regedit und Systemwiederherstellung sind nicht nutzbar

#0
09.08.2006, 21:34
Member

Beiträge: 12
#16 Hallo habe auch ein Problem ich kann meinen Pc nicht mit der Sydtemwiederherstellung zurücksetzen! obwohl ich um die 20 wiederherstellungspunkte habe.aber er ragiert überhaupt nicht kann mir jemand helfen?



Logfile of HijackThis v1.99.1
Scan saved at 21:16:42, on 10.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe
C:\Programme\Glass2k\Glass2k.exe
C:\Programme\LClock\LClock.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Skype\Phone\Skype.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tonline.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [msci] C:\DOKUME~1\Peter\LOKALE~1\Temp\200648224411_mcinfo.exe /insfin
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Seitenanfang Seitenende
09.08.2006, 21:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
Seitenanfang Seitenende
09.08.2006, 22:17
Member

Beiträge: 12
#18 Hallo Danke für die schnelle Antwort!!
hier sind die Logs


"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"IntelZeroConfig" = ""C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"]
"IntelWireless" = ""C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]
"DVDLauncher" = ""C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"ISUSPM Startup" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"BuildBU" = "c:\dell\bldbubg.exe" [null data]
"Corel Photo Downloader" = "C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe" ["Corel, Inc."]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"NWEReboot" = (empty string)
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"CmUsbSound" = "RunDll32 cmcnfgu.cpl,CMICtrlWnd" [MS]
"MSKDetectorExe" = "C:\Programme\McAfee\SpamKiller\MSKDetct.exe /uninstall" ["McAfee, Inc."]
"msci" = "C:\DOKUME~1\Peter\LOKALE~1\Temp\200648224411_mcinfo.exe /insfin" [file not found]
"BDMCon" = "c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]
"BDOESRV" = ""C:\Programme\Softwin\BitDefender9\bdoesrv.exe"" ["SOFTWIN SRL"]
"BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" ["SOFTWIN S.R.L"]
"BDSwitchAgent" = ""c:\progra~1\softwin\bitdef~1\bdswitch.exe"" [null data]
"LClock" = "C:\Programme\LClock\LClock.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! application/x-internet-signup\CLSID = "{A173B69A-1F9B-4823-9FDA-412F641E65D6}"
-> {HKLM...CLSID} = "INSMimeFilterPP Class"
\InProcServer32\(Default) = "C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll" [null data]
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "Peter" & "All Users" startup folders:
-------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Bluetooth Manager" -> shortcut to: "C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe" [null data]
"Digital Line Detect" -> shortcut to: "C:\Programme\Digital Line Detect\DLG.exe" ["BVRP Software"]
"Logitech SetPoint" -> shortcut to: "C:\Programme\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]


Enabled Scheduled Tasks:
------------------------

"ISP-Anmeldungserinnerung 1" -> launches: "C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /i /n:1" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
BitDefender Communicator, XCOMM, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Desktop Update Service, LIVESRV, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]
BitDefender Scan Server, bdss, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
BitDefender Virus Shield, VSSERV, ""C:\Programme\Softwin\BitDefender9\vsserv.exe" /service" ["SOFTWIN S.R.L."]
HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
Intel(R) PROSet/Wireless SSO Service, WLANKEEPER, "C:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel(R) Corporation"]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center-Planerdienst, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
NICCONFIGSVC, NICCONFIGSVC, "C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 38 seconds, including 18 seconds for message boxes)



