smitfraud-C / smitfraud-C.Keylogger/ C:\WINDOWS\scvhost.exe

#0
08.03.2007, 14:08
...neu hier

Beiträge: 1
#1 hallo,

habe probleme mit smitfraud. sbybot erkennt die beiden probleme (smitfraud-C und smitfraud-C.Keylogger) und behebt sie angeblich, aber bei einer ernueten überprüfung tauchen sie erneut auf.
die datei C:\WINDOWS\scvhost.exe ist wohl auch irgendwie infiziert.

ich danke schon mal im voraus für euer bemühen!

das sagt der scan:

ComboScan v20070306.20 run by Admin on 2007-03-08 at 13:46:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
24: 2007-03-08 12:46:30 UTC - RP69 - ComboScan Restore Point
23: 2007-03-07 17:32:58 UTC - RP68 - TuneUp Utilities 2007 wird installiert
22: 2007-03-07 17:27:36 UTC - RP67 - TuneUp Utilities 2006 wird entfernt
21: 2007-03-05 19:52:50 UTC - RP66 - Systemprüfpunkt
20: 2007-03-03 16:47:27 UTC - RP65 - Windows Live Messenger wird installiert


-- First Restore Point --
1: 2006-12-13 15:54:02 UTC - RP46 - Systemprüfpunkt


Performed disk cleanup.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:47:16, on 08.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Dokumente und Einstellungen\Admin\Desktop\Entertainment\comboscan.exe
C:\PROGRA~1\HIJACK~1\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3R aeaudio - C:\WINDOWS\system32\drivers\aeaudio.sys
1R AmdK7 (AMD K7-Prozessortreiber) - C:\WINDOWS\system32\drivers\amdk7.sys
3S Arp1394 (1394-ARP-Clientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys
2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS
1R avgio - C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
3R avgntflt - C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
3R AVMWAN (AVM NDIS WAN CAPI-Treiber) - C:\WINDOWS\system32\drivers\avmwan.sys
3S CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - C:\WINDOWS\system32\CBTNDIS5.sys
3R egmxm (ELSA GLADIAC MX driver) - C:\WINDOWS\system32\drivers\egmxm.sys
3R FETNDIS (VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber) - C:\WINDOWS\system32\drivers\fetnd5.sys
3S fpcibase (AVM ISDN-Controller FRITZ!Card PCI v2.0) - C:\WINDOWS\system32\drivers\fpcibase.sys
1R GhPciScan (GhostPciScanner) - C:\Programme\Symantec\Norton Ghost 2003\GhPciScan.sys
3R hidusb (Microsoft HID Class-Treiber) - C:\WINDOWS\system32\drivers\hidusb.sys
1R kbdhid (Tastatur-HID-Treiber) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S mouhid (Maus-HID-Treiber) - C:\WINDOWS\system32\drivers\mouhid.sys
3S NIC1394 (1394-Netzwerktreiber) - C:\WINDOWS\system32\drivers\nic1394.sys
2R NPF (NetGroup Packet Filter Driver) - C:\WINDOWS\system32\drivers\npf.sys
3S nv4 - C:\WINDOWS\system32\drivers\nv4.sys
3R odysseyIM3 (Odyssey Network Services Miniport) - C:\WINDOWS\system32\drivers\odysseyIM3.sys
0R ohci1394 (VIA OHCI-konformer IEEE 1394-Hostcontroller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys
3R usbccgp (Microsoft Standard-USB-Haupttreiber) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB-Druckerklasse) - C:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
3R ZD1211U(ZyXEL) (ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL)) - C:\WINDOWS\system32\drivers\ZD1211U.sys
3S ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - C:\WINDOWS\system32\ZDPNDIS5.sys
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys
1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R accsvc (AccSys WiFi Component) - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
2R AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
2R AntiVirService (AntiVir PersonalEdition Classic Guard) - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
2R EPSONStatusAgent2 (EPSON Printer Status Agent2) - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
2R GhostStartService - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe"
2R SoundMAX Agent Service (default) (SoundMAX Agent Service) - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3R usnjsvc (Messenger USN Journal Reader-Service für freigegebene Ordner) - "C:\Programme\MSN Messenger\usnsvc.exe"
2R UxTuneUp (TuneUp Designerweiterung) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
2R AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-03-07 18:33:29 396 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job<1-KLIC~1.JOB>


-- Files created between 2007-02-08 and 2007-03-08 -----------------------------

2007-03-08 13:29:37 0 dr-h----- C:\$VAULT$.AVG
2007-03-08 12:00:07 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-03-08 12:00:07 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-03-08 12:00:06 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-03-08 12:00:03 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-03-08 12:00:03 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-03-08 11:59:57 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-03-08 11:59:56 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-03-08 11:59:52 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-03-08 11:59:46 0 d-------- C:\Programme\Grisoft
2007-03-07 23:28:49 0 d-------- C:\WINDOWS\Content.IE5
2007-03-07 22:42:44 2042 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-07 22:42:12 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-07 22:42:12 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-07 22:42:12 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-07 22:42:12 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-07 22:42:12 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-07 22:42:12 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-07 18:33:19 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-03-07 18:33:00 0 d-------- C:\Programme\TuneUp Utilities 2007<TUNEUP~1>
2007-03-07 18:32:07 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard<WISEIN~1>
2007-03-06 15:14:04 4096 --a------ C:\WINDOWS\d3dx.dat
2007-03-06 15:11:56 0 d-------- C:\Programme\directx
2007-03-06 15:03:08 0 d-------- C:\Programme\JoWooD
2007-03-04 18:00:49 0 d-------- C:\Programme\VideoLAN
2007-03-03 17:47:30 0 d-------- C:\Programme\MSN Messenger<MSNMES~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-08 12:02:24 0 d-------- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AVG7
2007-03-08 11:59:29 0 d---s---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft<MICROS~1>
2007-03-07 18:32:07 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-03-07 13:02:53 0 d-------- C:\Programme\WLAN Monitor<WLANMO~1>
2007-03-04 18:02:00 0 d-------- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\vlc
2007-03-03 17:47:33 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2007-02-22 09:35:00 0 d-------- C:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1>
2007-02-09 19:20:27 0 d-------- C:\Programme\Java
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 22:49:41 135168 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 19:17:03 334336 --a------ C:\WINDOWS\system32\wiaservc.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"Windows Update"="C:\\WINDOWS\\scvhost.exe"
"msconfig"="C:\\WINDOWS\\scvhost.exe"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"
@="C:\\WINDOWS\\scvhost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
@="C:\\WINDOWS\\scvhost.exe"
"Windows Update"="C:\\WINDOWS\\scvhost.exe"
"msconfig"="C:\\WINDOWS\\scvhost.exe"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Windows Update"="C:\\WINDOWS\\scvhost.exe"
"msconfig"="C:\\WINDOWS\\scvhost.exe"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"
@="C:\\WINDOWS\\scvhost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@="C:\\WINDOWS\\scvhost.exe"
"Windows Update"="C:\\WINDOWS\\scvhost.exe"
"msconfig"="C:\\WINDOWS\\scvhost.exe"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PnPUI Registrator"="C:\\Programme\\Common Files\\Sitecom Shared\\PnP Universal Installer\\PnPUIReg.exe -s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"="C:\\Programme\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
"Smapp"="C:\\Programme\\Analog Devices\\SoundMAX\\SMTray.exe"
"Windows Update"="C:\\WINDOWS\\scvhost.exe"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"
"msconfig"="C:\\WINDOWS\\scvhost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Windows Update"="C:\\WINDOWS\\scvhost.exe"
"msconfig"="C:\\WINDOWS\\scvhost.exe"
"icq lite"="C:\\WINDOWS\\scvhost.exe"
"Update Checker"="C:\\WINDOWS\\scvhost.exe"
"AntiVir"="C:\\WINDOWS\\scvhost.exe"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG7ALRT
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG7CORE
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG7RSW
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG7RSXP
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG7UPDSVC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGCLEAN
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGEMS
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGTDI


-- End of ComboScan: finished at 2007-03-08 at 13:47:50 ------------------------


und hier das supplementary:

ComboScan v20070306.20 run by Admin on 2007-03-08 at 13:46:19
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: AMD Athlon(TM) MP 1700+
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 511.53 MiB / 284.14 MiB
Pagefile Memory (total/avail): 1250.31 MiB / 1014.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1981.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 9.82 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: AVG 7.5.446 v7.5.446 (GRISOFT)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) [COLOR=RED]Disabled[/COLOR]
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)


-- Environment Variables -------------------------------------------------------


-- User Profiles ---------------------------------------------------------------

Admin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programme\Adobe\Photoshop 7.0\Uninst.dll"
AVG 7.5 --> C:\Programme\Grisoft\AVG7\setup.exe /UNINSTALL
Avira AntiVir PersonalEdition Classic --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
EPSON-Drucker-Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Gothic II --> C:\PROGRA~1\JoWooD\GOTHIC~1\UNWISE.EXE C:\PROGRA~1\JoWooD\GOTHIC~1\INSTALL.LOG
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Microsoft Office XP Professional mit FrontPage --> MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft PowerPoint Viewer 97 --> C:\Programme\PowerPoint Viewer\setup\setup.exe
Nero 7 Essentials --> MsiExec.exe /I{A7661EF6-352F-D5A3-B913-B762230C1031}
Norton Ghost --> MsiExec.exe /I{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}
Odyssey Client --> MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F}
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Programme\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
USB 2.0 PCI Card --> "C:\Programme\Common Files\Sitecom Shared\PnP Universal Installer\uninstall.exe" "C:\WINDOWS\Temp\pnpui_cn-029.log" "USB 2.0 PCI Card" "cn-029" "Sitecom_cn-029"
VideoLAN VLC media player 0.8.6a --> C:\Programme\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe
WLAN Monitor --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2808E975-BD01-47DD-9852-54E3C622BDDC}\setup.exe" -l0x7
WLAN Quick-Starter --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E40268F4-7E9F-4E07-B773-7FF64971F42E}\setup.exe" -l0x7
Yahoo! Extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar mit Pop-Up-Blocker --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZyAIR G-220 Utility --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC024A3F-9C3C-4C16-BD3D-F7AE2C435429}\setup.exe" -l0x7 -removeonly
ZyXEL G-162 802.11g Wireless CardBus-Karte --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7BED5E90-AE87-4516-99AE-748EFBE5EFA8}\setup.exe" -l0x7


-- End of ComboScan: finished at 2007-03-08 at 13:47:50 ------------------------
Seitenanfang Seitenende
09.03.2007, 11:06
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 amador

««
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked

Zitat

F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe
««
Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\run-|Windows Update
HKLM\software\microsoft\windows\currentversion\run-|icq lite
HKLM\software\microsoft\windows\currentversion\run-|Update Checker
HKLM\software\microsoft\windows\currentversion\run-|AntiVir
HKLM\software\microsoft\windows\currentversion\run-|msconfig
HKLM\software\microsoft\windows\currentversion\runservices-|Windows Update
HKLM\software\microsoft\windows\currentversion\runservices-|msconfig
HKLM\software\microsoft\windows\currentversion\runservices-|icq lite
HKLM\software\microsoft\windows\currentversion\runservices-|Update Checker
HKLM\software\microsoft\windows\currentversion\runservices-|AntiVir
HKLM\software\microsoft\windows\currentversion\runonce|Windows Update
HKLM\software\microsoft\windows\currentversion\runonce|msconfig
HKLM\software\microsoft\windows\currentversion\runonce|icq lite
HKLM\software\microsoft\windows\currentversion\runonce|Update Checker
HKLM\software\microsoft\windows\currentversion\runonce|AntiVir
HKLM\software\microsoft\windows\currentversion\runonceex|Windows Update
HKLM\software\microsoft\windows\currentversion\runonceex|msconfig
HKLM\software\microsoft\windows\currentversion\runonceex|icq lite
HKLM\software\microsoft\windows\currentversion\runonceex|Update Checker
HKLM\software\microsoft\windows\currentversion\runonceex|AntiVir
HKLM\software\microsoft\windows\currentversion\runservices|Windows Update
HKLM\software\microsoft\windows\currentversion\runservices|msconfig
HKLM\software\microsoft\windows\currentversion\runservices|icq lite
HKLM\software\microsoft\windows\currentversion\runservices|Update Checker
HKLM\software\microsoft\windows\currentversion\runservices|AntiVir
HKLM\software\microsoft\windows\currentversion\run|Windows Update
HKLM\software\microsoft\windows\currentversion\run|msconfig
HKLM\software\microsoft\windows\currentversion\run|icq lite
HKLM\software\microsoft\windows\currentversion\run|Update Checker
HKLM\software\microsoft\windows\currentversion\run|AntiVir
HKLM\software\microsoft\windows\currentversion\policies\system|DisableTaskMgr

Files to delete:
C:\WINDOWS\scvhost.exe
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

-----------------------

««
http://virus-protect.org/artikel/tools/sdfix.html
SDFix.zip entpacken

es erscheint folgende Meldung:

"The SDFix Folder has been extracted to %systemdrive% - Please run from that location.
(%systemdrive% = drive that contains the Windows directory - typically C:\SDFix )"

unter C:\ findet man nun den SDFix-Ordner

boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)

gehe in den Ordner C:\SDFix

RunThis.bat doppelt klicken

schreibe: Y
folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag


««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: