regedit und Systemwiederherstellung sind nicht nutzbar |
||
---|---|---|
#0
| ||
09.08.2006, 21:34
Member
Beiträge: 12 |
||
|
||
09.08.2006, 21:51
Ehrenmitglied
Beiträge: 29434 |
#17
Majestix
poste bitte hier dieses Log http://virus-protect.org/silentrunner.html dann dieses: http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.08.2006, 22:17
Member
Beiträge: 12 |
#18
Hallo Danke für die schnelle Antwort!!
hier sind die Logs "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."] "ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data] "SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "IntelZeroConfig" = ""C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"] "IntelWireless" = ""C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"] "DVDLauncher" = ""C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."] "dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"] "ISUSPM Startup" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup" ["InstallShield Software Corporation"] "ISUSScheduler" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"] "BuildBU" = "c:\dell\bldbubg.exe" [null data] "Corel Photo Downloader" = "C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe" ["Corel, Inc."] "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "NWEReboot" = (empty string) "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "CmUsbSound" = "RunDll32 cmcnfgu.cpl,CMICtrlWnd" [MS] "MSKDetectorExe" = "C:\Programme\McAfee\SpamKiller\MSKDetct.exe /uninstall" ["McAfee, Inc."] "msci" = "C:\DOKUME~1\Peter\LOKALE~1\Temp\200648224411_mcinfo.exe /insfin" [file not found] "BDMCon" = "c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."] "BDOESRV" = ""C:\Programme\Softwin\BitDefender9\bdoesrv.exe"" ["SOFTWIN SRL"] "BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" ["SOFTWIN S.R.L"] "BDSwitchAgent" = ""c:\progra~1\softwin\bitdef~1\bdswitch.exe"" [null data] "LClock" = "C:\Programme\LClock\LClock.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! application/x-internet-signup\CLSID = "{A173B69A-1F9B-4823-9FDA-412F641E65D6}" -> {HKLM...CLSID} = "INSMimeFilterPP Class" \InProcServer32\(Default) = "C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll" [null data] INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "Peter" & "All Users" startup folders: ------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Bluetooth Manager" -> shortcut to: "C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe" [null data] "Digital Line Detect" -> shortcut to: "C:\Programme\Digital Line Detect\DLG.exe" ["BVRP Software"] "Logitech SetPoint" -> shortcut to: "C:\Programme\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] Enabled Scheduled Tasks: ------------------------ "ISP-Anmeldungserinnerung 1" -> launches: "C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /i /n:1" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] BitDefender Communicator, XCOMM, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"] BitDefender Desktop Update Service, LIVESRV, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."] BitDefender Scan Server, bdss, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data] BitDefender Virus Shield, VSSERV, ""C:\Programme\Softwin\BitDefender9\vsserv.exe" /service" ["SOFTWIN S.R.L."] HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"] Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"] Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "] Intel(R) PROSet/Wireless SSO Service, WLANKEEPER, "C:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel(R) Corporation"] Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS] Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS] Media Center-Planerdienst, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS] NICCONFIGSVC, NICCONFIGSVC, "C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 38 seconds, including 18 seconds for message boxes) die 2 Log WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 10.08.2004 15:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc aspack 07.07.2006 03:21:46 6757792 C:\WINDOWS\SYSTEM32\MRT.exe aspack 10.08.2004 15:00:00 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 10.08.2004 15:00:00 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 19.12.2004 23:00:00 111104 C:\WINDOWS\SYSTEM32\Uharc.exe winsync 10.08.2004 15:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 10.05.2006 21:02:08 S 2048 C:\WINDOWS\bootstat.dat 17.04.2006 17:06:52 S 50688 C:\WINDOWS\NDNuninstall6_38.exe 17.04.2006 17:10:16 S 183296 C:\WINDOWS\NDNuninstall7_22.exe 10.05.2006 21:02:10 S 64 C:\WINDOWS\CSC\00000001 10.05.2006 19:21:22 S 64 C:\WINDOWS\CSC\00000002 