPPaMv1Bzdg
01.11.2007 23:52 110.475 TjzYlt6KUHU
01.11.2007 23:40 110.482 rqFcjwI7P-Q
29.10.2007 21:40 167.424 tcpipcfg.dll
29.10.2007 21:40 22.016 netiougc.exe
23.10.2007 10:20 5.636 jupdate-1.6.0_03-b05.log
19.10.2007 11:36 3.610.009 280406
11.10.2007 19:36 3.584.512 mshtml.dll
11.10.2007 19:36 1.383.424 mshtml.tlb
11.10.2007 19:36 477.696 mshtmled.dll
11.10.2007 19:36 180.736 ieui.dll
11.10.2007 19:36 6.058.496 ieframe.dll
11.10.2007 19:36 1.152.000 urlmon.dll
11.10.2007 19:36 824.832 wininet.dll
11.10.2007 19:36 27.648 jsproxy.dll
11.10.2007 19:36 124.928 advpack.dll
11.10.2007 19:36 63.488 ie4uinit.exe
11.10.2007 19:36 44.544 iernonce.dll
11.10.2007 19:36 56.320 iesetup.dll
11.10.2007 19:36 26.624 ieUnatt.exe
11.10.2007 19:36 1.824.768 inetcpl.cpl
11.10.2007 19:36 63.488 icardie.dll
11.10.2007 19:36 671.232 mstime.dll
11.10.2007 19:36 214.528 dxtrans.dll
11.10.2007 19:36 347.136 dxtmsft.dll
11.10.2007 19:36 383.488 ieapfltr.dll
11.10.2007 19:35 84.480 INETRES.dll
11.10.2007 19:35 737.792 inetcomm.dll
11.10.2007 19:35 788.992 rpcrt4.dll
02.10.2007 12:35 5.164 jupdate-1.6.0_02-b06.log
24.09.2007 22:31 69.632 javacpl.cpl
24.09.2007 22:31 139.264 javaws.exe
24.09.2007 21:30 135.168 javaw.exe
24.09.2007 21:30 135.168 java.exe


Verzeichnis von C:\Users\PETERB~1\AppData\Local\Temp

03.12.2007 14:44 137.730 datfind.txt
03.12.2007 14:25 13.196 02.CIR
03.12.2007 13:41 173 jusched.log
03.12.2007 13:37 16.384 ~DF1232.tmp
21.07.2007 15:07 208.896 RtkBtMnt.exe


Verzeichnis von C:\Windows

03.12.2007 13:52 0 SFE7F53E1.tmp
03.12.2007 13:40 1.858.148 WindowsUpdate.log
03.12.2007 13:36 215 system.ini
03.12.2007 13:35 67.584 bootstat.dat
03.12.2007 13:35 66.876 PFRO.log
28.11.2007 13:06 1.856 mozver.dat
27.11.2007 03:58 140.288 catchme.exe
27.11.2007 00:21 12 bthservsdp.dat
26.11.2007 19:05 0 mtstack.INI
26.11.2007 12:40 1.644 ODBCINST.INI
26.11.2007 12:40 288 ODBC.INI
25.11.2007 21:18 339 win.ini
22.11.2007 21:17 56.320 SSEUninstaller.exe
20.11.2007 15:08 11.035 Mouse-as-yoke 2004 Setup Log.txt
20.11.2007 15:04 724.992 iun6002.exe
18.11.2007 20:22 347.351.675 MEMORY.DMP
14.11.2007 00:02 259 synergy.sgc
12.11.2007 13:01 749 WindowsShell.Manifest
12.11.2007 12:44 265.760 msxml4-KB941833-deu.LOG
26.10.2007 15:32 387.306 DirectX.log
21.10.2007 15:45 12.983 winsight.ini
11.10.2007 19:55 139 TSDataEx.ini
30.09.2007 12:49 1.409 QTFont.for
30.09.2007 12:49 54.156 QTFont.qfn
30.09.2007 12:41 352 3gptoavi3.INI
04.09.2007 12:03 119 cnerolf.dat
27.08.2007 21:12 26 NeoSetup.INI
24.08.2007 19:56 36.868 DPINST.LOG
17.08.2007 13:07 303.234 ntbtlog.txt
15.08.2007 21:33 256.248 msxml4-KB936181-enu.LOG
12.08.2007 12:09 379.392 smun3240.exe
09.08.2007 20:57 4.096 d3dx.dat


Verzeichnis von C:\Windows\temp

03.12.2007 13:51 624 lpksetup-20071203-135108-0.log
03.12.2007 13:51 12.140 lpksetup-20071203-135058-0.log



Verzeichnis von C:\Windows\Downloaded Program Files

18.09.2006 22:26 65 desktop.ini

#4 Entferne auf C:\ Qoobox-->Papierkorb leeren

OTMoveIt.exe
Download OTMoveIt zum Desktop
Oeffne:OTMoveIt.exe
Kopiere (selektiere en klick Ctrl-C) alle unterstehende

C:\Windows\System32\iexhnyqm.dll

Klicke auf den Roten MoveIt! knopf
Wenn das Tool fertig ist wird ein log erstellt (*******_******.log *steht fuer datum und zeit
In Datei C:\_OTMoveIt\MovedFiles\
Mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

Entferne Hijack This 1.99.1 und........

Erstellen eines Hijackthis-Logfiles
Als erstes mach ein neuen Ordner auf C:\ z.b. C:\HijackThis,download HijackThis.exe dahin
Download: HijackThis202
Doppelklick HijackThis.exe und installiere das Tool in C:\Programme
Am Ende steht auf dein Desktop eine verknüpfung
Starte Hijack This und klicke “Do a system scan and safe a logfile”
Save log --> hijackthis.log - Save - es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Argus

#5 Hallo, danke mal für den ersten Step...

Qoobox wurde entfernt und der Papierkorb ausgelehrt.

MoveIT:

Zitat

DllUnregisterServer procedure not found in C:\Windows\System32\iexhnyqm.dll
C:\Windows\System32\iexhnyqm.dll NOT unregistered.
C:\Windows\System32\iexhnyqm.dll moved successfully.

Created on 12.03.2007 18:58:16

und hier vom HijackThis:

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:31, on 03.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Users\PETERB~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Windows\explorer.exe
C:\Program Files\Hijack This\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/at/ÿç
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {5bb54afa-eb4d-de79-fc14-b7473afcec6d} - {d6cecfa3-747b-41cf-97ed-d4beafa45bb5} - C:\Windows\system32\iexhnyqm.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [TrueDownloaderAutoStart] C:\Program Files\TrueDownloader\TrueDownloader.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8414ADE-A623-4E7A-8B0B-529DE8DFC0D0}: NameServer = 192.168.178.1,223.255.255.255
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: urqnllk - urqnllk.dll (file missing)
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: InterBase InterClient Server (InterServer) - InterBase - C:\Program Files\Borland\InterBase\InterClient\bin\interserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12542 bytes

Lg Peterus

PS: Komischerweise hab ich schon seit längeren keine Fehlermeldung mehr vom AntiVir bekommen....

#6 Entferne auf C:\ _OTMoveIt\ -->Papierkorb leeren

Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {5bb54afa-eb4d-de79-fc14-b7473afcec6d} - {d6cecfa3-747b-41cf-97ed-d4beafa45bb5} - C:\Windows\system32\iexhnyqm.dll (file missing)
O20 - Winlogon Notify: urqnllk - urqnllk.dll (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Wenn das mit den Fixen in Hijack This nicht gelingt,vorher ....
De-aktiviere Windows Defender
- Start Windows Defender.
- Klick Tools
- Klick General Settings
- Scroll nach Real-time protection options
- Entferne das häckchen bei Turn on Real-time protection (recommended)
- Klick Save

Fuehre eine Systemwiederherstellung durch

Edit
CombiFix entfernen
Start > Ausführen>Kopiere rein Combofix /u OK
__________
MfG Argus

#7 Hallo nochmal...

Muss ich die Systemwiederherstellung auch machen wenn HijackThis erfolgreich war? Meinst du damit das ich mein System wiederherstellen soll oder mein jetziges System speichern soll?

Lg Peter

#8 Ich kenne Vista nicht,normaler weisse muss man die Systemwiederherstellung durchfuehren

Denn wenn man in ein par Wochen ein Problem hat und zurueck geht in die/der Zeit nach Heute ist die Infektion auch wieder da
__________
MfG Argus

#9 Also ich hab jetzt mal einen Wiederherstellungspunkt gemacht.

Passt das so? was sagt der Profi?

Ich denke mal das alles passt... hab die Daten die in der Quarantäne waren gelöscht und hab dann in den Ordner reingeschaut wo sie eigentlich sein sollten, und da war nichts mehr...

Lg Peter

#10 Dann kannst du ja wieder ruhig weiter surfen
__________
MfG Argus

#11 Dankeschön, ich seit echt klasse

PS: Und wiedermal was dazugelernt: ich werde mir jetzt wirklich meine Benützer nur mehr auf Gast oder sowas ähnliches runterfahren.

Lg Peter