Dienste und Programme (ICQ, MSN) beenden sich automatisch nach Aufruf?! |
||
---|---|---|
#0
| ||
28.04.2008, 20:15
...neu hier
Beiträge: 9 |
||
|
||
29.04.2008, 10:36
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo,
als erstes versuche es mit einer Systemwiederherstellung. dann lade Combofix /Warnmeldung wegklicken + poste den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.04.2008, 18:30
...neu hier
Themenstarter Beiträge: 9 |
#3
wenn ich die Systemwiederherstellung öffne, reagiert es kurz, Sanduhr wird beim Mauszeiger angezeigt, aber öffnet sich nicht/reagiert nicht
ich führ Combofix trotzdem mal aus... ComboFix 08-04-28.2 - Markus 2008-04-29 18:40:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1547 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Markus.MKS\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((( Dateien erstellt von 2008-03-28 bis 2008-04-29 )))))))))))))))))))))))))))))) . 2008-04-29 18:40 . 2008-04-29 18:40 1,024 --ah----- C:\Dokumente und Einstellungen\Default User.WINDOWS\ntuser.dat.LOG 2008-04-29 18:32 . 2008-04-29 18:32 <DIR> d-------- C:\Programme\CCleaner 2008-04-29 05:58 . 2008-04-29 08:11 <DIR> d-------- C:\Programme\Trillian 2008-04-29 05:29 . 2008-04-29 05:56 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\.purple 2008-04-29 05:26 . 2008-04-29 05:28 <DIR> d-------- C:\Programme\Pidgin 2008-04-29 05:26 . 2008-04-29 05:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK 2008-04-28 13:24 . 2008-04-28 13:26 <DIR> d-------- C:\Downloads 2008-04-28 13:23 . 2008-04-28 13:29 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\.SunDownloadManager 2008-04-26 13:04 . 2008-04-27 04:15 10 --a------ C:\WINDOWS\popcinfo.dat 2008-04-23 15:03 . 2008-04-23 15:03 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-23 15:02 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-04-22 16:30 . 2008-04-22 16:30 <DIR> d-------- C:\backup 2008-04-20 17:18 . 2008-04-22 16:29 <DIR> d-------- C:\sms 2008-04-20 17:12 . 2008-04-20 17:18 <DIR> d-------- C:\dms 2008-04-16 13:24 . 2008-04-16 13:24 <DIR> d-------- C:\Programme\Zattoo 2008-04-16 10:30 . 2008-04-16 10:30 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype 2008-04-16 10:30 . 2008-04-29 01:47 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\skypePM 2008-04-16 10:30 . 2008-04-16 10:30 32 --a------ C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ezsid.dat 2008-04-15 13:52 . 2008-04-15 13:52 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\SpeedProject 2008-04-15 13:51 . 2008-04-15 13:51 <DIR> d-------- C:\Programme\SpeedCommander 12 2008-04-14 15:20 . 2008-04-14 15:23 <DIR> d-------- C:\Programme\EnterpriseArchitect 2008-04-14 15:20 . 2008-04-14 15:20 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Sparx Systems 2008-04-13 10:58 . 2008-04-29 08:11 <DIR> d-------- C:\Programme\ICQLite 2008-04-09 14:19 . 2008-04-09 14:20 <DIR> d-------- C:\Programme\Notebook Hardware Control 2008-04-09 14:19 . 2008-04-27 04:39 22,528 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys 2008-04-08 22:39 . 2008-04-08 22:39 2,835 --a------ C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\SAS7_000.DAT 2008-04-08 22:21 . 2008-04-08 22:21 0 --a------ C:\WINDOWS\plclient.INI 2008-04-08 22:20 . 2008-04-08 22:20 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Nuance 2008-04-08 22:09 . 2008-04-08 22:09 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Scansoft Shared 2008-04-08 22:09 . 2008-04-08 22:09 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ScanSoft 2008-04-08 22:08 . 2008-04-08 22:21 <DIR> d-------- C:\WINDOWS\speech 2008-04-08 22:08 . 2008-04-08 22:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Nuance 2008-04-08 15:58 . 2008-04-22 13:50 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-04-08 15:58 . 2008-04-22 13:50 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-04-08 15:57 . 2008-04-28 16:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Kaspersky Lab 2008-04-08 15:57 . 2008-04-29 18:43 26,528,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-08 15:57 . 2008-04-29 18:43 295,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-08 15:57 . 2008-04-28 16:40 237,596 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-08 15:57 . 2008-04-28 16:40 31,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-08 12:45 . 2008-04-20 22:07 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP 2008-04-08 12:44 . 2008-04-20 22:07 <DIR> d-------- C:\Programme\Registry Repair Wizard 2008-04-08 12:22 . 2008-04-28 16:26 <DIR> d-------- C:\Programme\Able2Doc Professional 4.0 2008-04-08 11:38 . 2008-04-08 11:38 <DIR> d-------- C:\Labfiles 2008-04-08 00:04 . 2008-04-28 16:41 <DIR> d-------- C:\Programme\Unlocker 2008-04-08 00:04 . 2008-04-23 15:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft 2008-04-06 22:25 . 2008-04-06 22:25 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\vlc 2008-04-06 22:21 . 2008-04-06 22:21 <DIR> d-------- C:\Programme\VLC 2008-04-06 21:57 . 2008-04-08 15:57 <DIR> d-------- C:\Programme\Kaspersky Lab 2008-04-06 21:35 . 2008-04-06 21:35 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Bullzip 2008-04-06 21:34 . 2008-04-12 19:16 <DIR> d-------- C:\Programme\Foxit Reader 2008-04-06 20:22 . 2008-04-16 10:28 <DIR> d-------- C:\Programme\Google 2008-04-06 19:36 . 2008-04-14 21:50 <DIR> d-------- C:\Programme\BayGenie Pro 2008-04-05 13:07 . 2008-04-05 13:07 <DIR> d-------- C:\Programme\FavOrg 2008-04-04 18:35 . 2008-04-04 18:35 <DIR> d-------- C:\Programme\Synaptics 2008-04-04 18:35 . 2005-09-30 15:55 191,872 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2008-04-04 18:35 . 2005-09-30 15:58 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll 2008-04-04 18:35 . 2005-09-30 15:58 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2008-04-04 18:35 . 2005-09-30 15:57 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll 2008-04-04 18:35 . 2005-09-30 16:12 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll 2008-04-04 18:35 . 2005-09-30 16:10 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2008-04-04 17:50 . 2008-04-29 18:14 <DIR> d-------- C:\Programme\Mozilla Firefox 3 Beta 5 2008-04-01 10:23 . 2008-04-01 10:23 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\IBM 2008-04-01 10:20 . 2007-10-21 00:45 <DIR> d--h----- C:\Dokumente und Einstellungen\frickm\Vorlagen 2008-04-01 10:20 . 2007-10-21 01:32 <DIR> dr------- C:\Dokumente und Einstellungen\frickm\Startmenü 2008-04-01 10:20 . 2007-10-21 01:32 <DIR> d--h----- C:\Dokumente und Einstellungen\frickm\Netzwerkumgebung 2008-04-01 10:20 . 2008-04-29 18:43 <DIR> d--h----- C:\Dokumente und Einstellungen\frickm\Lokale Einstellungen 2008-04-01 10:20 . 2007-10-21 01:32 <DIR> d-------- C:\Dokumente und Einstellungen\frickm\Favoriten 2008-04-01 10:20 . 2007-10-21 01:32 <DIR> d--h----- C:\Dokumente und Einstellungen\frickm\Druckumgebung 2008-04-01 10:20 . 2007-10-21 01:32 <DIR> dr-h----- C:\Dokumente und Einstellungen\frickm\Anwendungsdaten 2008-04-01 10:20 . 2008-04-01 10:20 <DIR> d-------- C:\Dokumente und Einstellungen\frickm 2008-04-01 10:20 . 2008-04-01 10:20 <DIR> d-------- C:\DB2 2008-04-01 10:20 . 2008-04-29 18:40 1,024 --ah----- C:\Dokumente und Einstellungen\frickm\ntuser.dat.LOG 2008-04-01 10:18 . 2008-04-01 10:18 <DIR> d-------- C:\WINDOWS\cluster 2008-04-01 10:17 . 2008-04-01 10:17 <DIR> d-------- C:\Programme\IBM 3 Datei(en) . 238,782 C:\ComboFix\Bytes 2 Datei(en) . 238,592 C:\ComboFix\Bytes 2 Datei(en) . 2,897 C:\ComboFix\Bytes 2 Datei(en) . 94 C:\ComboFix\Bytes 1 Datei(en) . 62 C:\ComboFix\Bytes . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-29 16:24 --------- d-----w C:\Programme\Biet-O-Matic 2008-04-29 02:01 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Skype 2008-04-28 14:37 --------- d-----w C:\Programme\Kate's Video Cutter 2008-04-28 14:34 --------- d-----w C:\Programme\Audio180v3 2008-04-28 14:25 --------- d-----w C:\Programme\MP3 WAV Converter 2008-04-28 14:24 --------- d-----w C:\Programme\Total Video Converter 2008-04-28 14:22 --------- d-----w C:\Programme\The Rosetta Stone 2008-04-28 14:15 --------- d-----w C:\Programme\Spybot - Search & Destroy 2008-04-28 14:15 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy 2008-04-28 10:49 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\pdf995 2008-04-23 13:18 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-04-23 13:03 --------- d-----w C:\Programme\TuneUp Utilities 2008 2008-04-08 13:55 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Kaspersky Lab Setup Files 2008-04-07 22:26 --------- d-----w C:\Programme\Winamp 2008-04-04 15:49 --------- d-----w C:\Programme\Mozilla Firefox 3 Beta 4 2008-04-01 08:23 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Microsoft Help 2008-03-27 09:21 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\QIP 2008-03-26 20:54 --------- d-----w C:\Programme\QIP 2008-03-26 18:45 --------- d-----w C:\Programme\Citavi 2008-03-26 18:39 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Academic Software Zurich 2008-03-24 13:25 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\IBM 2008-03-23 06:23 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Yahoo! 2008-03-21 00:54 --------- d-----w C:\Programme\Replay Media Catcher 2008-03-20 17:12 --------- d-----w C:\Programme\No23 Recorder 2008-03-20 16:39 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\TrueCrypt 2008-03-20 15:07 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\InstallShield 2008-03-20 15:01 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2008-03-20 14:26 223,424 ----a-w C:\WINDOWS\system32\drivers\truecrypt.sys 2008-03-20 14:26 --------- d-----w C:\Programme\TrueCrypt 2008-03-20 13:42 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\WEB.DE 2008-03-19 23:10 --------- d-----w C:\Programme\CHM2PDF Pilot 2008-03-19 19:48 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel 2008-03-19 14:03 --------- d-----w C:\Programme\VideoLAN 2008-03-19 12:50 --------- d-----w C:\Programme\ARIS7.0 2008-03-18 13:09 204,800 ----a-w C:\WINDOWS\system32\FoxyUninstall.exe 2008-03-16 21:02 --------- d-----w C:\Programme\PacificPoker4 2008-03-16 18:32 --------- d-----w C:\Programme\GnuPG 2008-03-16 18:32 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\gnupg 2008-03-15 23:19 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-03-14 05:00 --------- d-----w C:\Programme\QIP8040 2008-03-10 14:17 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\PhraseExpress 2008-03-10 14:16 --------- d-----w C:\Programme\PhraseExpress 2008-03-10 14:16 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PhraseExpress 2008-03-02 18:48 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\3M 2008-03-01 12:02 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Dexpot 2008-03-01 10:53 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-02-28 00:48 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\teamspeak2 2008-02-18 21:02 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-02-13 11:00 439,296 ----a-w C:\WINDOWS\system32\HTML2PDF.DLL 2008-02-13 10:20 3,239,424 ----a-w C:\WINDOWS\system32\PDFCreatorPilot3.dll 2008-01-31 11:57 107,864 ----a-w C:\WINDOWS\system32\tsccvid.dll 2006-12-29 15:15 626,688 ----a-w C:\Programme\Gemeinsame Dateien\sapconsaccess.dll 2006-12-29 15:15 40,960 ----a-w C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx 2006-12-29 15:15 3,100,672 ----a-w C:\Programme\Gemeinsame Dateien\sapxlhelper.dll 2006-12-29 15:15 192,512 ----a-w C:\Programme\Gemeinsame Dateien\sapconsr3.dll 2006-12-07 10:26 1,129,984 ----a-w C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt 2006-12-07 10:26 1,124,864 ----a-w C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt 2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2007-10-20 22:53 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007102120071022\index.dat . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:57 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-02-03 10:43 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "IntelliPoint"="C:\Programme\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-16 04:42 7331840] "nwiz"="nwiz.exe" [2005-12-16 04:42 1519616 C:\WINDOWS\system32\nwiz.exe] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-09-30 16:09 737370] "AVP"="C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:57 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="regsvr32 /s /n /i:U shell32" [] "nltide_3"="advpack.dll" [2007-10-09 22:04 124928 C:\WINDOWS\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 11 (0xb) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Cisco Systems VPN Client.lnk] backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Post-it® Digital Notes.lnk] backup=C:\WINDOWS\pss\Post-it® Digital Notes.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Markus.MKS^Startmenü^Programme^Autostart^Locate32 Autorun.lnk] backup=C:\WINDOWS\pss\Locate32 Autorun.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 02:57 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-04 00:29 165784 C:\Programme\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder] --a------ 2006-06-30 13:57 1409024 D:\Dragon Naturally Speaking 9\Program\ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 16:15 221184 C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2006-09-11 05:56 86960 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Programme\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl] --a------ 2007-05-04 02:33 2629632 C:\Programme\Notebook Hardware Control\nhc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall] --a------ 2007-03-09 16:29 2224104 C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhraseExpress] --a------ 2008-01-29 19:47 2550888 C:\Programme\PhraseExpress\PhraseExpress.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Programme\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2003-09-29 16:00 155648 C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Programme\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-12-07 14:00 12288 C:\Programme\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AppMgmt"=3 (0x3) "aspnet_state"=3 (0x3) "Netlogon"=2 (0x2) "MSDTC"=3 (0x3) "helpsvc"=2 (0x2) "BITS"=3 (0x3) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "mnmsrvc"=3 (0x3) "odserv"=3 (0x3) "lanmanserver"=3 (0x3) "ose"=3 (0x3) "SENS"=2 (0x2) "TuneUp.Defrag"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Google\\Google Talk\\googletalk.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:58] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S2 DB2-0;DB2 - DB2COPY1 - DB2-0;C:\Programme\IBM\SQLLIB\bin\db2syscs.exe [2007-07-23 02:49] S2 Notebook Hardware Control Service;Notebook Hardware Control Service;C:\Programme\Notebook Hardware Control\nhcservice.exe [2008-04-09 14:20] S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 10:06] S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);"C:\Programme\IBM\SQLLIB\BIN\db2govds.exe" [2007-07-23 02:45] S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);C:\Programme\IBM\SQLLIB\BIN\db2licd.exe [2007-07-23 02:46] S3 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);C:\Programme\IBM\SQLLIB\BIN\db2mgmtsvc.exe [2007-07-23 02:47] S3 DB2NTSECSERVER_DB2COPY1;DB2 Security Server (DB2COPY1);"C:\Programme\IBM\SQLLIB\BIN\db2sec.exe" [2007-07-23 02:48] S3 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);"C:\Programme\IBM\SQLLIB\BIN\db2rcmd.exe" [2007-07-23 02:48] S4 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-23 15:03] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME . Inhalt des "geplante Tasks" Ordners "2008-04-29 06:00:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job" - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe "2008-02-07 10:02:15 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job" - C:\Programme\Microsoft IntelliPoint\ipoint.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-29 18:43:20 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-04-29 18:44:40 ComboFix-quarantined-files.txt 2008-04-29 16:44:36 18 Verzeichnis(se), 1,352,978,432 Bytes frei 21 Verzeichnis(se), 1,505,079,296 Bytes frei 282 Dieser Beitrag wurde am 29.04.2008 um 18:47 Uhr von mks editiert.
|
|
|
||
30.04.2008, 01:40
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo,
du hast die Combofix schon mal angewendet ??? Leider weiss ich nun nicht, was da so alles in Quarantäne genommen wurde.. ComboFix-quarantined-files.txt 2008-04-29 16:44:36 --------------- da der Combofix so gut geklappt hat, poste nun die 2 Logs von Comboscan http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.04.2008, 02:46
...neu hier
Themenstarter Beiträge: 9 |
#5
ja die ComboFix hab ich schon angewendet (siehe Auswertung im letzten Post)
Okay hier die 2 logs, einmal die main.txt: Deckard's System Scanner v20071014.68 Run by Markus on 2008-04-30 02:41:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 13: 2008-04-30 00:41:25 UTC - RP177 - Deckard's System Scanner Restore Point 12: 2008-04-29 16:39:50 UTC - RP176 - ComboFix created restore point 11: 2008-04-28 14:16:46 UTC - RP175 - Windows Live Messenger wird entfernt 10: 2008-04-28 14:13:12 UTC - RP174 - Removed O&O DiskRecovery. 9: 2008-04-28 14:11:10 UTC - RP173 - Removed CHM2PDF Pilot 2.15.72 Trial -- First Restore Point -- 1: 2008-04-17 09:19:37 UTC - RP165 - Systemprüfpunkt Backed up registry hives. Performed disk cleanup. [color=red]System Drive C: has 1.29 GiB (less than 15%) free.[/color] -- HijackThis (run as Markus.exe) ---------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-04-30 02:43:46 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.20661) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\Microsoft IntelliPoint\ipoint.exe C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Programme\Biet-O-Matic\Biet-O-Matic.exe C:\Dokumente und Einstellungen\Markus.MKS\Desktop\dss.exe C:\Dokumente und Einstellungen\Markus.MKS\Desktop\hijackthis_199\Markus.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\messenger\msmsgs.exe O11 - Options Group: [TABS] Tabbed Browsing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DB2 - DB2COPY1 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2syscs.exe O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\\bin\db2dasrrm.exe O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2govds.exe O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2licd.exe O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2mgmtsvc.exe O23 - Service: DB2 Security Server (DB2COPY1) (DB2NTSECSERVER_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2sec.exe O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2rcmd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=c:\xampp\mysql\bin\my.cnf mysql O23 - Service: Notebook Hardware Control Service - http://www.pbus-167.com - C:\Programme\Notebook Hardware Control\nhcservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe -- End of file - 8175 bytes -- HijackThis Fixed Entries (C:\DOKUME~1\Markus.MKS\Desktop\HIJACK~1\backups\) - backup-20070306-021206-385 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20070306-021206-788 F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe backup-20080428-200945-219 O11 - Options group: [INTERNATIONAL] International* backup-20080428-200945-521 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) backup-20080428-200946-403 O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe (file missing) backup-20080428-200946-978 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0> R2 s24trans (WLAN-Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> S3 APLMp50 (APLMp50 NDIS Protocol Driver) - c:\windows\system32\drivers\aplmp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 nhcDriverDevice (Notebook Hardware Control Driver) - c:\windows\system32\drivers\nhcdriver.sys <Not Verified; pBUS-167 Software - http://www.pbus-167.com; Notebook Hardware Control Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\programme\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service> S2 Notebook Hardware Control Service - c:\programme\notebook hardware control\nhcservice.exe <Not Verified; http://www.pbus-167.com; Notebook Hardware Control Service> S4 mysql - c:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=c:\xampp\mysql\bin\my.cnf mysql (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: BCM92045NMD Device ID: USB\VID_0A5C&PID_2101\5&11BBCF3F&0&2 Manufacturer: Name: BCM92045NMD PNP Device ID: USB\VID_0A5C&PID_2101\5&11BBCF3F&0&2 Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA -- Scheduled Tasks ------------------------------------------------------------- 2008-04-29 20:00:00 494 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job 2008-02-07 12:02:15 276 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job -- Files created between 2008-03-30 and 2008-04-30 ----------------------------- 2008-04-29 18:38:00 68096 --a------ C:\WINDOWS\zip.exe 2008-04-29 18:38:00 49152 --a------ C:\WINDOWS\VFind.exe 2008-04-29 18:38:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-04-29 18:38:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-04-29 18:38:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-04-29 18:38:00 98816 --a------ C:\WINDOWS\sed.exe 2008-04-29 18:38:00 80412 --a------ C:\WINDOWS\grep.exe 2008-04-29 18:38:00 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-04-29 18:35:52 0 dr-h----- C:\Dokumente und Einstellungen\Markus.MKS\Recent 2008-04-29 18:32:16 0 d-------- C:\Programme\CCleaner 2008-04-29 05:58:37 0 d-------- C:\Programme\Trillian 2008-04-29 05:26:35 0 d-------- C:\Programme\Gemeinsame Dateien\GTK 2008-04-28 13:24:19 0 d-------- C:\Downloads 2008-04-28 13:23:56 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\.SunDownloadManager 2008-04-26 13:04:02 10 --a------ C:\WINDOWS\popcinfo.dat 2008-04-22 16:30:05 0 d-------- C:\backup 2008-04-20 17:18:13 0 d-------- C:\sms 2008-04-20 17:12:16 0 d-------- C:\dms 2008-04-16 13:24:42 0 d-------- C:\Programme\Zattoo 2008-04-16 10:30:14 0 d-------- C:\Programme\Gemeinsame Dateien\Skype 2008-04-15 13:51:52 0 d-------- C:\Programme\SpeedCommander 12 2008-04-14 15:20:08 0 d-------- C:\Programme\EnterpriseArchitect 2008-04-13 10:58:02 0 d-------- C:\Programme\ICQLite 2008-04-09 14:19:38 22528 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys <Not Verified; pBUS-167 Software - http://www.pbus-167.com; Notebook Hardware Control Driver> 2008-04-09 14:19:11 0 d-------- C:\Programme\Notebook Hardware Control 2008-04-08 22:09:32 0 d-------- C:\Programme\Gemeinsame Dateien\Scansoft Shared 2008-04-08 22:08:07 0 d-------- C:\WINDOWS\speech 2008-04-08 15:58:43 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-04-08 15:58:42 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-04-08 15:57:51 300064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-08 15:57:51 26578976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-08 12:44:59 0 d-------- C:\Programme\Registry Repair Wizard 2008-04-08 12:22:35 0 d-------- C:\Programme\Able2Doc Professional 4.0 2008-04-08 11:38:32 0 d-------- C:\Labfiles 2008-04-06 22:21:07 0 d-------- C:\Programme\VLC 2008-04-06 21:57:22 0 d-------- C:\Programme\Kaspersky Lab 2008-04-06 21:34:18 0 d-------- C:\Programme\Foxit Reader 2008-04-06 20:22:18 0 d-------- C:\Programme\Google 2008-04-06 19:36:29 0 d-------- C:\Programme\BayGenie Pro 2008-04-05 13:07:19 0 d-------- C:\Programme\FavOrg 2008-04-04 18:35:09 0 d-------- C:\Programme\Synaptics 2008-04-04 17:50:18 0 d-------- C:\Programme\Mozilla Firefox 3 Beta 5 2008-04-01 10:32:42 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Application Data\IBM 2008-04-01 10:20:56 0 d-------- C:\DB2 2008-04-01 10:18:07 0 d-------- C:\WINDOWS\cluster 2008-04-01 10:17:53 0 d-------- C:\Programme\IBM -- Find3M Report --------------------------------------------------------------- 2008-04-30 02:39:28 0 d-------- C:\Programme\Biet-O-Matic 2008-04-29 05:56:13 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\.purple 2008-04-29 05:26:35 0 d-------- C:\Programme\Gemeinsame Dateien 2008-04-29 04:01:12 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Skype 2008-04-29 01:47:03 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\skypePM 2008-04-28 16:37:09 0 d-------- C:\Programme\Kate's Video Cutter 2008-04-28 16:34:16 0 d-------- C:\Programme\Audio180v3 2008-04-28 16:25:56 0 d-------- C:\Programme\MP3 WAV Converter 2008-04-28 16:24:53 0 d-------- C:\Programme\Total Video Converter 2008-04-28 16:22:26 0 d-------- C:\Programme\The Rosetta Stone 2008-04-23 15:18:45 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-04-23 15:03:24 0 d-------- C:\Programme\TuneUp Utilities 2008 2008-04-15 13:52:00 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\SpeedProject 2008-04-14 15:20:35 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Sparx Systems 2008-04-08 22:39:14 2835 --a------ C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\SAS7_000.DAT 2008-04-08 22:20:53 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Nuance 2008-04-08 15:10:54 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\WinRAR 2008-04-08 00:26:23 0 d-------- C:\Programme\Winamp 2008-04-06 22:25:40 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\vlc 2008-04-06 21:59:21 464718 --a------ C:\WINDOWS\system32\perfh007.dat 2008-04-06 21:59:21 92762 --a------ C:\WINDOWS\system32\perfc007.dat 2008-04-06 21:35:40 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Bullzip 2008-04-06 17:56:57 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Google 2008-04-04 17:49:31 0 d-------- C:\Programme\Mozilla Firefox 3 Beta 4 2008-04-01 10:23:11 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\IBM 2008-03-27 11:21:15 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\QIP 2008-03-26 22:54:24 0 d-------- C:\Programme\QIP 2008-03-26 20:45:56 0 d-------- C:\Programme\Citavi 2008-03-26 20:39:45 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Academic Software Zurich 2008-03-23 08:23:11 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Adobe 2008-03-21 02:54:29 0 d-------- C:\Programme\Replay Media Catcher 2008-03-20 19:12:25 0 d-------- C:\Programme\No23 Recorder 2008-03-20 18:39:44 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\TrueCrypt 2008-03-20 17:01:55 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield 2008-03-20 16:26:07 0 d-------- C:\Programme\TrueCrypt 2008-03-20 15:42:38 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\WEB.DE 2008-03-20 01:10:56 0 d-------- C:\Programme\CHM2PDF Pilot 2008-03-19 16:03:28 0 d-------- C:\Programme\VideoLAN 2008-03-19 14:50:49 0 d-------- C:\Programme\ARIS7.0 2008-03-18 15:09:04 204800 --a------ C:\WINDOWS\system32\FoxyUninstall.exe 2008-03-16 23:02:20 0 d-------- C:\Programme\PacificPoker4 2008-03-16 20:32:36 0 d-------- C:\Programme\GnuPG 2008-03-16 20:32:13 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\gnupg 2008-03-16 01:19:54 0 d--h----- C:\Programme\InstallShield Installation Information 2008-03-14 07:00:15 0 d-------- C:\Programme\QIP8040 2008-03-13 11:34:22 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Mozilla 2008-03-10 16:17:08 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\PhraseExpress 2008-03-10 16:16:58 0 d-------- C:\Programme\PhraseExpress 2008-03-02 20:48:30 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\3M 2008-03-01 14:02:51 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Dexpot 2008-03-01 12:53:12 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe 2008-02-18 23:02:32 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2008-02-13 13:00:44 439296 --a------ C:\WINDOWS\system32\HTML2PDF.DLL <Not Verified; Two Pilots; HTML2PDF Add-on for PDF Creator Pilot> 2008-02-13 12:20:06 3239424 --a------ C:\WINDOWS\system32\PDFCreatorPilot3.dll <Not Verified; Two Pilots; PDFCreatorPilot> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [28.12.2005 11:55] "IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [28.12.2005 11:56] "EOUApp"="C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" [28.12.2005 12:00] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03.02.2006 10:43 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "IntelliPoint"="C:\Programme\Microsoft IntelliPoint\ipoint.exe" [31.08.2007 13:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16.12.2005 04:42] "nwiz"="nwiz.exe" [16.12.2005 04:42 C:\WINDOWS\system32\nwiz.exe] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [30.09.2005 16:09] "AVP"="C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [28.06.2007 12:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 02:57] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide_2"=regsvr32 /s /n /i:U shell32 "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) "MaxRecentDocs"=11 (0xb) "ClearRecentDocsOnExit"=1 (0x1) "NoSharedDocuments"=00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Cisco Systems VPN Client.lnk] backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Post-it® Digital Notes.lnk] backup=C:\WINDOWS\pss\Post-it® Digital Notes.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Markus.MKS^Startmenü^Programme^Autostart^Locate32 Autorun.lnk] backup=C:\WINDOWS\pss\Locate32 Autorun.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder] "D:\Dragon Naturally Speaking 9\Program\ereg.exe" -r "D:\Dragon Naturally Speaking 9\Program\ereg.ini" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhraseExpress] C:\Programme\PhraseExpress\PhraseExpress.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Programme\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AppMgmt"=3 (0x3) "aspnet_state"=3 (0x3) "Netlogon"=2 (0x2) "MSDTC"=3 (0x3) "helpsvc"=2 (0x2) "BITS"=3 (0x3) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "mnmsrvc"=3 (0x3) "odserv"=3 (0x3) "lanmanserver"=3 (0x3) "ose"=3 (0x3) "SENS"=2 (0x2) "TuneUp.Defrag"=3 (0x3) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 7827 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-04-30 02:44:38 ------------ Und die extra.txt: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Genuine Intel(R) CPU T2050 @ 1.60GHz CPU 1: Genuine Intel(R) CPU T2050 @ 1.60GHz Percentage of Memory in Use: 22% Physical Memory (total/avail): 2046.11 MiB / 1588.67 MiB Pagefile Memory (total/avail): 3428.3 MiB / 3174.35 MiB Virtual Memory (total/avail): 2047.88 MiB / 1918.16 MiB C: is Fixed (NTFS) - 16 GiB total, 1.29 GiB free. D: is Fixed (NTFS) - 45.98 GiB total, 4.54 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is Fixed (NTFS) - 10.59 GiB total, 7.23 GiB free. H: is CDROM (No Media) \\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH PL - 74.53 GiB - 4 partitions \PARTITION0 (bootable) - Installierbares Dateisystem - 16 GiB - C: \PARTITION1 - Erweiterte Partition - 45.98 GiB - D: \PARTITION2 - Installierbares Dateisystem - 10.59 GiB - G: \PARTITION3 - Unknown - 2000.28 MiB -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab) [COLOR=RED]Disabled[/COLOR] AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab) [COLOR=RED]Disabled[/COLOR] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Google\\Google Talk\\googletalk.exe"="C:\\Programme\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" -- Environment Variables ------------------------------------------------------- -- User Profiles --------------------------------------------------------------- Markus.MKS (admin) db2admin (admin) frickm (admin) Administrator (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C24BF6E0-A0D8-4A82-8CBA-7389824BAB1B} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.42 --> "C:\Programme\7-Zip\Uninstall.exe" AcronisDisk Director Suite --> MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Audio File Cutter 3.20 --> "C:\Programme\Audio File Cutter\unins000.exe" BayGenie eBay Auction Sniper Pro Edition 3.1.4.0 --> "C:\Programme\BayGenie Pro\unins000.exe" Biet-O-Matic v2.1.00 --> C:\PROGRA~1\BIET-O~1\UNWISE.EXE C:\PROGRA~1\BIET-O~1\Install.log CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe" CDex extraction audio --> "C:\Programme\CDex_170b2\uninstall.exe" Citavi 2.4.0.3 --> C:\Programme\Citavi\Deinstallieren.exe Citavi Picker 2.0 für Word --> C:\Programme\Citavi\Citavi Picker\Word\Deinstallieren.exe Conexant HD Audio --> C:\Programme\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -ITW3Vena.inf DB2 Enterprise Server Edition - DB2COPY1 --> MsiExec.exe /I{F23620AE-7E17-4863-898D-7F191B39022C} Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA} Enterprise Architect 7.0 --> MsiExec.exe /I{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE} FavOrg --> C:\PROGRA~1\FavOrg\UNWISE.EXE C:\PROGRA~1\FavOrg\INSTALL.LOG Foxit Reader --> C:\Programme\Foxit Reader\Uninstall.exe Free YouTube to Mp3 Converter version 2.4 --> "C:\Programme\Free YouTube to Mp3 Converter\unins000.exe" GnuPG For Windows --> "C:\Programme\GnuPG\gpg4win-uninstall.exe" Google Earth Pro --> MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0} Google Talk (remove only) --> "C:\Programme\Google\Google Talk\uninstall.exe" GTK+ Runtime 2.12.8 rev a (nur entfernen) --> C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 1.99.1 --> C:\Dokumente und Einstellungen\Markus.MKS\Desktop\hijackthis_199\HijackThis.exe /uninstall Hotfix für Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe" Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe Java 2 Runtime Environment, SE v1.4.2_16 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142160} Java 2 SDK, SE v1.4.2_16 --> MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142160} Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030} Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} Locate32 --> C:\Programme\Locate\Remove.exe Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F} mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft Office Access MUI (German) 2007 --> MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007 --> MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007 --> MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007 --> MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007 --> MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft redistributable runtime DLLs VS2005 SP1(x86) --> MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27} Microsoft redistributable runtime DLLs VS2005(x86) --> MsiExec.exe /I{C0DB380B-97B5-4BB8-AC8D-1835E61439B6} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mozilla Firefox (2.0.0.13) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe Mozilla Firefox (3.0b5) --> C:\Programme\Mozilla Firefox 3 Beta 5\uninstall\helper.exe mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nero 8 Micro 8.1.1.3 --> "C:\Programme\Nero\unins000.exe" Neuro-Programmer 2 Home Edition --> "C:\Programme\Neuro-Programmer 2\Neuro-Programmer 2.exe" -uninstall Notebook Hardware Control 2.0 Pre-Release-06 --> C:\Programme\Notebook Hardware Control\uninst.exe NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Ovis pdf-Recover 1.2 --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\Ovis\UninstRC.isu Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG PC Inspector smart recovery --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x7 Pdf995 --> C:\Programme\pdf995\setup.exe uninstall PhraseExpress v5.0.46 --> "C:\Programme\PhraseExpress\unins000.exe" QIP 2005 Uninstall --> "C:\Programme\QIP\unqip.exe" QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067} Registry Mechanic 7.0 --> "C:\Programme\Registry Mechanic\unins000.exe" Replay AV 8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstall8.ini" Replay Media Catcher --> "C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml" SAP GUI 7.10 --> "C:\Programme\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPGUI710" /uninstall Sicherheitsupdate für Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Soft Data Fax Modem with SmartCP --> C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_152D0753\HXFSETUP.EXE -U -ITW3Venpm.inf SpeedCommander 12 --> C:\Programme\SpeedCommander 12\UnInstall.exe Synaptics Pointing Device Driver --> rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1031 TextPad 5 --> MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64} TrueCrypt --> "C:\Programme\TrueCrypt\TrueCrypt Setup.exe" /u TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} TutorWIN für SAP R3 Dialogfunktionen Rel. 4.6 --> C:\TUTORW~1\V46\TWUNINST.EXE C:\TUTORW~1\V46\prod_D01.log TutorWIN für SAP R3 LesBase --> C:\TUTORW~1\V46\TWUNINST.EXE C:\TUTORW~1\V46\les_base.log VideoLAN VLC media player 0.8.6f --> C:\Programme\VLC\uninstall.exe VPN Client --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall WinRAR --> C:\Programme\WinRAR\uninstall.exe Zattoo 3.1.1 Beta --> C:\Programme\Zattoo\uninst.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type1931 / Warning Event Submitted/Written: 04/28/2008 04:39:04 PM Event ID/Source: 4353 / EventSystem Event Description: Das COM+-Ereignissystem hat versucht, das EventObjectChange::ChangedSubscription-Ereignis auszulösen, hat aber einen ungültigen Rückgabecode erhalten. HRESULT war 80040201. Event Record #/Type1930 / Warning Event Submitted/Written: 04/28/2008 04:39:04 PM Event ID/Source: 4356 / EventSystem Event Description: Das COM+-Ereignissystem konnte keine Instanz des Abonnenten partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} erstellen. CoGetObject gab HRESULT 80070422 zurück. Event Record #/Type1929 / Warning Event Submitted/Written: 04/28/2008 04:39:04 PM Event ID/Source: 4353 / EventSystem Event Description: Das COM+-Ereignissystem hat versucht, das EventObjectChange::ChangedSubscription-Ereignis auszulösen, hat aber einen ungültigen Rückgabecode erhalten. HRESULT war 80040201. Event Record #/Type1928 / Warning Event Submitted/Written: 04/28/2008 04:39:04 PM Event ID/Source: 4356 / EventSystem Event Description: Das COM+-Ereignissystem konnte keine Instanz des Abonnenten partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} erstellen. CoGetObject gab HRESULT 80070422 zurück. Event Record #/Type1920 / Warning Event Submitted/Written: 04/27/2008 04:41:09 AM Event ID/Source: 4353 / EventSystem Event Description: Das COM+-Ereignissystem hat versucht, das EventObjectChange::ChangedSubscription-Ereignis auszulösen, hat aber einen ungültigen Rückgabecode erhalten. HRESULT war 80040201. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type10987 / Warning Event Submitted/Written: 04/30/2008 02:36:30 AM Event ID/Source: 1003 / Dhcp Event Description: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 0016367BDD1D zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten. Event Record #/Type10986 / Warning Event Submitted/Written: 04/29/2008 07:50:51 PM Event ID/Source: 57 / Ftdisk Event Description: Die Daten konnten nicht in das Transaktionsprotokoll verschoben werden. Möglicherweise sind die Daten beschädigt. Event Record #/Type10965 / Warning Event Submitted/Written: 04/29/2008 06:14:11 PM Event ID/Source: 1003 / Dhcp Event Description: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 0016367BDD1D zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten. Event Record #/Type10963 / Warning Event Submitted/Written: 04/29/2008 01:23:02 AM Event ID/Source: 1007 / Dhcp Event Description: Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 0016367BDD1D wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.5.216. Event Record #/Type10960 / Warning Event Submitted/Written: 04/29/2008 01:23:00 AM Event ID/Source: 1003 / Dhcp Event Description: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 0016367BDD1D zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten. -- End of Deckard's System Scanner: finished at 2008-04-30 02:44:38 ------------ Zusätzlich hier noch meine Hijackthis Auswertung: Logfile of HijackThis v1.99.1 Scan saved at 02:43:56, on 30.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20661) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\Microsoft IntelliPoint\ipoint.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Programme\Biet-O-Matic\Biet-O-Matic.exe C:\Dokumente und Einstellungen\Markus.MKS\Desktop\dss.exe C:\DOKUME~1\Markus.MKS\Desktop\HIJACK~1\Markus.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DB2 - DB2COPY1 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\bin\db2syscs.exe O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\\bin\db2dasrrm.exe O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2govds.exe O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2licd.exe O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2mgmtsvc.exe O23 - Service: DB2 Security Server (DB2COPY1) (DB2NTSECSERVER_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2sec.exe O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2rcmd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Notebook Hardware Control Service - http://www.pbus-167.com - C:\Programme\Notebook Hardware Control\nhcservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe Dieser Beitrag wurde am 30.04.2008 um 02:54 Uhr von mks editiert.
|
|
|
||
30.04.2008, 11:59
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo,
1. keine Ahnung, warum du die wpdshserviceobj.dll gefixt hast wende das Backup vom HijackThis an (findest du, wenn du HijackThis öffnst) 2. dann fixe erneut alle Einträge AUSSER: O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll Der Windows Portable Device Shell Service Object Prozess gehört zur Software Microsoft® Windows® Operating -------------- 3. HOSTFILE: *öffne das HijackThis *Do a system scan only *Config *Misc Tools *Open Hosts file Manager *delet line(s) lösche alles , lasse nur stehen: 127.0.0.1 localhost 4. PC neustarten 5. wende datfindbat an - poste alle Daten bis November 2007 (sind nach Datum geordnet) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.05.2008, 02:11
...neu hier
Themenstarter Beiträge: 9 |
#7
Ok, alles soweit ausgeführt!
Hier die datfindbat Auswertung: (Meintest du die Einträge von jetzt ab zurück bis Nov.2007 oder bis spätester Zeitpunkt Nov.2007? Da ich was gelesen hab von max. letzten 3 Monate denk ich du meintest von Nov 2007 bis Gegenwart - hoff das stimmt so) Verzeichnis von c:\ 01.05.2008 02:00 0 dirdat.txt 01.05.2008 01:58 1.610.612.736 pagefile.sys 29.04.2008 18:44 21.594 ComboFix.txt 28.04.2008 15:52 227 boot.ini 17.04.2008 00:37 14.132 drwtsn32.log 08.04.2008 16:09 36 dfinstall.log 23.03.2008 08:44 150 YServer.txt Verzeichnis von C:\WINDOWS\system32 01.05.2008 01:58 43.758 nvapps.xml 01.05.2008 01:44 2.206 wpa.dbl 23.04.2008 15:03 307.968 TuneUpDefragService.exe 06.04.2008 21:59 79.998 perfc009.dat 06.04.2008 21:59 449.978 perfh009.dat 06.04.2008 21:59 92.762 perfc007.dat 06.04.2008 21:59 1.100.412 PerfStringBackup.INI 06.04.2008 21:59 464.718 perfh007.dat 06.04.2008 21:54 1.490.048 FNTCACHE.DAT 06.04.2008 20:27 34.308 BASSMOD.dll 18.03.2008 15:09 204.800 FoxyUninstall.exe 28.02.2008 02:43 34.064 lhacm.acm 27.02.2008 13:15 28.416 uxtuneup.dll 13.02.2008 13:00 439.296 HTML2PDF.DLL 13.02.2008 12:20 3.239.424 PDFCreatorPilot3.dll 01.02.2008 00:13 57.344 QuickTime.qts 01.02.2008 00:13 90.112 QuickTimeVR.qtx 31.01.2008 13:57 107.864 tsccvid.dll 22.12.2007 13:47 38.536 mlfcache.dat 08.12.2007 08:02 89.360 VB5DB.DLL 08.12.2007 08:02 3.584 comcat.dll 08.12.2007 08:02 1.355.776 msvbvm50.dll 18.11.2007 18:26 1.036.288 sqlrcmd.dll Verzeichnis von C:\WINDOWS 01.05.2008 01:58 3.766 WindowsUpdate.log 01.05.2008 01:58 0 0.log 01.05.2008 01:58 2.048 bootstat.dat 01.05.2008 01:56 32.356 SchedLgU.Txt 30.04.2008 21:29 69 NeroDigital.ini 30.04.2008 20:45 84 winamp.ini 29.04.2008 18:54 1.409 QTFont.for 29.04.2008 18:54 54.156 QTFont.qfn 29.04.2008 18:43 227 system.ini 28.04.2008 15:52 1.094 win.ini 27.04.2008 04:15 10 popcinfo.dat 24.04.2008 09:41 673 saplogon.ini 08.04.2008 22:21 0 plclient.INI 01.04.2008 10:22 4.533 ODBCINST.INI 26.02.2008 15:02 136 mind.ini 18.02.2008 23:02 737.280 iun6002.exe 29.01.2008 20:20 160 wpd99.drv 23.01.2008 20:44 1.452 APDFPRP.INI 23.01.2008 20:44 194 appr.ini 23.01.2008 20:44 115 aebpr.ini 23.01.2008 12:13 458 my.ini 16.01.2008 11:46 7.680 Thumbs.db Verzeichnis von C:\DOKUME~1\Markus.MKS\LOKALE~1\Temp 01.05.2008 01:41 16.384 ~DF23B5.tmp 30.04.2008 14:29 0 Art-330229745531-3.html 30.04.2008 10:55 869 jar_cache699.tmp 30.04.2008 10:55 849 jar_cache700.tmp 30.04.2008 10:29 145 jar_cache697.tmp 30.04.2008 10:07 145 jar_cache695.tmp 30.04.2008 09:10 208 java_install_reg.log |
|
|
||
01.05.2008, 12:22
Ehrenmitglied
Beiträge: 29434 |
#8
hallo,
der Rechner war/ist (?) verseucht mit scvhost.exe - * Backdoor.Rbot.gen * W32/Sdbot.worm.gen.h http://www.sophos.de/security/analyses/viruses-and-spyware/w32rbotek.html W32/Rbot-EK ist ein Netzwerkwurm und eine Backdoor für die Windows-Plattform. W32/Rbot-EK ermöglicht einem bösartig gesinnten Anwender Fernzugriff auf den infizierten Computer via IRC. Damit er automatisch beim Start von Windows aktiviert wird, kopiert sich W32/Rbot-EK als scvhost.exe in den Windows-Systemordner eigentlich wäre Formatieren das Vernünftigste.... «« scanne mit sdfix im abgesicherten Modus , poste nach Neustart in den Normalmodus den Report http://virus-protect.org/artikel/tools/sdfix.html «« dann sdfix im Normalmodus : RunThis.bat doppelt klicken reinschreiben: 3 3 : wird Sophos geladen bei Option 6 - erfolgt ein Fullscan + löschen der infizierten Dateien poste den scanreport von Sophos hier « __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.05.2008, 12:43
...neu hier
Themenstarter Beiträge: 9 |
#9
oh...damit hätte ich jetzt echt nicht mehr gerechnet, keine guten neuigkeiten :/
Hier das Ergebnis der durchgeführten Schritte, welche du empfohlen hast: Report.txt: SDFix: Version 1.177 Run by Markus on 02.05.2008 at 10:56 Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOKUME~1\Markus.MKS\Desktop\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-02 11:11:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:e8,e5,ef,10,f7,7f,f5,4d,f4,3c,27,45,a4,5d,a9,4a,b7,4d,49,84,e4,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,1f,84,76,b7,a4,4b,ba,e3,f3,d9,e0,0b,a1,d1,a4,86,41,.. "khjeh"=hex:d8,b3,8b,16,13,ad,00,94,02,43,8a,a1,6b,70,e0,c1,ed,04,d2,e5,88,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:01,9d,3a,ec,f9,43,a0,8d,cd,e2,8e,75,b9,d3,db,a6,44,4f,c5,7b,f9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:73,95,89,f0,59,90,80,ce,2a,29,3c,80,a4,79,63,a6,a1,70,47,37,7b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:e8,e5,ef,10,f7,7f,f5,4d,f4,3c,27,45,a4,5d,a9,4a,b7,4d,49,84,e4,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,1f,84,76,b7,a4,4b,ba,e3,f3,d9,e0,0b,a1,d1,a4,86,41,.. "khjeh"=hex:d8,b3,8b,16,13,ad,00,94,02,43,8a,a1,6b,70,e0,c1,ed,04,d2,e5,88,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:01,9d,3a,ec,f9,43,a0,8d,cd,e2,8e,75,b9,d3,db,a6,44,4f,c5,7b,f9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:73,95,89,f0,59,90,80,ce,2a,29,3c,80,a4,79,63,a6,a1,70,47,37,7b,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Google\\Google Talk\\googletalk.exe"="C:\\Programme\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOKUME~1\Markus.MKS\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 10 Nov 2003 532 A.SH. --- "C:\MSSYS.SYS" Tue 9 Oct 2007 625,152 A.SH. --- "C:\Programme\Internet Explorer\IEXPLORE.EXE" Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Programme\messenger\msmsgs.exe" Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll" Mon 27 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll" Wed 22 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll" Sun 21 Oct 2007 190 ..SH. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP7\PdmHist\1a0.7285E9A401C81365.history\00000000.bak" Finished! -------------------------------------------------------------------------- Im blauen Fenster hatte ich gar nicht die Möglichkeit auszuwählen, es startete direkt der QuickScan - hier das Ergebnis: SophosReport.txt Sophos Anti-Virus Version 4.29.0 [Win32/Intel] Virus data version 4.29E, May 2008 Includes detection for 401525 viruses, trojans and worms Copyright (c) 1989-2008 Sophos Plc, www.sophos.com System time 11:22:40, System date 02 May 2008 Command line qualifiers are: -remove -nc -nb -dn --stop-scan -idedir=C:\Dokumente und Einstellungen\Markus.MKS\Desktop\SDFix\IDE -p=C:\Dokumente und Einstellungen\Markus.MKS\Desktop\SDFix\SophosReport.txt IDE directory is: C:\Dokumente und Einstellungen\Markus.MKS\Desktop\SDFix\IDE Quick Scanning >>> Virus 'Mal/HckPk-D' found in file C:\Programme\BayGenie Pro\BG3140_CRK.exe Removal successful Could not check C:\Programme\IBM\SQLLIB\DB2DAS00\tmp\dasrrmpid (virus scan failed) >>> Virus 'Mal/IRCBot-C' found in file C:\Programme\Trillian\trillian.exe Removal successful >>> Virus 'Mal/Generic-A' found in file C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055136.dll Removal successful Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055137.dll Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055141.dll Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055143.dll Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055160.dll Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055161.dll Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055175.dll Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055189.dll Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055192.dll >>> Virus 'Troj/TinyDa-Gen' found in file C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055465.exe\FILE:0006 >>> Virus 'Troj/Steam-AH' found in file C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055465.exe\FILE:0007\FILE:0005 Removal successful Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055487.exe >>> Virus 'Mal/IRCBot-C' found in file C:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0041218.exe Removal successful >>> Virus 'Mal/HckPk-D' found in file C:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042283.exe Removal successful >>> Virus 'Mal/IRCBot-C' found in file C:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042297.exe Removal successful Could not open C:\WINDOWS\system32\drivers\sptd.sys Could not open C:\WINDOWS\TEMP\cch~1fba9a565.htp Could not open C:\WINDOWS\TEMP\cch~1fba9ab80.htp Could not open C:\WINDOWS\TEMP\cch~22b34f514.htp Could not open C:\WINDOWS\TEMP\cch~22b34fc03.htp Could not open C:\WINDOWS\TEMP\cch~22b4f7220.htp Could not open C:\WINDOWS\TEMP\cch~22b4f7926.htp Could not open C:\WINDOWS\TEMP\cch~22b4fb767.htp Could not open C:\WINDOWS\TEMP\cch~22b4fbdfa.htp >>> Virus 'Mal/Packer' found in file D:\Apps\Cutter youtube grabber\NAFCv3.20\naturpic.audio.file.cutter.3.20.keygen-tsrh\keygen.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file D:\Apps\Cutter youtube grabber\RAV8\Crack\ReplayAVv800_Crack.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\Apps\Desktop (Virtual) Tools\Sydatec.Personal.Desktop.v2.1.German.Incl.KeyMaker.and.AuthPatch-DVT (CPU Auslastung)\DVT\DVT\authpatch.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\Apps\Desktop (Virtual) Tools\Sydatec.Personal.Desktop.v2.1.German.Incl.KeyMaker.and.AuthPatch-DVT (CPU Auslastung)\DVT\DVT\KeyMaker.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\Apps\PDF Progs\Elcomsoft Password Recovery Bundle 2007\AVPR v1.63\!Crack\avpr.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\Apps\PDF Progs\PDF995 mit Keygen\keygen.exe Removal successful >>> Virus 'Mal/Heuri-E' found in file D:\Apps\SchuelerVz & StudiVz Fotoalbum Downloader by jt\SchuelerVz & StudiVz Fotoalbum Downloader by jt.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\Apps\Security\Ashampoo_WinOptimizer_4.10\KeyGen\keygen.exe Removal successful >>> Virus 'Mal/Generic-A' found in file D:\Apps\Security\Steganos_Internet_Anonym_VPN\keygen.exe Removal successful >>> Virus 'Troj/Keygen-BE' found in file D:\Apps\Security\TuneUp Utilities 2007\Key-Generator\keygen.exe Removal successful >>> Virus 'Mal/CimgaKit-A' found in file D:\Apps\Security\XP Password changer\XP PASSWORD MANAGER.exe Removal successful >>> Virus 'Mal/IRCBot-C' found in file D:\Apps\Trillian_Pro_v3.1.9.0\Trillian Pro v3.1.9.0\Crack\trillian.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file D:\Apps\TUNING\Ashampoo_Magical_Defrag_2.05\Crack\AshampooMagicalDefragv205_Crack.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file D:\Apps\TUNING\Ashampoo_WinOptimzer_4.0\Crack\AshampooWinOptimizerv400_Crack.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\Apps\TUNING\GameTuner\Game Tuner v1.0.0.33 keygen by AGAiN\Keygen.EXE Removal successful >>> Virus 'Troj/Keygen-BE' found in file D:\Apps\TUNING\TuneUp Utilities 2007\Key-Generator\keygen.exe Removal successful >>> Virus 'Mal/Generic-A' found in file D:\Apps\XP_Original\KeyGen.exe Removal successful Password protected file D:\FHU\Wirtschaftsinformatik\(alles vorg„nger)\wintra2.semester (pw)\Algorithmen_und_Datenstrukturen\Wiederholungen\PraesKW25.ppt >>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP165\A0038925.exe Removal successful Could not open D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP171\A0039746.exe Could not open D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP171\A0039747.exe >>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042298.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042299.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042300.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042301.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042302.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042303.exe Removal successful >>> Virus 'Mal/Heuri-E' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042304.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042305.exe Removal successful >>> Virus 'Mal/Generic-A' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042306.exe Removal successful >>> Virus 'Troj/Keygen-BE' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042307.exe Removal successful >>> Virus 'Mal/CimgaKit-A' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042308.exe Removal successful >>> Virus 'Mal/IRCBot-C' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042309.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042310.exe Removal successful >>> Virus 'Mal/Dropper-O' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042311.exe Removal successful >>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042312.EXE Removal successful >>> Virus 'Troj/Keygen-BE' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042313.exe Removal successful >>> Virus 'Mal/Generic-A' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042314.exe Removal successful 3 boot sectors swept. 68485 files swept in 1 hour, 2 minutes and 45 seconds. 22 errors were encountered. 43 viruses were discovered. 42 files out of 68485 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 1 encrypted file was not checked. Ending Sophos Anti-Virus. |
|
|
||
02.05.2008, 12:55
Ehrenmitglied
Beiträge: 29434 |
#10
Hallo,
ja nun...wer sich den Rechner mit keygens vollknallt, kann nicht erwarten, ein sicheres System zu haben an deiner Stelle würde ich alles platt machen + formatieren, dann in Zukunft auf bewusste gens verzichten, die Proggies kann man kaufen, dann hat man sie für immer und es gibt keine Probleme. «« wenn du dennoch weiter reinigen willst, wende sdifx im Normalmodus an: 1 : es wird a-squared geladen 2 : wird Norman geladen poste die Reporte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.05.2008, 13:13
...neu hier
Themenstarter Beiträge: 9 |
#11
stimmt schon was du sagst
platt machen kann ich ihn momentan nicht aus versch gründen, außerdem fehlt mir da grad mitten im semester die zeit dazu :/ werd die zwei reports jetzt durchführen und die ergebnisse gleich hier nochmal posten - danke Sabina! |
|
|
||
02.05.2008, 14:40
Ehrenmitglied
Beiträge: 29434 |
||
|
||
03.05.2008, 13:20
...neu hier
Themenstarter Beiträge: 9 |
#13
so. hier nun etwas verspätet die reports:
asquared_report.txt a-squared Command Line Scanner - Version 3.5 Last update: N/A Scan settings: Objects: Memory, Traces, Cookies, C: Scan archives: On Heuristics: Off ADS Scan: On Scan start: 02.05.2008 21:54:28 C:\Dokumente und Einstellungen\Markus.MKS\Desktop\SDFix\apps\Process.exe detected: Riskware.RiskTool.Win32.Processor.20 Scanned Files: 329858 Traces: 177636 Cookies: 130 Processes: 28 Found Files: 1 Traces: 0 Cookies: 0 Processes: 0 Quarantined Files: 1 Traces: 0 Cookies: 0 Processes: 0 Scan end: 02.05.2008 23:46:05 Scan time: 1:51:37 NFix_2008-05-03_00-09-12.log Norman Malware Cleaner Copyright © 1990 - 2008, Norman ASA. Built 2008/04/29 19:17:00 Norman Scanner Engine Version: 5.92.04 Nvcbin.def Version: 5.92.00, Date: 2008/04/29 19:17:00, Variants: 1600559 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2 Logged on user: MKS\Markus Scan started: 03/05/2008 00:09:12 Scanning running processes and process memory... Number of processes/threads found: 1314 Number of processes/threads scanned: 1313 Number of processes/threads not scanned: 1 Number of infected processes/threads terminated: 0 Total scanning time: 42s Scanning file system... Scanning: C:\*.* C:\Programme\cygwin\ftp%3a%2f%2fmirror.switch.ch%2fmirror%2fcygwin\release\pkgconfig\pkgconfig-0.17.2-3.tar.bz2/unknown0 (Error whilst scanning file: I/O Error) C:\Programme\IBM\SQLLIB\samples\repl\xmlpubtk\loadqueue\LoadQueue.jar/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error) C:\Programme\IBM\SQLLIB\samples\repl\xmlpubtk\sample1\sample1.jar/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error) C:\Programme\IBM\SQLLIB\samples\repl\xmlpubtk\sample2\sample2.jar/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error) C:\Programme\IBM\SQLLIB\samples\repl\xmlpubtk\sample3\sample3.jar/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error) C:\System Volume Information\_RESTO~1\RP203\A0054943.exe (Infected with W32/Suspicious_N.gen) Deleted file Scanning: D:\*.* D:\Apps\PDF Progs\ABBYY.PDF.Transformer.v2.0.Build.1147\activate.exe (Infected with W32/Malware.AGSM) Deleted file D:\Apps\PDF Progs\Advanced_PDF_Password_Recovery__APDFPR__3.0.48.314\apdfpr.exe (Infected with W32/Suspicious_N.gen) Deleted file D:\Apps\PDF Progs\Elcomsoft Password Recovery Bundle 2007\PPA v1.70.3620\!Crack\ppa.exe (Infected with W32/Suspicious_N.gen) Deleted file D:\Apps\Security\XP Password changer\xp pass.rlc/XP_PASSWORD_MANAGER\XP PASSWORD MANAGER.exe (Infected with W32/Smalltroj.DBZC) Deleted file D:\Apps\TUNING\Staganos_Tuning_7.13\Patch\Crack.rar/AV (Error whilst scanning file: I/O Error) D:\Apps\_CHAT\Portable Google Talk 1.0.0.96.exe (Infected with W32/Suspicious_U.gen) Deleted file D:\FHU\download\db2\Windows\REPL0013.cab/unknown0/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error) D:\FHU\download\db2\Windows\REPL0014.cab/unknown0/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error) D:\FHU\download\db2\Windows\REPL0015.cab/unknown4/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error) D:\FHU\download\db2\Windows\REPL0016.cab/unknown7/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error) D:\Games\Handy Games\SaintsRow.jar/NOVUSGFX/carUte.spr (Error whilst scanning file: I/O Error) D:\Games\Risiko 2\CLASS.EXE (Infected with W32/Smalltroj.CTLW) Deleted file D:\System Volume Information\_RESTO~4\RP203\A0055987.exe (Infected with W32/DLoader.DOLA) Deleted file D:\System Volume Information\_RC9B9~1\RP177\A0042362.exe (Infected with W32/Malware.AGSM) Deleted file D:\System Volume Information\_RC9B9~1\RP177\A0042363.exe (Infected with W32/Suspicious_N.gen) Deleted file D:\System Volume Information\_RC9B9~1\RP177\A0042364.exe (Infected with W32/Suspicious_N.gen) Deleted file D:\System Volume Information\_RC9B9~1\RP177\A0042365.exe (Infected with W32/Suspicious_U.gen) Deleted file D:\System Volume Information\_RC9B9~1\RP177\A0042366.EXE (Infected with W32/Smalltroj.CTLW) Deleted file Scanning: G:\*.* G:\System Volume Information\_RESTO~1\RP165\A0038967.exe (Infected with W32/SDBot.BLCK) Deleted file Scanning: c:\System Volume Information\*.* Scanning: d:\System Volume Information\*.* Scanning: g:\System Volume Information\*.* Running post-scan cleanup routine: Number of files found: 804578 Number of archives unpacked: 15265 Number of files scanned: 804509 Number of files not scanned: 69 Number of files skipped due to exclude list: 0 Number of infected files found: 14 Number of infected files repaired/deleted: 14 Number of infections removed: 14 Total scanning time: 3h 29m 17s |
|
|
||
03.05.2008, 14:55
Ehrenmitglied
Beiträge: 29434 |
#14
Hallo,
«« Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. dann das Häkchen wieder rausnehmen.(also wieder aktivieren) «« ich selbst finde nichts mehr in den Logs, will ja auch nicht alle Partitionen + PC in die Einzelteile zerlegen deshalb nun Onlinscans: scanne Online mit F-Secure + poste den report http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.05.2008, 22:18
...neu hier
Themenstarter Beiträge: 9 |
#15
so nachdem ich probleme hatte wegen IE, hier nun der report:
Scanning Report Tuesday, May 06, 2008 18:45:51 - 22:16:13 Computer name: MKS Scanning type: Scan system for malware, rootkits Target: C:\ D:\ G:\ Result: 1 malware found Tracking Cookie (spyware) * System Statistics Scanned: * Files: 80423 * System: 4140 * Not scanned: 7 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * None: 1 * Submitted: 0 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Options Scanning engines: * F-Secure USS: 2.30.0 * F-Secure Blacklight: 1.0.68 * F-Secure Hydra: 2.8.8110, 2008-05-06 * F-Secure Pegasus: 1.20.0, 2008-02-28 * F-Secure AVP: 7.0.171, 2008-05-06 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use Advanced heuristics scheint glaub nicht allzuviel rausgekommen zu sein oder? |
|
|
||
seit vorgestern hab ich urplötzlich ein Riesenproblem:
wenn ich (bei XP!) unter Systemsteuerung > Verwaltung > Dienste
diese starten möchte, schließt sich sofort nach dem Anklicken das Fenster, ich habe somit gar keine Chance mehr darauf zuzugreifen.
Genau das gleiche passiert mit Msn & Icq
Gerade wenn ich in der Uni den Cisco VPN Client starten möchte (für WLAN-Nutzung), kommt die Meldung dass der zugehörige Dienst noch nicht gestartet wurde, dadurch bin ich erst auf das Problem gestoßen.
Außerdem hat mein Laptop ungewöhnlich viel Auslastung (~50%), obwohl ich zb. gerade mal den Browser geöffnet habe und Musik höre, wenn ich dann was kopier stockt die Musik total...
Neustart, Virenscan und was mir sonst so einfiel hab ich schon durchgeführt...
Da ich kein Neuling hier im Forum bin (leider pw des alten Acc vergessen), habe ich auch gleich mein Hijack Logfile ausgewertet, aber nichts Gravierendes gefunden, bin ein bisschen ratlos im moment..
Wenn ihr noch mehr Infos braucht, fragt mich einfach danach!
Ich dank euch schonmal sehr für eure Hilfe!