09.05.2006 20:11:26 S 64 C:\WINDOWS\CSC\csc1.tmp 07.04.2006 17:53:38 H 0 C:\WINDOWS\inf\oem17.inf 03.04.2006 16:52:44 RHS 21553 C:\WINDOWS\pchealth\helpctr\PackageStore\package_10.cab 03.04.2006 16:53:18 RHS 298487 C:\WINDOWS\pchealth\helpctr\PackageStore\package_11.cab 03.04.2006 16:53:24 RHS 57458 C:\WINDOWS\pchealth\helpctr\PackageStore\package_12.cab 03.04.2006 16:53:58 RHS 580269 C:\WINDOWS\pchealth\helpctr\PackageStore\package_13.cab 03.04.2006 16:54:20 RHS 2729514 C:\WINDOWS\pchealth\helpctr\PackageStore\package_14.cab 03.04.2006 16:54:48 RHS 539179 C:\WINDOWS\pchealth\helpctr\PackageStore\package_15.cab 03.04.2006 16:55:06 RHS 1434479 C:\WINDOWS\pchealth\helpctr\PackageStore\package_16.cab 03.04.2006 16:51:58 RHS 7166 C:\WINDOWS\pchealth\helpctr\PackageStore\package_8.cab 03.04.2006 16:52:14 RHS 7880 C:\WINDOWS\pchealth\helpctr\PackageStore\package_9.cab 17.06.2006 14:27:48 H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1384adf32d898f6d0b49c0976ec61801\BIT6D.tmp 27.06.2006 22:07:24 RHS 104 C:\WINDOWS\system32\5552EAD356.sys 27.06.2006 22:07:30 HS 6580 C:\WINDOWS\system32\KGyGaAvL.sys 23.03.2006 01:17:22 S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat 22.06.2006 13:18:16 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat 23.03.2006 08:15:46 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat 13.03.2006 17:08:34 S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat 17.03.2006 11:24:30 S 12455 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat 30.03.2006 12:03:42 S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat 22.03.2006 07:19:38 S 15945 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913580.cat 21.03.2006 20:37:58 S 22194 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913800.cat 19.05.2006 17:53:42 S 16203 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914388.cat 05.05.2006 16:22:38 S 12227 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914389.cat 29.05.2006 18:16:04 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat 18.03.2006 00:56:10 S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916595.cat 22.04.2006 14:38:56 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917159.cat 18.05.2006 09:15:02 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat 04.05.2006 22:22:40 S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917734.cat 20.04.2006 16:41:42 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917953.cat 01.06.2006 22:28:44 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat 10.05.2006 21:32:22 H 1024 C:\WINDOWS\system32\config\default.LOG 10.05.2006 21:02:10 H 1024 C:\WINDOWS\system32\config\SAM.LOG 10.05.2006 22:02:16 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 10.05.2006 22:14:10 H 1024 C:\WINDOWS\system32\config\software.LOG 10.05.2006 22:12:22 H 1024 C:\WINDOWS\system32\config\system.LOG 09.05.2006 18:45:04 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 03.04.2006 17:04:52 HS 24 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\Protect\CREDHIST 03.04.2006 17:04:52 HS 388 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\Protect\S-1-5-21-400497513-3509696378-1947682292-500\6fae7e0f-8ad7-48f1-818c-dfd53308660c 03.04.2006 17:04:52 HS 24 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\Protect\S-1-5-21-400497513-3509696378-1947682292-500\Preferred 03.04.2006 17:17:00 HS 62 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\desktop.ini 03.04.2006 17:18:14 H 3251592 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\IconCache.db 03.04.2006 17:18:24 H 262144 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat 03.04.2006 17:18:22 H 1024 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG 06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\desktop.ini 06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\desktop.ini 06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01Q7ST6J\desktop.ini 06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\45QVGTA3\desktop.ini 06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C1MVO5YR\desktop.ini 06.04.2006 17:48:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S9QRC1YR\desktop.ini 06.04.2006 17:48:22 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\desktop.ini 06.04.2006 17:48:22 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\desktop.ini 04.05.2006 19:40:52 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\7e27d075-604b-45a6-9999-9f5d13e961fa 04.05.2006 19:40:52 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 06.04.2006 17:48:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\358aa42d-56e6-48cb-b840-8bb104796f2d 05.07.2006 21:51:54 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\53d78fc5-d518-4d85-85f0-2d6a0995078f 06.04.2006 17:48:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\69f61eb0-8d8d-4d14-960d-b8da982e971f 06.04.2006 17:48:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\71d570c1-3678-430e-afa4-e2b73cbcaeab 08.04.2006 22:33:48 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\dab6336c-2015-4ce3-9df4-6fb24c5b3112 08.04.2006 22:33:48 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 10.05.2006 21:02:12 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 10.08.2004 15:00:00 70656 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 10.08.2004 15:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl 13.07.2005 17:55:56 24576 C:\WINDOWS\SYSTEM32\BACSCPL.cpl Microsoft Corporation 10.08.2004 15:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 10.08.2004 15:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 10.08.2004 15:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 10.08.2004 15:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 10.08.2004 15:00:00 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 10.08.2004 15:00:00 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 10.08.2004 15:00:00 381440 C:\WINDOWS\SYSTEM32\irprops.cpl InstallShield Software Corporation10.06.2005 11:43:18 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl Microsoft Corporation 10.08.2004 15:00:00 69632 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl 04.09.2004 06:45:56 172032 C:\WINDOWS\SYSTEM32\LClock.cpl TOSHIBA CORPORATION 08.06.2005 17:34:28 98304 C:\WINDOWS\SYSTEM32\LocalCOM.cpl Microsoft Corporation 10.08.2004 15:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 10.08.2004 15:00:00 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 10.08.2004 15:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 10.08.2004 15:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Dell Inc. 15.12.2005 11:45:08 172032 C:\WINDOWS\SYSTEM32\NicConfigSvc.cpl Microsoft Corporation 10.08.2004 15:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 10.08.2004 15:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 10.08.2004 15:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 10.08.2004 15:00:00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl SigmaTel, Inc. 16.11.2005 22:35:32 7405568 C:\WINDOWS\SYSTEM32\stacgui.cpl Microsoft Corporation 10.08.2004 15:00:00 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 10.08.2004 15:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 10.08.2004 15:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 10.08.2004 15:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 10.08.2004 15:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 10.08.2004 15:00:00 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 10.08.2004 15:00:00 303104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 10.08.2004 15:00:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 03.04.2006 17:06:38 691 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk 20.08.2005 01:58:34 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 03.04.2006 17:04:26 473 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk 08.04.2006 12:29:02 1698 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 20.08.2005 01:48:54 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini |
|
|
||
10.08.2006, 00:26
Ehrenmitglied
Beiträge: 29434 |
#19
Majestix
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\5552EAD356.sys poste den report ....................................................................................................................... 1. winpfind ist nicht komplett 2. das ist zu loeschen: C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_22.exe 3. Poste bitte dieses Log RootkitRevealer http://www.sysinternals.com/Utilities/RootkitRevealer.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.08.2006, 19:59
Member
Beiträge: 12 |
#20
Hallo
gestern bei winfind hat er immer an der selben stelle abgebrochenhabe das mit virustotal gemacht habe auch versucht die daten zu löschen: C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_22.exe ging aber nicht habe sie also immer noch!! hier noch die Log HKLM\S-1-5-21-400497513-3509696378-1947682292-1005\RemoteAccess\InternetProfile 09.05.2006 20:27 11 bytes Data mismatch between Windows API and raw hive data. MfG Peter |
|
|
||
10.08.2006, 23:08
Ehrenmitglied
Beiträge: 29434 |
#21
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\5552EAD356.sys poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.08.2006, 10:13
Member
Beiträge: 12 |
#22
Hallo wenn ich das mit Virustotal mache kommt das dabei heraus !
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. |
|
|
||
11.08.2006, 10:16
Ehrenmitglied
Beiträge: 29434 |
#23
Majestix
veruche es mit Jotti und poste das ergebnis + ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.08.2006, 10:43
Member
Beiträge: 12 |
#24
Hallo hier das ergebnis:
Service Service load: 0% 100% File: 5552EAD356.sys Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) MD5 6e55e63b4dc8a5ebe6fd306893ceaf68 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing ServiceFilter 1.1 by rand1038 Microsoft Windows XP Professional Version: 5.1.2600 Service Pack 2 Mai 12, 2006 10:39:41 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: bdss Display Name: BitDefender Scan Server Start Mode: Auto Start Name: LocalSystem Description: Prüft Medien vor Viren und anderen ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\softwin\bitdefender scan server\bdss.exe" /service State: Running Process ID: 2824 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 2 Service Name: Bluetooth Hid Switch Service Display Name: Bluetooth Hid Switch Service Start Mode: Disabled Start Name: LocalSystem Description: Allows a bluetooth device to switch from boot mode to bluetooth ... Service Type: Own Process Path: "c:\programme\bluetooth\hidswitchservice\hidsw.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 3 Service Name: ehRecvr Display Name: Media Center Receiver Service Start Mode: Auto Start Name: LocalSystem Description: Media Center Service for TV and FM broadcast ... Service Type: Own Process Path: c:\windows\ehome\ehrecvr.exe State: Running Process ID: 1820 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 4 Service Name: EvtEng Display Name: Intel(R) PROSet/Wireless Event Log Start Mode: Auto Start Name: LocalSystem Description: Manages the event trace messages for all the components of Intel(R) PROSet/Wireless ... Service Type: Own Process Path: c:\programme\intel\wireless\bin\evteng.exe State: Running Process ID: 1092 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 5 Service Name: LIVESRV Display Name: BitDefender Desktop Update Service Start Mode: Auto Start Name: LocalSystem Description: Herunterladen von BitDefender Updates und neue Malware Signaturen aus dem ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\softwin\bitdefender update service\livesrv.exe" /service State: Running Process ID: 3660 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 6 Service Name: McrdSvc Display Name: Media Center Extender Service Start Mode: Auto Start Name: NT AUTHORITY\LocalService Description: ... Service Type: Own Process Path: c:\windows\ehome\mcrdsvc.exe State: Running Process ID: 740 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 7 Service Name: MHN Display Name: MHN Start Mode: Manual Start Name: LocalSystem Description: Ein Multimediaheimnetzwerk (Multimedia Home Networking oder MHN) stellt eine Netzwerkplattform für ... Service Type: Share Process Path: c:\windows\system32\svchost.exe -k netsvcs State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 8 Service Name: NICCONFIGSVC Display Name: NICCONFIGSVC Start Mode: Auto Start Name: LocalSystem Description: Konfigurieren Sie die Einstellungen zur Energieverwaltung der internen ... Service Type: Own Process Path: c:\programme\dell\nicconfigsvc\nicconfigsvc.exe State: Running Process ID: 1928 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service #9 Service Name: ose Display Name: Office Source Engine Start Mode: Manual Start Name: LocalSystem Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist für den ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\microsoft shared\source engine\ose.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 10 Service Name: RegSrvc Display Name: Intel(R) PROSet/Wireless Registry Service Start Mode: Auto Start Name: LocalSystem Description: Intel(R) PROSet/Wireless Registry ... Service Type: Own Process Path: c:\programme\intel\wireless\bin\regsrvc.exe State: Running Process ID: 172 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 11 Service Name: S24EventMonitor Display Name: Intel(R) PROSet/Wireless Service Start Mode: Auto Start Name: LocalSystem Description: Wireless Management Service for Intel(R) ... Service Type: Own Process Path: c:\programme\intel\wireless\bin\s24evmon.exe State: Running Process ID: 1180 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #12 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{179f4715-e4ef-48b5-a7ef-7b0d4ecd944c} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 13 Service Name: VSSERV Display Name: BitDefender Virus Shield Start Mode: Auto Start Name: LocalSystem Description: Prüft Medien vor Viren und anderen ... Service Type: Own Process Path: "c:\programme\softwin\bitdefender9\vsserv.exe" /service State: Running Process ID: 3572 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 14 Service Name: WLANKEEPER Display Name: Intel(R) PROSet/Wireless SSO Service Start Mode: Auto Start Name: LocalSystem Description: Provides Single Sign On (SSO) ... Service Type: Own Process Path: c:\programme\intel\wireless\bin\wlkeeper.exe State: Running Process ID: 1212 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 15 Service Name: XCOMM Display Name: BitDefender Communicator Start Mode: Auto Start Name: LocalSystem Description: Sichert die Kommunikation zwischen den BitDefender ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\softwin\bitdefender communicator\xcommsvr.exe" /service State: Running Process ID: 424 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr ---> End Service Listing <--- There are 98 Win32 services on this machine. 15 were unrecognized. Script Execution Time: 1,109375 seconds. |
|
|
||
11.08.2006, 10:53
Ehrenmitglied
Beiträge: 29434 |
#25
Bitte nutze Gmer http://www.gmer.net/files.php . Starte es und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit nein beantworten, auf den Reiter rootkit gehen, wiederum die Frage mit nein beantworten und mit Hilfe von copy den Bericht hier einfuegen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser Beendet, wähle Copy und füge den Bericht ein.
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.08.2006, 11:07
Member
Beiträge: 12 |
#26
Hallo beim gmer meldet er nichts!
ud hier die Copy von Rootkit: GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-05-12 11:06:55 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwClose SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwCreateKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteValueKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateValueKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwFlushKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwLoadKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdfsdrv.sys ZwOpenFile SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwOpenKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwQueryKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwQueryValueKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwSetValueKey SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwUnloadKey ---- Devices - GMER 1.0.10 ---- Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_DEVICE_CONTROL [EC0F2701] tfsnifs.sys Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL [EC0F289D] tfsnifs.sys ---- Files - GMER 1.0.10 ---- File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File C:\System Volume Information\_restore{21DF8C5A-A8F9-4B71-AF72-89A242384C85} ---- EOF - GMER 1.0.10 ---- |
|
|
||
11.08.2006, 11:39
Ehrenmitglied
Beiträge: 29434 |
#27
beschreibe mir genau, was passiert, wenn du eine Systemwiederherstellung machen willst.
Sind diese 20 Wiederherstellungspunkte alle aktiv ? 2. Gehe in die Registry HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\ "DisableSR" "DisableConfig" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr schreibe, ob diese Eintraege auf 1 oder 0 gesetzt sind __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.08.2006, 12:37
Member
Beiträge: 12 |
#28
Hallo, wenn ich einen Wiederherstellungspunkt wähle zeigt er mir an was er ändern wird ! wenn ich dann auf ok klicke geht das fenster auf wo ich auf weiter klicken muss aber ab dann tut sich nichts mehr,normal müsste er dann runterfahren! die Punkte sind alle aktiv!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr Name Typ Wert ------------------------------------------------------------------------- Stanard REG_SZ Wert nicht gesetzt DisplayName REG_SZ Filtertreiber Systemwiederherstellung Error Control REG_DWORD 0X00000000(1) Group REG_SZ FSFilter System Recovery Image Patsch REG_EXPAN-SZ system32/Drivers/sr.sys Start REG_DWOED 0X00000000(0) Tag REG_DWORD 0X00000004(4) Type REG_DWORD 0X00000002(2) den zweiten Schlüssel gibt es dort nicht! HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\ |
|
|
||
11.08.2006, 13:23
Ehrenmitglied
Beiträge: 29434 |
#29
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) SystemRestore in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.08.2006, 13:35
Member
Beiträge: 12 |
#30
hier ist die edit!
REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 12.05.2006 13:32:42 for strings: ; 'systemresore' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... |
|
|
||
Logfile of HijackThis v1.99.1
Scan saved at 21:16:42, on 10.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe
C:\Programme\Glass2k\Glass2k.exe
C:\Programme\LClock\LClock.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Skype\Phone\Skype.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
E:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tonline.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [msci] C:\DOKUME~1\Peter\LOKALE~1\Temp\200648224411_mcinfo.exe /insfin
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)