die 2 Log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 10.08.2004 15:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 07.07.2006 03:21:46 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 10.08.2004 15:00:00 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 10.08.2004 15:00:00 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 19.12.2004 23:00:00 111104 C:\WINDOWS\SYSTEM32\Uharc.exe
winsync 10.08.2004 15:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10.05.2006 21:02:08 S 2048 C:\WINDOWS\bootstat.dat
17.04.2006 17:06:52 S 50688 C:\WINDOWS\NDNuninstall6_38.exe
17.04.2006 17:10:16 S 183296 C:\WINDOWS\NDNuninstall7_22.exe
10.05.2006 21:02:10 S 64 C:\WINDOWS\CSC\00000001
10.05.2006 19:21:22 S 64 C:\WINDOWS\CSC\00000002
09.05.2006 20:11:26 S 64 C:\WINDOWS\CSC\csc1.tmp
07.04.2006 17:53:38 H 0 C:\WINDOWS\inf\oem17.inf
03.04.2006 16:52:44 RHS 21553 C:\WINDOWS\pchealth\helpctr\PackageStore\package_10.cab
03.04.2006 16:53:18 RHS 298487 C:\WINDOWS\pchealth\helpctr\PackageStore\package_11.cab
03.04.2006 16:53:24 RHS 57458 C:\WINDOWS\pchealth\helpctr\PackageStore\package_12.cab
03.04.2006 16:53:58 RHS 580269 C:\WINDOWS\pchealth\helpctr\PackageStore\package_13.cab
03.04.2006 16:54:20 RHS 2729514 C:\WINDOWS\pchealth\helpctr\PackageStore\package_14.cab
03.04.2006 16:54:48 RHS 539179 C:\WINDOWS\pchealth\helpctr\PackageStore\package_15.cab
03.04.2006 16:55:06 RHS 1434479 C:\WINDOWS\pchealth\helpctr\PackageStore\package_16.cab
03.04.2006 16:51:58 RHS 7166 C:\WINDOWS\pchealth\helpctr\PackageStore\package_8.cab
03.04.2006 16:52:14 RHS 7880 C:\WINDOWS\pchealth\helpctr\PackageStore\package_9.cab
17.06.2006 14:27:48 H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1384adf32d898f6d0b49c0976ec61801\BIT6D.tmp
27.06.2006 22:07:24 RHS 104 C:\WINDOWS\system32\5552EAD356.sys
27.06.2006 22:07:30 HS 6580 C:\WINDOWS\system32\KGyGaAvL.sys
23.03.2006 01:17:22 S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
22.06.2006 13:18:16 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
23.03.2006 08:15:46 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
13.03.2006 17:08:34 S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
17.03.2006 11:24:30 S 12455 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
30.03.2006 12:03:42 S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
22.03.2006 07:19:38 S 15945 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913580.cat
21.03.2006 20:37:58 S 22194 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913800.cat
19.05.2006 17:53:42 S 16203 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914388.cat
05.05.2006 16:22:38 S 12227 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914389.cat
29.05.2006 18:16:04 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18.03.2006 00:56:10 S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916595.cat
22.04.2006 14:38:56 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917159.cat
18.05.2006 09:15:02 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
04.05.2006 22:22:40 S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917734.cat
20.04.2006 16:41:42 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917953.cat
01.06.2006 22:28:44 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
10.05.2006 21:32:22 H 1024 C:\WINDOWS\system32\config\default.LOG
10.05.2006 21:02:10 H 1024 C:\WINDOWS\system32\config\SAM.LOG
10.05.2006 22:02:16 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
10.05.2006 22:14:10 H 1024 C:\WINDOWS\system32\config\software.LOG
10.05.2006 22:12:22 H 1024 C:\WINDOWS\system32\config\system.LOG
09.05.2006 18:45:04 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
03.04.2006 17:04:52 HS 24 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\Protect\CREDHIST
03.04.2006 17:04:52 HS 388 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\Protect\S-1-5-21-400497513-3509696378-1947682292-500\6fae7e0f-8ad7-48f1-818c-dfd53308660c
03.04.2006 17:04:52 HS 24 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\Protect\S-1-5-21-400497513-3509696378-1947682292-500\Preferred
03.04.2006 17:17:00 HS 62 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\desktop.ini
03.04.2006 17:18:14 H 3251592 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\IconCache.db
03.04.2006 17:18:24 H 262144 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
03.04.2006 17:18:22 H 1024 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\desktop.ini
06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\desktop.ini
06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01Q7ST6J\desktop.ini
06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\45QVGTA3\desktop.ini
06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C1MVO5YR\desktop.ini
06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S9QRC1YR\desktop.ini
06.04.2006 17:48:22 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\desktop.ini
06.04.2006 17:48:22 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\desktop.ini
04.05.2006 19:40:52 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\7e27d075-604b-45a6-9999-9f5d13e961fa
04.05.2006 19:40:52 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
06.04.2006 17:48:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\358aa42d-56e6-48cb-b840-8bb104796f2d
05.07.2006 21:51:54 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\53d78fc5-d518-4d85-85f0-2d6a0995078f
06.04.2006 17:48:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\69f61eb0-8d8d-4d14-960d-b8da982e971f
06.04.2006 17:48:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\71d570c1-3678-430e-afa4-e2b73cbcaeab
08.04.2006 22:33:48 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\dab6336c-2015-4ce3-9df4-6fb24c5b3112
08.04.2006 22:33:48 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10.05.2006 21:02:12 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 10.08.2004 15:00:00 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 10.08.2004 15:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
13.07.2005 17:55:56 24576 C:\WINDOWS\SYSTEM32\BACSCPL.cpl
Microsoft Corporation 10.08.2004 15:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 10.08.2004 15:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 10.08.2004 15:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 10.08.2004 15:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 10.08.2004 15:00:00 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 10.08.2004 15:00:00 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 10.08.2004 15:00:00 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation10.06.2005 11:43:18 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 10.08.2004 15:00:00 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
04.09.2004 06:45:56 172032 C:\WINDOWS\SYSTEM32\LClock.cpl
TOSHIBA CORPORATION 08.06.2005 17:34:28 98304 C:\WINDOWS\SYSTEM32\LocalCOM.cpl
Microsoft Corporation 10.08.2004 15:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 10.08.2004 15:00:00 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 10.08.2004 15:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 10.08.2004 15:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Dell Inc. 15.12.2005 11:45:08 172032 C:\WINDOWS\SYSTEM32\NicConfigSvc.cpl
Microsoft Corporation 10.08.2004 15:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 10.08.2004 15:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 10.08.2004 15:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 10.08.2004 15:00:00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
SigmaTel, Inc. 16.11.2005 22:35:32 7405568 C:\WINDOWS\SYSTEM32\stacgui.cpl
Microsoft Corporation 10.08.2004 15:00:00 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 10.08.2004 15:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 10.08.2004 15:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 10.08.2004 15:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 10.08.2004 15:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 10.08.2004 15:00:00 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 10.08.2004 15:00:00 303104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 10.08.2004 15:00:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
03.04.2006 17:06:38 691 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk
20.08.2005 01:58:34 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
03.04.2006 17:04:26 473 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk
08.04.2006 12:29:02 1698 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
20.08.2005 01:48:54 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
Seitenanfang Seitenende
10.08.2006, 00:26
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 Majestix

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\5552EAD356.sys


poste den report

.......................................................................................................................
1.
winpfind ist nicht komplett

2.
das ist zu loeschen:
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe

3.
Poste bitte dieses Log
RootkitRevealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.08.2006, 19:59
Member

Beiträge: 12
#20 Hallo
gestern bei winfind hat er immer an der selben stelle abgebrochenhabe das mit virustotal gemacht
habe auch versucht die daten zu löschen:
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe
ging aber nicht habe sie also immer noch!!

hier noch die Log



HKLM\S-1-5-21-400497513-3509696378-1947682292-1005\RemoteAccess\InternetProfile 09.05.2006 20:27 11 bytes Data mismatch between Windows API and raw hive data.


MfG Peter
Seitenanfang Seitenende
10.08.2006, 23:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\5552EAD356.sys

poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.08.2006, 10:13
Member

Beiträge: 12
#22 Hallo wenn ich das mit Virustotal mache kommt das dabei heraus !

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Seitenanfang Seitenende
11.08.2006, 10:16
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 Majestix

veruche es mit Jotti und poste das ergebnis

+

ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.08.2006, 10:43
Member

Beiträge: 12
#24 Hallo hier das ergebnis:


Service
Service load: 0% 100%

File: 5552EAD356.sys
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 6e55e63b4dc8a5ebe6fd306893ceaf68
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing




ServiceFilter 1.1
by rand1038

Microsoft Windows XP Professional
Version: 5.1.2600 Service Pack 2
Mai 12, 2006 10:39:41


---> Begin Service Listing <---

Unknown Service # 1
Service Name: bdss
Display Name: BitDefender Scan Server
Start Mode: Auto
Start Name: LocalSystem
Description: Prüft Medien vor Viren und anderen ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\softwin\bitdefender scan server\bdss.exe" /service
State: Running
Process ID: 2824
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 2
Service Name: Bluetooth Hid Switch Service
Display Name: Bluetooth Hid Switch Service
Start Mode: Disabled
Start Name: LocalSystem
Description: Allows a bluetooth device to switch from boot mode to bluetooth ...
Service Type: Own Process
Path: "c:\programme\bluetooth\hidswitchservice\hidsw.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 3
Service Name: ehRecvr
Display Name: Media Center Receiver Service
Start Mode: Auto
Start Name: LocalSystem
Description: Media Center Service for TV and FM broadcast ...
Service Type: Own Process
Path: c:\windows\ehome\ehrecvr.exe
State: Running
Process ID: 1820
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 4
Service Name: EvtEng
Display Name: Intel(R) PROSet/Wireless Event Log
Start Mode: Auto
Start Name: LocalSystem
Description: Manages the event trace messages for all the components of Intel(R) PROSet/Wireless ...
Service Type: Own Process
Path: c:\programme\intel\wireless\bin\evteng.exe
State: Running
Process ID: 1092
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 5
Service Name: LIVESRV
Display Name: BitDefender Desktop Update Service
Start Mode: Auto
Start Name: LocalSystem
Description: Herunterladen von BitDefender Updates und neue Malware Signaturen aus dem ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\softwin\bitdefender update service\livesrv.exe" /service
State: Running
Process ID: 3660
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 6
Service Name: McrdSvc
Display Name: Media Center Extender Service
Start Mode: Auto
Start Name: NT AUTHORITY\LocalService
Description: ...
Service Type: Own Process
Path: c:\windows\ehome\mcrdsvc.exe
State: Running
Process ID: 740
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 7
Service Name: MHN
Display Name: MHN
Start Mode: Manual
Start Name: LocalSystem
Description: Ein Multimediaheimnetzwerk (Multimedia Home Networking oder MHN) stellt eine Netzwerkplattform für ...
Service Type: Share Process
Path: c:\windows\system32\svchost.exe -k netsvcs
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 8
Service Name: NICCONFIGSVC
Display Name: NICCONFIGSVC
Start Mode: Auto
Start Name: LocalSystem
Description: Konfigurieren Sie die Einstellungen zur Energieverwaltung der internen ...
Service Type: Own Process
Path: c:\programme\dell\nicconfigsvc\nicconfigsvc.exe
State: Running
Process ID: 1928
Started: Wahr
Exit Code: 0
Accept Pause: Wahr
Accept Stop: Wahr

Unknown Service #9
Service Name: ose
Display Name: Office Source Engine
Start Mode: Manual
Start Name: LocalSystem
Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist für den ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\microsoft shared\source engine\ose.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 10
Service Name: RegSrvc
Display Name: Intel(R) PROSet/Wireless Registry Service
Start Mode: Auto
Start Name: LocalSystem
Description: Intel(R) PROSet/Wireless Registry ...
Service Type: Own Process
Path: c:\programme\intel\wireless\bin\regsrvc.exe
State: Running
Process ID: 172
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 11
Service Name: S24EventMonitor
Display Name: Intel(R) PROSet/Wireless Service
Start Mode: Auto
Start Name: LocalSystem
Description: Wireless Management Service for Intel(R) ...
Service Type: Own Process
Path: c:\programme\intel\wireless\bin\s24evmon.exe
State: Running
Process ID: 1180
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #12
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{179f4715-e4ef-48b5-a7ef-7b0d4ecd944c}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 13
Service Name: VSSERV
Display Name: BitDefender Virus Shield
Start Mode: Auto
Start Name: LocalSystem
Description: Prüft Medien vor Viren und anderen ...
Service Type: Own Process
Path: "c:\programme\softwin\bitdefender9\vsserv.exe" /service
State: Running
Process ID: 3572
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 14
Service Name: WLANKEEPER
Display Name: Intel(R) PROSet/Wireless SSO Service
Start Mode: Auto
Start Name: LocalSystem
Description: Provides Single Sign On (SSO) ...
Service Type: Own Process
Path: c:\programme\intel\wireless\bin\wlkeeper.exe
State: Running
Process ID: 1212
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 15
Service Name: XCOMM
Display Name: BitDefender Communicator
Start Mode: Auto
Start Name: LocalSystem
Description: Sichert die Kommunikation zwischen den BitDefender ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\softwin\bitdefender communicator\xcommsvr.exe" /service
State: Running
Process ID: 424
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

---> End Service Listing <---

There are 98 Win32 services on this machine.
15 were unrecognized.

Script Execution Time: 1,109375 seconds.
Seitenanfang Seitenende
11.08.2006, 10:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#25 Bitte nutze Gmer http://www.gmer.net/files.php . Starte es und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit nein beantworten, auf den Reiter rootkit gehen, wiederum die Frage mit nein beantworten und mit Hilfe von copy den Bericht hier einfuegen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser Beendet, wähle Copy und füge den Bericht ein.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.08.2006, 11:07
Member

Beiträge: 12
#26 Hallo beim gmer meldet er nichts!
ud hier die Copy von Rootkit:


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-05-12 11:06:55
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwClose
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwCreateKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteValueKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateValueKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwFlushKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwLoadKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdfsdrv.sys ZwOpenFile
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwOpenKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwQueryKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwQueryValueKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwSetValueKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwUnloadKey

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL [EC0F289D] tfsnifs.sys

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{21DF8C5A-A8F9-4B71-AF72-89A242384C85}

---- EOF - GMER 1.0.10 ----
Seitenanfang Seitenende
11.08.2006, 11:39
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#27 beschreibe mir genau, was passiert, wenn du eine Systemwiederherstellung machen willst.
Sind diese 20 Wiederherstellungspunkte alle aktiv ?

2.
Gehe in die Registry

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\

"DisableSR"
"DisableConfig"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr

schreibe, ob diese Eintraege auf 1 oder 0 gesetzt sind
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.08.2006, 12:37
Member

Beiträge: 12
#28 Hallo, wenn ich einen Wiederherstellungspunkt wähle zeigt er mir an was er ändern wird ! wenn ich dann auf ok klicke geht das fenster auf wo ich auf weiter klicken muss aber ab dann tut sich nichts mehr,normal müsste er dann runterfahren! die Punkte sind alle aktiv!


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr

Name Typ Wert
-------------------------------------------------------------------------
Stanard REG_SZ Wert nicht gesetzt
DisplayName REG_SZ Filtertreiber Systemwiederherstellung
Error Control REG_DWORD 0X00000000(1)
Group REG_SZ FSFilter System Recovery
Image Patsch REG_EXPAN-SZ system32/Drivers/sr.sys
Start REG_DWOED 0X00000000(0)
Tag REG_DWORD 0X00000004(4)
Type REG_DWORD 0X00000002(2)



den zweiten Schlüssel gibt es dort nicht!
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\
Seitenanfang Seitenende
11.08.2006, 13:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#29 Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

SystemRestore

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.08.2006, 13:35
Member

Beiträge: 12
#30 hier ist die edit!

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 12.05.2006 13:32:42 for strings:
; 'systemresore'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: