Dienste und Programme (ICQ, MSN) beenden sich automatisch nach Aufruf?!

#0
28.04.2008, 20:15
...neu hier

Beiträge: 9
#1 Hallo zusammen,

seit vorgestern hab ich urplötzlich ein Riesenproblem:

wenn ich (bei XP!) unter Systemsteuerung > Verwaltung > Dienste

diese starten möchte, schließt sich sofort nach dem Anklicken das Fenster, ich habe somit gar keine Chance mehr darauf zuzugreifen.

Genau das gleiche passiert mit Msn & Icq


Gerade wenn ich in der Uni den Cisco VPN Client starten möchte (für WLAN-Nutzung), kommt die Meldung dass der zugehörige Dienst noch nicht gestartet wurde, dadurch bin ich erst auf das Problem gestoßen.

Außerdem hat mein Laptop ungewöhnlich viel Auslastung (~50%), obwohl ich zb. gerade mal den Browser geöffnet habe und Musik höre, wenn ich dann was kopier stockt die Musik total...

Neustart, Virenscan und was mir sonst so einfiel hab ich schon durchgeführt...

Da ich kein Neuling hier im Forum bin (leider pw des alten Acc vergessen), habe ich auch gleich mein Hijack Logfile ausgewertet, aber nichts Gravierendes gefunden, bin ein bisschen ratlos im moment..

Wenn ihr noch mehr Infos braucht, fragt mich einfach danach!

Ich dank euch schonmal sehr für eure Hilfe! ;)
Dieser Beitrag wurde am 29.04.2008 um 08:06 Uhr von mks editiert.
Seitenanfang Seitenende
29.04.2008, 10:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo,

als erstes versuche es mit einer Systemwiederherstellung.

dann lade Combofix /Warnmeldung wegklicken + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.04.2008, 18:30
...neu hier

Themenstarter

Beiträge: 9
#3 wenn ich die Systemwiederherstellung öffne, reagiert es kurz, Sanduhr wird beim Mauszeiger angezeigt, aber öffnet sich nicht/reagiert nicht

ich führ Combofix trotzdem mal aus...


ComboFix 08-04-28.2 - Markus 2008-04-29 18:40:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1547 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Markus.MKS\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-03-28 bis 2008-04-29 ))))))))))))))))))))))))))))))
.

2008-04-29 18:40 . 2008-04-29 18:40 1,024 --ah----- C:\Dokumente und Einstellungen\Default User.WINDOWS\ntuser.dat.LOG
2008-04-29 18:32 . 2008-04-29 18:32 <DIR> d-------- C:\Programme\CCleaner
2008-04-29 05:58 . 2008-04-29 08:11 <DIR> d-------- C:\Programme\Trillian
2008-04-29 05:29 . 2008-04-29 05:56 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\.purple
2008-04-29 05:26 . 2008-04-29 05:28 <DIR> d-------- C:\Programme\Pidgin
2008-04-29 05:26 . 2008-04-29 05:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK
2008-04-28 13:24 . 2008-04-28 13:26 <DIR> d-------- C:\Downloads
2008-04-28 13:23 . 2008-04-28 13:29 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\.SunDownloadManager
2008-04-26 13:04 . 2008-04-27 04:15 10 --a------ C:\WINDOWS\popcinfo.dat
2008-04-23 15:03 . 2008-04-23 15:03 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-23 15:02 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-22 16:30 . 2008-04-22 16:30 <DIR> d-------- C:\backup
2008-04-20 17:18 . 2008-04-22 16:29 <DIR> d-------- C:\sms
2008-04-20 17:12 . 2008-04-20 17:18 <DIR> d-------- C:\dms
2008-04-16 13:24 . 2008-04-16 13:24 <DIR> d-------- C:\Programme\Zattoo
2008-04-16 10:30 . 2008-04-16 10:30 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2008-04-16 10:30 . 2008-04-29 01:47 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\skypePM
2008-04-16 10:30 . 2008-04-16 10:30 32 --a------ C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ezsid.dat
2008-04-15 13:52 . 2008-04-15 13:52 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\SpeedProject
2008-04-15 13:51 . 2008-04-15 13:51 <DIR> d-------- C:\Programme\SpeedCommander 12
2008-04-14 15:20 . 2008-04-14 15:23 <DIR> d-------- C:\Programme\EnterpriseArchitect
2008-04-14 15:20 . 2008-04-14 15:20 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Sparx Systems
2008-04-13 10:58 . 2008-04-29 08:11 <DIR> d-------- C:\Programme\ICQLite
2008-04-09 14:19 . 2008-04-09 14:20 <DIR> d-------- C:\Programme\Notebook Hardware Control
2008-04-09 14:19 . 2008-04-27 04:39 22,528 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-04-08 22:39 . 2008-04-08 22:39 2,835 --a------ C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\SAS7_000.DAT
2008-04-08 22:21 . 2008-04-08 22:21 0 --a------ C:\WINDOWS\plclient.INI
2008-04-08 22:20 . 2008-04-08 22:20 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Nuance
2008-04-08 22:09 . 2008-04-08 22:09 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Scansoft Shared
2008-04-08 22:09 . 2008-04-08 22:09 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ScanSoft
2008-04-08 22:08 . 2008-04-08 22:21 <DIR> d-------- C:\WINDOWS\speech
2008-04-08 22:08 . 2008-04-08 22:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Nuance
2008-04-08 15:58 . 2008-04-22 13:50 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-08 15:58 . 2008-04-22 13:50 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-08 15:57 . 2008-04-28 16:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Kaspersky Lab
2008-04-08 15:57 . 2008-04-29 18:43 26,528,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 15:57 . 2008-04-29 18:43 295,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-08 15:57 . 2008-04-28 16:40 237,596 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 15:57 . 2008-04-28 16:40 31,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-08 12:45 . 2008-04-20 22:07 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP
2008-04-08 12:44 . 2008-04-20 22:07 <DIR> d-------- C:\Programme\Registry Repair Wizard
2008-04-08 12:22 . 2008-04-28 16:26 <DIR> d-------- C:\Programme\Able2Doc Professional 4.0
2008-04-08 11:38 . 2008-04-08 11:38 <DIR> d-------- C:\Labfiles
2008-04-08 00:04 . 2008-04-28 16:41 <DIR> d-------- C:\Programme\Unlocker
2008-04-08 00:04 . 2008-04-23 15:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft
2008-04-06 22:25 . 2008-04-06 22:25 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\vlc
2008-04-06 22:21 . 2008-04-06 22:21 <DIR> d-------- C:\Programme\VLC
2008-04-06 21:57 . 2008-04-08 15:57 <DIR> d-------- C:\Programme\Kaspersky Lab
2008-04-06 21:35 . 2008-04-06 21:35 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Bullzip
2008-04-06 21:34 . 2008-04-12 19:16 <DIR> d-------- C:\Programme\Foxit Reader
2008-04-06 20:22 . 2008-04-16 10:28 <DIR> d-------- C:\Programme\Google
2008-04-06 19:36 . 2008-04-14 21:50 <DIR> d-------- C:\Programme\BayGenie Pro
2008-04-05 13:07 . 2008-04-05 13:07 <DIR> d-------- C:\Programme\FavOrg
2008-04-04 18:35 . 2008-04-04 18:35 <DIR> d-------- C:\Programme\Synaptics
2008-04-04 18:35 . 2005-09-30 15:55 191,872 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-04-04 18:35 . 2005-09-30 15:58 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-04-04 18:35 . 2005-09-30 15:58 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-04-04 18:35 . 2005-09-30 15:57 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-04-04 18:35 . 2005-09-30 16:12 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2008-04-04 18:35 . 2005-09-30 16:10 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-04-04 17:50 . 2008-04-29 18:14 <DIR> d-------- C:\Programme\Mozilla Firefox 3 Beta 5
2008-04-01 10:23 . 2008-04-01 10:23 <DIR> d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\IBM
2008-04-01 10:20 . 2007-10-21 00:45 <DIR> d--h----- C:\Dokumente und Einstellungen\frickm\Vorlagen
2008-04-01 10:20 . 2007-10-21 01:32 <DIR> dr------- C:\Dokumente und Einstellungen\frickm\Startmenü
2008-04-01 10:20 . 2007-10-21 01:32 <DIR> d--h----- C:\Dokumente und Einstellungen\frickm\Netzwerkumgebung
2008-04-01 10:20 . 2008-04-29 18:43 <DIR> d--h----- C:\Dokumente und Einstellungen\frickm\Lokale Einstellungen
2008-04-01 10:20 . 2007-10-21 01:32 <DIR> d-------- C:\Dokumente und Einstellungen\frickm\Favoriten
2008-04-01 10:20 . 2007-10-21 01:32 <DIR> d--h----- C:\Dokumente und Einstellungen\frickm\Druckumgebung
2008-04-01 10:20 . 2007-10-21 01:32 <DIR> dr-h----- C:\Dokumente und Einstellungen\frickm\Anwendungsdaten
2008-04-01 10:20 . 2008-04-01 10:20 <DIR> d-------- C:\Dokumente und Einstellungen\frickm
2008-04-01 10:20 . 2008-04-01 10:20 <DIR> d-------- C:\DB2
2008-04-01 10:20 . 2008-04-29 18:40 1,024 --ah----- C:\Dokumente und Einstellungen\frickm\ntuser.dat.LOG
2008-04-01 10:18 . 2008-04-01 10:18 <DIR> d-------- C:\WINDOWS\cluster
2008-04-01 10:17 . 2008-04-01 10:17 <DIR> d-------- C:\Programme\IBM
3 Datei(en) . 238,782 C:\ComboFix\Bytes
2 Datei(en) . 238,592 C:\ComboFix\Bytes
2 Datei(en) . 2,897 C:\ComboFix\Bytes
2 Datei(en) . 94 C:\ComboFix\Bytes
1 Datei(en) . 62 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 16:24 --------- d-----w C:\Programme\Biet-O-Matic
2008-04-29 02:01 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Skype
2008-04-28 14:37 --------- d-----w C:\Programme\Kate's Video Cutter
2008-04-28 14:34 --------- d-----w C:\Programme\Audio180v3
2008-04-28 14:25 --------- d-----w C:\Programme\MP3 WAV Converter
2008-04-28 14:24 --------- d-----w C:\Programme\Total Video Converter
2008-04-28 14:22 --------- d-----w C:\Programme\The Rosetta Stone
2008-04-28 14:15 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-04-28 14:15 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy
2008-04-28 10:49 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\pdf995
2008-04-23 13:18 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-23 13:03 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-04-08 13:55 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Kaspersky Lab Setup Files
2008-04-07 22:26 --------- d-----w C:\Programme\Winamp
2008-04-04 15:49 --------- d-----w C:\Programme\Mozilla Firefox 3 Beta 4
2008-04-01 08:23 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Microsoft Help
2008-03-27 09:21 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\QIP
2008-03-26 20:54 --------- d-----w C:\Programme\QIP
2008-03-26 18:45 --------- d-----w C:\Programme\Citavi
2008-03-26 18:39 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Academic Software Zurich
2008-03-24 13:25 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\IBM
2008-03-23 06:23 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Yahoo!
2008-03-21 00:54 --------- d-----w C:\Programme\Replay Media Catcher
2008-03-20 17:12 --------- d-----w C:\Programme\No23 Recorder
2008-03-20 16:39 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\TrueCrypt
2008-03-20 15:07 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\InstallShield
2008-03-20 15:01 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-03-20 14:26 223,424 ----a-w C:\WINDOWS\system32\drivers\truecrypt.sys
2008-03-20 14:26 --------- d-----w C:\Programme\TrueCrypt
2008-03-20 13:42 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\WEB.DE
2008-03-19 23:10 --------- d-----w C:\Programme\CHM2PDF Pilot
2008-03-19 19:48 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel
2008-03-19 14:03 --------- d-----w C:\Programme\VideoLAN
2008-03-19 12:50 --------- d-----w C:\Programme\ARIS7.0
2008-03-18 13:09 204,800 ----a-w C:\WINDOWS\system32\FoxyUninstall.exe
2008-03-16 21:02 --------- d-----w C:\Programme\PacificPoker4
2008-03-16 18:32 --------- d-----w C:\Programme\GnuPG
2008-03-16 18:32 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\gnupg
2008-03-15 23:19 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-14 05:00 --------- d-----w C:\Programme\QIP8040
2008-03-10 14:17 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\PhraseExpress
2008-03-10 14:16 --------- d-----w C:\Programme\PhraseExpress
2008-03-10 14:16 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PhraseExpress
2008-03-02 18:48 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\3M
2008-03-01 12:02 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Dexpot
2008-03-01 10:53 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-02-28 00:48 --------- d-----w C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\teamspeak2
2008-02-18 21:02 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-13 11:00 439,296 ----a-w C:\WINDOWS\system32\HTML2PDF.DLL
2008-02-13 10:20 3,239,424 ----a-w C:\WINDOWS\system32\PDFCreatorPilot3.dll
2008-01-31 11:57 107,864 ----a-w C:\WINDOWS\system32\tsccvid.dll
2006-12-29 15:15 626,688 ----a-w C:\Programme\Gemeinsame Dateien\sapconsaccess.dll
2006-12-29 15:15 40,960 ----a-w C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx
2006-12-29 15:15 3,100,672 ----a-w C:\Programme\Gemeinsame Dateien\sapxlhelper.dll
2006-12-29 15:15 192,512 ----a-w C:\Programme\Gemeinsame Dateien\sapconsr3.dll
2006-12-07 10:26 1,129,984 ----a-w C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt
2006-12-07 10:26 1,124,864 ----a-w C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2007-10-20 22:53 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007102120071022\index.dat
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:57 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"EOUApp"="C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-02-03 10:43 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-16 04:42 7331840]
"nwiz"="nwiz.exe" [2005-12-16 04:42 1519616 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-09-30 16:09 737370]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:57 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-10-09 22:04 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Cisco Systems VPN Client.lnk]
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Post-it® Digital Notes.lnk]
backup=C:\WINDOWS\pss\Post-it® Digital Notes.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Markus.MKS^Startmenü^Programme^Autostart^Locate32 Autorun.lnk]
backup=C:\WINDOWS\pss\Locate32 Autorun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:57 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Programme\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2006-06-30 13:57 1409024 D:\Dragon Naturally Speaking 9\Program\ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 16:15 221184 C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 05:56 86960 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Programme\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
--a------ 2007-05-04 02:33 2629632 C:\Programme\Notebook Hardware Control\nhc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-03-09 16:29 2224104 C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhraseExpress]
--a------ 2008-01-29 19:47 2550888 C:\Programme\PhraseExpress\PhraseExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Programme\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 16:00 155648 C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Programme\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Programme\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-12-07 14:00 12288 C:\Programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppMgmt"=3 (0x3)
"aspnet_state"=3 (0x3)
"Netlogon"=2 (0x2)
"MSDTC"=3 (0x3)
"helpsvc"=2 (0x2)
"BITS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"odserv"=3 (0x3)
"lanmanserver"=3 (0x3)
"ose"=3 (0x3)
"SENS"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Google\\Google Talk\\googletalk.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 DB2-0;DB2 - DB2COPY1 - DB2-0;C:\Programme\IBM\SQLLIB\bin\db2syscs.exe [2007-07-23 02:49]
S2 Notebook Hardware Control Service;Notebook Hardware Control Service;C:\Programme\Notebook Hardware Control\nhcservice.exe [2008-04-09 14:20]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 10:06]
S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);"C:\Programme\IBM\SQLLIB\BIN\db2govds.exe" [2007-07-23 02:45]
S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);C:\Programme\IBM\SQLLIB\BIN\db2licd.exe [2007-07-23 02:46]
S3 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);C:\Programme\IBM\SQLLIB\BIN\db2mgmtsvc.exe [2007-07-23 02:47]
S3 DB2NTSECSERVER_DB2COPY1;DB2 Security Server (DB2COPY1);"C:\Programme\IBM\SQLLIB\BIN\db2sec.exe" [2007-07-23 02:48]
S3 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);"C:\Programme\IBM\SQLLIB\BIN\db2rcmd.exe" [2007-07-23 02:48]
S4 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-23 15:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2008-04-29 06:00:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
"2008-02-07 10:02:15 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Programme\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 18:43:20
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-29 18:44:40
ComboFix-quarantined-files.txt 2008-04-29 16:44:36

18 Verzeichnis(se), 1,352,978,432 Bytes frei
21 Verzeichnis(se), 1,505,079,296 Bytes frei

282
Dieser Beitrag wurde am 29.04.2008 um 18:47 Uhr von mks editiert.
Seitenanfang Seitenende
30.04.2008, 01:40
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo,

du hast die Combofix schon mal angewendet ???
Leider weiss ich nun nicht, was da so alles in Quarantäne genommen wurde.. ;)
ComboFix-quarantined-files.txt 2008-04-29 16:44:36

---------------
da der Combofix so gut geklappt hat, poste nun die 2 Logs von Comboscan ;)
http://virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.04.2008, 02:46
...neu hier

Themenstarter

Beiträge: 9
#5 ja die ComboFix hab ich schon angewendet (siehe Auswertung im letzten Post)

Okay hier die 2 logs, einmal die main.txt:


Deckard's System Scanner v20071014.68
Run by Markus on 2008-04-30 02:41:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-04-30 00:41:25 UTC - RP177 - Deckard's System Scanner Restore Point
12: 2008-04-29 16:39:50 UTC - RP176 - ComboFix created restore point
11: 2008-04-28 14:16:46 UTC - RP175 - Windows Live Messenger wird entfernt
10: 2008-04-28 14:13:12 UTC - RP174 - Removed O&O DiskRecovery.
9: 2008-04-28 14:11:10 UTC - RP173 - Removed CHM2PDF Pilot 2.15.72 Trial


-- First Restore Point --
1: 2008-04-17 09:19:37 UTC - RP165 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.

[color=red]System Drive C: has 1.29 GiB (less than 15%) free.[/color]


-- HijackThis (run as Markus.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-30 02:43:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.20661)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Microsoft IntelliPoint\ipoint.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
C:\Dokumente und Einstellungen\Markus.MKS\Desktop\dss.exe
C:\Dokumente und Einstellungen\Markus.MKS\Desktop\hijackthis_199\Markus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\messenger\msmsgs.exe
O11 - Options Group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DB2 - DB2COPY1 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (DB2COPY1) (DB2NTSECSERVER_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=c:\xampp\mysql\bin\my.cnf mysql
O23 - Service: Notebook Hardware Control Service - http://www.pbus-167.com - C:\Programme\Notebook Hardware Control\nhcservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe


--
End of file - 8175 bytes

-- HijackThis Fixed Entries (C:\DOKUME~1\Markus.MKS\Desktop\HIJACK~1\backups\) -

backup-20070306-021206-385 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20070306-021206-788 F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe

backup-20080428-200945-219 O11 - Options group: [INTERNATIONAL] International*
backup-20080428-200945-521 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080428-200946-403 O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe (file missing)
backup-20080428-200946-978 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN-Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 APLMp50 (APLMp50 NDIS Protocol Driver) - c:\windows\system32\drivers\aplmp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 nhcDriverDevice (Notebook Hardware Control Driver) - c:\windows\system32\drivers\nhcdriver.sys <Not Verified; pBUS-167 Software - http://www.pbus-167.com; Notebook Hardware Control Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\programme\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S2 Notebook Hardware Control Service - c:\programme\notebook hardware control\nhcservice.exe <Not Verified; http://www.pbus-167.com; Notebook Hardware Control Service>
S4 mysql - c:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=c:\xampp\mysql\bin\my.cnf mysql (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: BCM92045NMD
Device ID: USB\VID_0A5C&PID_2101\5&11BBCF3F&0&2
Manufacturer:
Name: BCM92045NMD
PNP Device ID: USB\VID_0A5C&PID_2101\5&11BBCF3F&0&2
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-04-29 20:00:00 494 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job
2008-02-07 12:02:15 276 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-29 18:38:00 68096 --a------ C:\WINDOWS\zip.exe
2008-04-29 18:38:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-29 18:38:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-29 18:38:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-29 18:38:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-29 18:38:00 98816 --a------ C:\WINDOWS\sed.exe
2008-04-29 18:38:00 80412 --a------ C:\WINDOWS\grep.exe
2008-04-29 18:38:00 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-29 18:35:52 0 dr-h----- C:\Dokumente und Einstellungen\Markus.MKS\Recent
2008-04-29 18:32:16 0 d-------- C:\Programme\CCleaner
2008-04-29 05:58:37 0 d-------- C:\Programme\Trillian
2008-04-29 05:26:35 0 d-------- C:\Programme\Gemeinsame Dateien\GTK
2008-04-28 13:24:19 0 d-------- C:\Downloads
2008-04-28 13:23:56 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\.SunDownloadManager
2008-04-26 13:04:02 10 --a------ C:\WINDOWS\popcinfo.dat
2008-04-22 16:30:05 0 d-------- C:\backup
2008-04-20 17:18:13 0 d-------- C:\sms
2008-04-20 17:12:16 0 d-------- C:\dms
2008-04-16 13:24:42 0 d-------- C:\Programme\Zattoo
2008-04-16 10:30:14 0 d-------- C:\Programme\Gemeinsame Dateien\Skype
2008-04-15 13:51:52 0 d-------- C:\Programme\SpeedCommander 12
2008-04-14 15:20:08 0 d-------- C:\Programme\EnterpriseArchitect
2008-04-13 10:58:02 0 d-------- C:\Programme\ICQLite
2008-04-09 14:19:38 22528 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys <Not Verified; pBUS-167 Software - http://www.pbus-167.com; Notebook Hardware Control Driver>
2008-04-09 14:19:11 0 d-------- C:\Programme\Notebook Hardware Control
2008-04-08 22:09:32 0 d-------- C:\Programme\Gemeinsame Dateien\Scansoft Shared
2008-04-08 22:08:07 0 d-------- C:\WINDOWS\speech
2008-04-08 15:58:43 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-08 15:58:42 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-08 15:57:51 300064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-08 15:57:51 26578976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 12:44:59 0 d-------- C:\Programme\Registry Repair Wizard
2008-04-08 12:22:35 0 d-------- C:\Programme\Able2Doc Professional 4.0
2008-04-08 11:38:32 0 d-------- C:\Labfiles
2008-04-06 22:21:07 0 d-------- C:\Programme\VLC
2008-04-06 21:57:22 0 d-------- C:\Programme\Kaspersky Lab
2008-04-06 21:34:18 0 d-------- C:\Programme\Foxit Reader
2008-04-06 20:22:18 0 d-------- C:\Programme\Google
2008-04-06 19:36:29 0 d-------- C:\Programme\BayGenie Pro
2008-04-05 13:07:19 0 d-------- C:\Programme\FavOrg
2008-04-04 18:35:09 0 d-------- C:\Programme\Synaptics
2008-04-04 17:50:18 0 d-------- C:\Programme\Mozilla Firefox 3 Beta 5
2008-04-01 10:32:42 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Application Data\IBM
2008-04-01 10:20:56 0 d-------- C:\DB2
2008-04-01 10:18:07 0 d-------- C:\WINDOWS\cluster
2008-04-01 10:17:53 0 d-------- C:\Programme\IBM


-- Find3M Report ---------------------------------------------------------------

2008-04-30 02:39:28 0 d-------- C:\Programme\Biet-O-Matic
2008-04-29 05:56:13 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\.purple
2008-04-29 05:26:35 0 d-------- C:\Programme\Gemeinsame Dateien
2008-04-29 04:01:12 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Skype
2008-04-29 01:47:03 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\skypePM
2008-04-28 16:37:09 0 d-------- C:\Programme\Kate's Video Cutter
2008-04-28 16:34:16 0 d-------- C:\Programme\Audio180v3
2008-04-28 16:25:56 0 d-------- C:\Programme\MP3 WAV Converter
2008-04-28 16:24:53 0 d-------- C:\Programme\Total Video Converter
2008-04-28 16:22:26 0 d-------- C:\Programme\The Rosetta Stone
2008-04-23 15:18:45 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-23 15:03:24 0 d-------- C:\Programme\TuneUp Utilities 2008
2008-04-15 13:52:00 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\SpeedProject
2008-04-14 15:20:35 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Sparx Systems
2008-04-08 22:39:14 2835 --a------ C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\SAS7_000.DAT
2008-04-08 22:20:53 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Nuance
2008-04-08 15:10:54 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\WinRAR
2008-04-08 00:26:23 0 d-------- C:\Programme\Winamp
2008-04-06 22:25:40 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\vlc
2008-04-06 21:59:21 464718 --a------ C:\WINDOWS\system32\perfh007.dat
2008-04-06 21:59:21 92762 --a------ C:\WINDOWS\system32\perfc007.dat
2008-04-06 21:35:40 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Bullzip
2008-04-06 17:56:57 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Google
2008-04-04 17:49:31 0 d-------- C:\Programme\Mozilla Firefox 3 Beta 4
2008-04-01 10:23:11 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\IBM
2008-03-27 11:21:15 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\QIP
2008-03-26 22:54:24 0 d-------- C:\Programme\QIP
2008-03-26 20:45:56 0 d-------- C:\Programme\Citavi
2008-03-26 20:39:45 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Academic Software Zurich
2008-03-23 08:23:11 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Adobe
2008-03-21 02:54:29 0 d-------- C:\Programme\Replay Media Catcher
2008-03-20 19:12:25 0 d-------- C:\Programme\No23 Recorder
2008-03-20 18:39:44 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\TrueCrypt
2008-03-20 17:01:55 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-03-20 16:26:07 0 d-------- C:\Programme\TrueCrypt
2008-03-20 15:42:38 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\WEB.DE
2008-03-20 01:10:56 0 d-------- C:\Programme\CHM2PDF Pilot
2008-03-19 16:03:28 0 d-------- C:\Programme\VideoLAN
2008-03-19 14:50:49 0 d-------- C:\Programme\ARIS7.0
2008-03-18 15:09:04 204800 --a------ C:\WINDOWS\system32\FoxyUninstall.exe
2008-03-16 23:02:20 0 d-------- C:\Programme\PacificPoker4
2008-03-16 20:32:36 0 d-------- C:\Programme\GnuPG
2008-03-16 20:32:13 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\gnupg
2008-03-16 01:19:54 0 d--h----- C:\Programme\InstallShield Installation Information
2008-03-14 07:00:15 0 d-------- C:\Programme\QIP8040
2008-03-13 11:34:22 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Mozilla
2008-03-10 16:17:08 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\PhraseExpress
2008-03-10 16:16:58 0 d-------- C:\Programme\PhraseExpress
2008-03-02 20:48:30 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\3M
2008-03-01 14:02:51 0 d-------- C:\Dokumente und Einstellungen\Markus.MKS\Anwendungsdaten\Dexpot
2008-03-01 12:53:12 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-02-18 23:02:32 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-13 13:00:44 439296 --a------ C:\WINDOWS\system32\HTML2PDF.DLL <Not Verified; Two Pilots; HTML2PDF Add-on for PDF Creator Pilot>
2008-02-13 12:20:06 3239424 --a------ C:\WINDOWS\system32\PDFCreatorPilot3.dll <Not Verified; Two Pilots; PDFCreatorPilot>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [28.12.2005 11:55]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [28.12.2005 11:56]
"EOUApp"="C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" [28.12.2005 12:00]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03.02.2006 10:43 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\ipoint.exe" [31.08.2007 13:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16.12.2005 04:42]
"nwiz"="nwiz.exe" [16.12.2005 04:42 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [30.09.2005 16:09]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [28.06.2007 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 02:57]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_2"=regsvr32 /s /n /i:U shell32
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"MaxRecentDocs"=11 (0xb)
"ClearRecentDocsOnExit"=1 (0x1)
"NoSharedDocuments"=00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Cisco Systems VPN Client.lnk]
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Post-it® Digital Notes.lnk]
backup=C:\WINDOWS\pss\Post-it® Digital Notes.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Markus.MKS^Startmenü^Programme^Autostart^Locate32 Autorun.lnk]
backup=C:\WINDOWS\pss\Locate32 Autorun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Programme\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
"D:\Dragon Naturally Speaking 9\Program\ereg.exe" -r "D:\Dragon Naturally Speaking 9\Program\ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
"C:\Programme\Notebook Hardware Control\nhc.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhraseExpress]
C:\Programme\PhraseExpress\PhraseExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Programme\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Programme\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppMgmt"=3 (0x3)
"aspnet_state"=3 (0x3)
"Netlogon"=2 (0x2)
"MSDTC"=3 (0x3)
"helpsvc"=2 (0x2)
"BITS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"odserv"=3 (0x3)
"lanmanserver"=3 (0x3)
"ose"=3 (0x3)
"SENS"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7827 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-30 02:44:38 ------------



Und die extra.txt:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Genuine Intel(R) CPU T2050 @ 1.60GHz
CPU 1: Genuine Intel(R) CPU T2050 @ 1.60GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2046.11 MiB / 1588.67 MiB
Pagefile Memory (total/avail): 3428.3 MiB / 3174.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.16 MiB

C: is Fixed (NTFS) - 16 GiB total, 1.29 GiB free.
D: is Fixed (NTFS) - 45.98 GiB total, 4.54 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 10.59 GiB total, 7.23 GiB free.
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH PL - 74.53 GiB - 4 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 16 GiB - C:
\PARTITION1 - Erweiterte Partition - 45.98 GiB - D:
\PARTITION2 - Installierbares Dateisystem - 10.59 GiB - G:
\PARTITION3 - Unknown - 2000.28 MiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab) [COLOR=RED]Disabled[/COLOR]
AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Google\\Google Talk\\googletalk.exe"="C:\\Programme\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------



-- User Profiles ---------------------------------------------------------------

Markus.MKS (admin)
db2admin (admin)
frickm (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C24BF6E0-A0D8-4A82-8CBA-7389824BAB1B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Programme\7-Zip\Uninstall.exe"
AcronisDisk Director Suite --> MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Audio File Cutter 3.20 --> "C:\Programme\Audio File Cutter\unins000.exe"
BayGenie eBay Auction Sniper Pro Edition 3.1.4.0 --> "C:\Programme\BayGenie Pro\unins000.exe"
Biet-O-Matic v2.1.00 --> C:\PROGRA~1\BIET-O~1\UNWISE.EXE C:\PROGRA~1\BIET-O~1\Install.log
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
CDex extraction audio --> "C:\Programme\CDex_170b2\uninstall.exe"
Citavi 2.4.0.3 --> C:\Programme\Citavi\Deinstallieren.exe
Citavi Picker 2.0 für Word --> C:\Programme\Citavi\Citavi Picker\Word\Deinstallieren.exe
Conexant HD Audio --> C:\Programme\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -ITW3Vena.inf
DB2 Enterprise Server Edition - DB2COPY1 --> MsiExec.exe /I{F23620AE-7E17-4863-898D-7F191B39022C}
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
Enterprise Architect 7.0 --> MsiExec.exe /I{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}
FavOrg --> C:\PROGRA~1\FavOrg\UNWISE.EXE C:\PROGRA~1\FavOrg\INSTALL.LOG
Foxit Reader --> C:\Programme\Foxit Reader\Uninstall.exe
Free YouTube to Mp3 Converter version 2.4 --> "C:\Programme\Free YouTube to Mp3 Converter\unins000.exe"
GnuPG For Windows --> "C:\Programme\GnuPG\gpg4win-uninstall.exe"
Google Earth Pro --> MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Google Talk (remove only) --> "C:\Programme\Google\Google Talk\uninstall.exe"
GTK+ Runtime 2.12.8 rev a (nur entfernen) --> C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Dokumente und Einstellungen\Markus.MKS\Desktop\hijackthis_199\HijackThis.exe /uninstall
Hotfix für Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java 2 Runtime Environment, SE v1.4.2_16 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142160}
Java 2 SDK, SE v1.4.2_16 --> MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142160}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Locate32 --> C:\Programme\Locate\Remove.exe
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Access MUI (German) 2007 --> MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007 --> MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007 --> MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007 --> MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007 --> MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft redistributable runtime DLLs VS2005 SP1(x86) --> MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}
Microsoft redistributable runtime DLLs VS2005(x86) --> MsiExec.exe /I{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.13) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b5) --> C:\Programme\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 8 Micro 8.1.1.3 --> "C:\Programme\Nero\unins000.exe"
Neuro-Programmer 2 Home Edition --> "C:\Programme\Neuro-Programmer 2\Neuro-Programmer 2.exe" -uninstall
Notebook Hardware Control 2.0 Pre-Release-06 --> C:\Programme\Notebook Hardware Control\uninst.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Ovis pdf-Recover 1.2 --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\Ovis\UninstRC.isu
Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
PC Inspector smart recovery --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x7
Pdf995 --> C:\Programme\pdf995\setup.exe uninstall
PhraseExpress v5.0.46 --> "C:\Programme\PhraseExpress\unins000.exe"
QIP 2005 Uninstall --> "C:\Programme\QIP\unqip.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Registry Mechanic 7.0 --> "C:\Programme\Registry Mechanic\unins000.exe"
Replay AV 8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstall8.ini"
Replay Media Catcher --> "C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
SAP GUI 7.10 --> "C:\Programme\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPGUI710" /uninstall
Sicherheitsupdate für Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Data Fax Modem with SmartCP --> C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_152D0753\HXFSETUP.EXE -U -ITW3Venpm.inf
SpeedCommander 12 --> C:\Programme\SpeedCommander 12\UnInstall.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1031
TextPad 5 --> MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
TrueCrypt --> "C:\Programme\TrueCrypt\TrueCrypt Setup.exe" /u
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TutorWIN für SAP R3 Dialogfunktionen Rel. 4.6 --> C:\TUTORW~1\V46\TWUNINST.EXE C:\TUTORW~1\V46\prod_D01.log
TutorWIN für SAP R3 LesBase --> C:\TUTORW~1\V46\TWUNINST.EXE C:\TUTORW~1\V46\les_base.log
VideoLAN VLC media player 0.8.6f --> C:\Programme\VLC\uninstall.exe
VPN Client --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
WinRAR --> C:\Programme\WinRAR\uninstall.exe
Zattoo 3.1.1 Beta --> C:\Programme\Zattoo\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1931 / Warning
Event Submitted/Written: 04/28/2008 04:39:04 PM
Event ID/Source: 4353 / EventSystem
Event Description:
Das COM+-Ereignissystem hat versucht, das EventObjectChange::ChangedSubscription-Ereignis auszulösen, hat aber einen ungültigen Rückgabecode erhalten. HRESULT war 80040201.

Event Record #/Type1930 / Warning
Event Submitted/Written: 04/28/2008 04:39:04 PM
Event ID/Source: 4356 / EventSystem
Event Description:
Das COM+-Ereignissystem konnte keine Instanz des Abonnenten partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} erstellen. CoGetObject gab HRESULT 80070422 zurück.

Event Record #/Type1929 / Warning
Event Submitted/Written: 04/28/2008 04:39:04 PM
Event ID/Source: 4353 / EventSystem
Event Description:
Das COM+-Ereignissystem hat versucht, das EventObjectChange::ChangedSubscription-Ereignis auszulösen, hat aber einen ungültigen Rückgabecode erhalten. HRESULT war 80040201.

Event Record #/Type1928 / Warning
Event Submitted/Written: 04/28/2008 04:39:04 PM
Event ID/Source: 4356 / EventSystem
Event Description:
Das COM+-Ereignissystem konnte keine Instanz des Abonnenten partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} erstellen. CoGetObject gab HRESULT 80070422 zurück.

Event Record #/Type1920 / Warning
Event Submitted/Written: 04/27/2008 04:41:09 AM
Event ID/Source: 4353 / EventSystem
Event Description:
Das COM+-Ereignissystem hat versucht, das EventObjectChange::ChangedSubscription-Ereignis auszulösen, hat aber einen ungültigen Rückgabecode erhalten. HRESULT war 80040201.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10987 / Warning
Event Submitted/Written: 04/30/2008 02:36:30 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 0016367BDD1D zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
%%1223.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Event Record #/Type10986 / Warning
Event Submitted/Written: 04/29/2008 07:50:51 PM
Event ID/Source: 57 / Ftdisk
Event Description:
Die Daten konnten nicht in das Transaktionsprotokoll verschoben werden. Möglicherweise sind die Daten beschädigt.

Event Record #/Type10965 / Warning
Event Submitted/Written: 04/29/2008 06:14:11 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 0016367BDD1D zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
%%1223.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Event Record #/Type10963 / Warning
Event Submitted/Written: 04/29/2008 01:23:02 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 0016367BDD1D
wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.5.216.

Event Record #/Type10960 / Warning
Event Submitted/Written: 04/29/2008 01:23:00 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 0016367BDD1D zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
%%121.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.



-- End of Deckard's System Scanner: finished at 2008-04-30 02:44:38 ------------




Zusätzlich hier noch meine Hijackthis Auswertung:

Logfile of HijackThis v1.99.1
Scan saved at 02:43:56, on 30.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
C:\Dokumente und Einstellungen\Markus.MKS\Desktop\dss.exe
C:\DOKUME~1\Markus.MKS\Desktop\HIJACK~1\Markus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DB2 - DB2COPY1 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (DB2COPY1) (DB2NTSECSERVER_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Programme\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Notebook Hardware Control Service - http://www.pbus-167.com - C:\Programme\Notebook Hardware Control\nhcservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
Dieser Beitrag wurde am 30.04.2008 um 02:54 Uhr von mks editiert.
Seitenanfang Seitenende
30.04.2008, 11:59
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Hallo,

1.
keine Ahnung, warum du die wpdshserviceobj.dll gefixt hast ;)
wende das Backup vom HijackThis an (findest du, wenn du HijackThis öffnst)

2.
dann fixe erneut alle Einträge AUSSER:

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

Der Windows Portable Device Shell Service Object Prozess gehört zur Software Microsoft® Windows® Operating

--------------


3.
HOSTFILE:

*öffne das HijackThis
*Do a system scan only
*Config
*Misc Tools
*Open Hosts file Manager
*delet line(s)

lösche alles , lasse nur stehen:
127.0.0.1 localhost



4.
PC neustarten

5.
wende datfindbat an - poste alle Daten bis November 2007 (sind nach Datum geordnet)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.05.2008, 02:11
...neu hier

Themenstarter

Beiträge: 9
#7 Ok, alles soweit ausgeführt!

Hier die datfindbat Auswertung:
(Meintest du die Einträge von jetzt ab zurück bis Nov.2007 oder bis spätester Zeitpunkt Nov.2007?
Da ich was gelesen hab von max. letzten 3 Monate denk ich du meintest von Nov 2007 bis Gegenwart - hoff das stimmt so)


Verzeichnis von c:\

01.05.2008 02:00 0 dirdat.txt
01.05.2008 01:58 1.610.612.736 pagefile.sys
29.04.2008 18:44 21.594 ComboFix.txt
28.04.2008 15:52 227 boot.ini
17.04.2008 00:37 14.132 drwtsn32.log
08.04.2008 16:09 36 dfinstall.log
23.03.2008 08:44 150 YServer.txt


Verzeichnis von C:\WINDOWS\system32

01.05.2008 01:58 43.758 nvapps.xml
01.05.2008 01:44 2.206 wpa.dbl
23.04.2008 15:03 307.968 TuneUpDefragService.exe
06.04.2008 21:59 79.998 perfc009.dat
06.04.2008 21:59 449.978 perfh009.dat
06.04.2008 21:59 92.762 perfc007.dat
06.04.2008 21:59 1.100.412 PerfStringBackup.INI
06.04.2008 21:59 464.718 perfh007.dat
06.04.2008 21:54 1.490.048 FNTCACHE.DAT
06.04.2008 20:27 34.308 BASSMOD.dll
18.03.2008 15:09 204.800 FoxyUninstall.exe
28.02.2008 02:43 34.064 lhacm.acm
27.02.2008 13:15 28.416 uxtuneup.dll
13.02.2008 13:00 439.296 HTML2PDF.DLL
13.02.2008 12:20 3.239.424 PDFCreatorPilot3.dll
01.02.2008 00:13 57.344 QuickTime.qts
01.02.2008 00:13 90.112 QuickTimeVR.qtx
31.01.2008 13:57 107.864 tsccvid.dll
22.12.2007 13:47 38.536 mlfcache.dat
08.12.2007 08:02 89.360 VB5DB.DLL
08.12.2007 08:02 3.584 comcat.dll
08.12.2007 08:02 1.355.776 msvbvm50.dll
18.11.2007 18:26 1.036.288 sqlrcmd.dll

Verzeichnis von C:\WINDOWS

01.05.2008 01:58 3.766 WindowsUpdate.log
01.05.2008 01:58 0 0.log
01.05.2008 01:58 2.048 bootstat.dat
01.05.2008 01:56 32.356 SchedLgU.Txt
30.04.2008 21:29 69 NeroDigital.ini
30.04.2008 20:45 84 winamp.ini
29.04.2008 18:54 1.409 QTFont.for
29.04.2008 18:54 54.156 QTFont.qfn
29.04.2008 18:43 227 system.ini
28.04.2008 15:52 1.094 win.ini
27.04.2008 04:15 10 popcinfo.dat
24.04.2008 09:41 673 saplogon.ini
08.04.2008 22:21 0 plclient.INI
01.04.2008 10:22 4.533 ODBCINST.INI
26.02.2008 15:02 136 mind.ini
18.02.2008 23:02 737.280 iun6002.exe
29.01.2008 20:20 160 wpd99.drv
23.01.2008 20:44 1.452 APDFPRP.INI
23.01.2008 20:44 194 appr.ini
23.01.2008 20:44 115 aebpr.ini
23.01.2008 12:13 458 my.ini
16.01.2008 11:46 7.680 Thumbs.db

Verzeichnis von C:\DOKUME~1\Markus.MKS\LOKALE~1\Temp

01.05.2008 01:41 16.384 ~DF23B5.tmp
30.04.2008 14:29 0 Art-330229745531-3.html
30.04.2008 10:55 869 jar_cache699.tmp
30.04.2008 10:55 849 jar_cache700.tmp
30.04.2008 10:29 145 jar_cache697.tmp
30.04.2008 10:07 145 jar_cache695.tmp
30.04.2008 09:10 208 java_install_reg.log
Seitenanfang Seitenende
01.05.2008, 12:22
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 hallo,

der Rechner war/ist (?) verseucht mit scvhost.exe -
* Backdoor.Rbot.gen
* W32/Sdbot.worm.gen.h

http://www.sophos.de/security/analyses/viruses-and-spyware/w32rbotek.html
W32/Rbot-EK ist ein Netzwerkwurm und eine Backdoor für die Windows-Plattform.
W32/Rbot-EK ermöglicht einem bösartig gesinnten Anwender Fernzugriff auf den infizierten Computer via IRC. Damit er automatisch beim Start von Windows aktiviert wird, kopiert sich W32/Rbot-EK als scvhost.exe in den Windows-Systemordner


eigentlich wäre Formatieren das Vernünftigste....

««
scanne mit sdfix im abgesicherten Modus , poste nach Neustart in den Normalmodus den Report
http://virus-protect.org/artikel/tools/sdfix.html

««
dann sdfix im Normalmodus :
RunThis.bat doppelt klicken
reinschreiben: 3
3 : wird Sophos geladen
bei Option 6 - erfolgt ein Fullscan + löschen der infizierten Dateien

poste den scanreport von Sophos hier


«
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.05.2008, 12:43
...neu hier

Themenstarter

Beiträge: 9
#9 oh...damit hätte ich jetzt echt nicht mehr gerechnet, keine guten neuigkeiten :/

Hier das Ergebnis der durchgeführten Schritte, welche du empfohlen hast:


Report.txt:



SDFix: Version 1.177
Run by Markus on 02.05.2008 at 10:56

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOKUME~1\Markus.MKS\Desktop\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 11:11:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e8,e5,ef,10,f7,7f,f5,4d,f4,3c,27,45,a4,5d,a9,4a,b7,4d,49,84,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1f,84,76,b7,a4,4b,ba,e3,f3,d9,e0,0b,a1,d1,a4,86,41,..
"khjeh"=hex:d8,b3,8b,16,13,ad,00,94,02,43,8a,a1,6b,70,e0,c1,ed,04,d2,e5,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:01,9d,3a,ec,f9,43,a0,8d,cd,e2,8e,75,b9,d3,db,a6,44,4f,c5,7b,f9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:73,95,89,f0,59,90,80,ce,2a,29,3c,80,a4,79,63,a6,a1,70,47,37,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e8,e5,ef,10,f7,7f,f5,4d,f4,3c,27,45,a4,5d,a9,4a,b7,4d,49,84,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1f,84,76,b7,a4,4b,ba,e3,f3,d9,e0,0b,a1,d1,a4,86,41,..
"khjeh"=hex:d8,b3,8b,16,13,ad,00,94,02,43,8a,a1,6b,70,e0,c1,ed,04,d2,e5,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:01,9d,3a,ec,f9,43,a0,8d,cd,e2,8e,75,b9,d3,db,a6,44,4f,c5,7b,f9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:73,95,89,f0,59,90,80,ce,2a,29,3c,80,a4,79,63,a6,a1,70,47,37,7b,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Google\\Google Talk\\googletalk.exe"="C:\\Programme\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOKUME~1\Markus.MKS\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 10 Nov 2003 532 A.SH. --- "C:\MSSYS.SYS"
Tue 9 Oct 2007 625,152 A.SH. --- "C:\Programme\Internet Explorer\IEXPLORE.EXE"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Programme\messenger\msmsgs.exe"
Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Mon 27 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Sun 21 Oct 2007 190 ..SH. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP7\PdmHist\1a0.7285E9A401C81365.history\00000000.bak"

Finished!



--------------------------------------------------------------------------



Im blauen Fenster hatte ich gar nicht die Möglichkeit auszuwählen, es startete direkt der QuickScan - hier das Ergebnis:

SophosReport.txt


Sophos Anti-Virus
Version 4.29.0 [Win32/Intel]
Virus data version 4.29E, May 2008
Includes detection for 401525 viruses, trojans and worms
Copyright (c) 1989-2008 Sophos Plc, www.sophos.com

System time 11:22:40, System date 02 May 2008
Command line qualifiers are: -remove -nc -nb -dn --stop-scan -idedir=C:\Dokumente und Einstellungen\Markus.MKS\Desktop\SDFix\IDE -p=C:\Dokumente und Einstellungen\Markus.MKS\Desktop\SDFix\SophosReport.txt

IDE directory is: C:\Dokumente und Einstellungen\Markus.MKS\Desktop\SDFix\IDE


Quick Scanning

>>> Virus 'Mal/HckPk-D' found in file C:\Programme\BayGenie Pro\BG3140_CRK.exe
Removal successful
Could not check C:\Programme\IBM\SQLLIB\DB2DAS00\tmp\dasrrmpid (virus scan failed)
>>> Virus 'Mal/IRCBot-C' found in file C:\Programme\Trillian\trillian.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055136.dll
Removal successful
Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055137.dll
Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055141.dll
Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055143.dll
Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055160.dll
Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055161.dll
Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055175.dll
Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055189.dll
Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055192.dll
>>> Virus 'Troj/TinyDa-Gen' found in file C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055465.exe\FILE:0006
>>> Virus 'Troj/Steam-AH' found in file C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055465.exe\FILE:0007\FILE:0005
Removal successful
Could not open C:\System Volume Information\_restore{084D1B1D-57BF-4E7F-B71C-49C8A85A54B6}\RP203\A0055487.exe
>>> Virus 'Mal/IRCBot-C' found in file C:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0041218.exe
Removal successful
>>> Virus 'Mal/HckPk-D' found in file C:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042283.exe
Removal successful
>>> Virus 'Mal/IRCBot-C' found in file C:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042297.exe
Removal successful
Could not open C:\WINDOWS\system32\drivers\sptd.sys
Could not open C:\WINDOWS\TEMP\cch~1fba9a565.htp
Could not open C:\WINDOWS\TEMP\cch~1fba9ab80.htp
Could not open C:\WINDOWS\TEMP\cch~22b34f514.htp
Could not open C:\WINDOWS\TEMP\cch~22b34fc03.htp
Could not open C:\WINDOWS\TEMP\cch~22b4f7220.htp
Could not open C:\WINDOWS\TEMP\cch~22b4f7926.htp
Could not open C:\WINDOWS\TEMP\cch~22b4fb767.htp
Could not open C:\WINDOWS\TEMP\cch~22b4fbdfa.htp
>>> Virus 'Mal/Packer' found in file D:\Apps\Cutter youtube grabber\NAFCv3.20\naturpic.audio.file.cutter.3.20.keygen-tsrh\keygen.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file D:\Apps\Cutter youtube grabber\RAV8\Crack\ReplayAVv800_Crack.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\Apps\Desktop (Virtual) Tools\Sydatec.Personal.Desktop.v2.1.German.Incl.KeyMaker.and.AuthPatch-DVT (CPU Auslastung)\DVT\DVT\authpatch.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\Apps\Desktop (Virtual) Tools\Sydatec.Personal.Desktop.v2.1.German.Incl.KeyMaker.and.AuthPatch-DVT (CPU Auslastung)\DVT\DVT\KeyMaker.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\Apps\PDF Progs\Elcomsoft Password Recovery Bundle 2007\AVPR v1.63\!Crack\avpr.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\Apps\PDF Progs\PDF995 mit Keygen\keygen.exe
Removal successful
>>> Virus 'Mal/Heuri-E' found in file D:\Apps\SchuelerVz & StudiVz Fotoalbum Downloader by jt\SchuelerVz & StudiVz Fotoalbum Downloader by jt.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\Apps\Security\Ashampoo_WinOptimizer_4.10\KeyGen\keygen.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file D:\Apps\Security\Steganos_Internet_Anonym_VPN\keygen.exe
Removal successful
>>> Virus 'Troj/Keygen-BE' found in file D:\Apps\Security\TuneUp Utilities 2007\Key-Generator\keygen.exe
Removal successful
>>> Virus 'Mal/CimgaKit-A' found in file D:\Apps\Security\XP Password changer\XP PASSWORD MANAGER.exe
Removal successful
>>> Virus 'Mal/IRCBot-C' found in file D:\Apps\Trillian_Pro_v3.1.9.0\Trillian Pro v3.1.9.0\Crack\trillian.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file D:\Apps\TUNING\Ashampoo_Magical_Defrag_2.05\Crack\AshampooMagicalDefragv205_Crack.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file D:\Apps\TUNING\Ashampoo_WinOptimzer_4.0\Crack\AshampooWinOptimizerv400_Crack.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\Apps\TUNING\GameTuner\Game Tuner v1.0.0.33 keygen by AGAiN\Keygen.EXE
Removal successful
>>> Virus 'Troj/Keygen-BE' found in file D:\Apps\TUNING\TuneUp Utilities 2007\Key-Generator\keygen.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file D:\Apps\XP_Original\KeyGen.exe
Removal successful
Password protected file D:\FHU\Wirtschaftsinformatik\(alles vorg„nger)\wintra2.semester (pw)\Algorithmen_und_Datenstrukturen\Wiederholungen\PraesKW25.ppt
>>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP165\A0038925.exe
Removal successful
Could not open D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP171\A0039746.exe
Could not open D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP171\A0039747.exe
>>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042298.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042299.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042300.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042301.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042302.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042303.exe
Removal successful
>>> Virus 'Mal/Heuri-E' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042304.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042305.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042306.exe
Removal successful
>>> Virus 'Troj/Keygen-BE' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042307.exe
Removal successful
>>> Virus 'Mal/CimgaKit-A' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042308.exe
Removal successful
>>> Virus 'Mal/IRCBot-C' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042309.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042310.exe
Removal successful
>>> Virus 'Mal/Dropper-O' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042311.exe
Removal successful
>>> Virus 'Mal/Packer' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042312.EXE
Removal successful
>>> Virus 'Troj/Keygen-BE' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042313.exe
Removal successful
>>> Virus 'Mal/Generic-A' found in file D:\System Volume Information\_restore{E3AC3A7A-3431-4798-BCFC-382F01819F4E}\RP177\A0042314.exe
Removal successful

3 boot sectors swept.
68485 files swept in 1 hour, 2 minutes and 45 seconds.
22 errors were encountered.
43 viruses were discovered.
42 files out of 68485 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
1 encrypted file was not checked.
Ending Sophos Anti-Virus.
Seitenanfang Seitenende
02.05.2008, 12:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Hallo,

ja nun...wer sich den Rechner mit keygens vollknallt, kann nicht erwarten, ein sicheres System zu haben ;)
an deiner Stelle würde ich alles platt machen + formatieren, dann in Zukunft auf bewusste gens verzichten, die Proggies kann man kaufen, dann hat man sie für immer und es gibt keine Probleme.

««
wenn du dennoch weiter reinigen willst, wende sdifx im Normalmodus an:
1 : es wird a-squared geladen
2 : wird Norman geladen

poste die Reporte
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.05.2008, 13:13
...neu hier

Themenstarter

Beiträge: 9
#11 stimmt schon was du sagst

platt machen kann ich ihn momentan nicht aus versch gründen, außerdem fehlt mir da grad mitten im semester die zeit dazu :/

werd die zwei reports jetzt durchführen und die ergebnisse gleich hier nochmal posten - danke Sabina!
Seitenanfang Seitenende
02.05.2008, 14:40
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 na gut ;)
poste die reports
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
03.05.2008, 13:20
...neu hier

Themenstarter

Beiträge: 9
#13 so. hier nun etwas verspätet die reports:

asquared_report.txt


a-squared Command Line Scanner - Version 3.5
Last update: N/A

Scan settings:

Objects: Memory, Traces, Cookies, C:
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 02.05.2008 21:54:28

C:\Dokumente und Einstellungen\Markus.MKS\Desktop\SDFix\apps\Process.exe detected: Riskware.RiskTool.Win32.Processor.20

Scanned

Files: 329858
Traces: 177636
Cookies: 130
Processes: 28

Found

Files: 1
Traces: 0
Cookies: 0
Processes: 0

Quarantined

Files: 1
Traces: 0
Cookies: 0
Processes: 0

Scan end: 02.05.2008 23:46:05
Scan time: 1:51:37



NFix_2008-05-03_00-09-12.log


Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/04/29 19:17:00

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/04/29 19:17:00, Variants: 1600559

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: MKS\Markus


Scan started: 03/05/2008 00:09:12


Scanning running processes and process memory...

Number of processes/threads found: 1314
Number of processes/threads scanned: 1313
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 42s


Scanning file system...

Scanning: C:\*.*

C:\Programme\cygwin\ftp%3a%2f%2fmirror.switch.ch%2fmirror%2fcygwin\release\pkgconfig\pkgconfig-0.17.2-3.tar.bz2/unknown0 (Error whilst scanning file: I/O Error)

C:\Programme\IBM\SQLLIB\samples\repl\xmlpubtk\loadqueue\LoadQueue.jar/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error)

C:\Programme\IBM\SQLLIB\samples\repl\xmlpubtk\sample1\sample1.jar/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error)

C:\Programme\IBM\SQLLIB\samples\repl\xmlpubtk\sample2\sample2.jar/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error)

C:\Programme\IBM\SQLLIB\samples\repl\xmlpubtk\sample3\sample3.jar/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error)

C:\System Volume Information\_RESTO~1\RP203\A0054943.exe (Infected with W32/Suspicious_N.gen)
Deleted file

Scanning: D:\*.*

D:\Apps\PDF Progs\ABBYY.PDF.Transformer.v2.0.Build.1147\activate.exe (Infected with W32/Malware.AGSM)
Deleted file

D:\Apps\PDF Progs\Advanced_PDF_Password_Recovery__APDFPR__3.0.48.314\apdfpr.exe (Infected with W32/Suspicious_N.gen)
Deleted file

D:\Apps\PDF Progs\Elcomsoft Password Recovery Bundle 2007\PPA v1.70.3620\!Crack\ppa.exe (Infected with W32/Suspicious_N.gen)
Deleted file

D:\Apps\Security\XP Password changer\xp pass.rlc/XP_PASSWORD_MANAGER\XP PASSWORD MANAGER.exe (Infected with W32/Smalltroj.DBZC)
Deleted file

D:\Apps\TUNING\Staganos_Tuning_7.13\Patch\Crack.rar/AV (Error whilst scanning file: I/O Error)

D:\Apps\_CHAT\Portable Google Talk 1.0.0.96.exe (Infected with W32/Suspicious_U.gen)
Deleted file

D:\FHU\download\db2\Windows\REPL0013.cab/unknown0/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error)

D:\FHU\download\db2\Windows\REPL0014.cab/unknown0/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error)

D:\FHU\download\db2\Windows\REPL0015.cab/unknown4/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error)

D:\FHU\download\db2\Windows\REPL0016.cab/unknown7/META-INF/MANIFEST.MF (Error whilst scanning file: I/O Error)

D:\Games\Handy Games\SaintsRow.jar/NOVUSGFX/carUte.spr (Error whilst scanning file: I/O Error)

D:\Games\Risiko 2\CLASS.EXE (Infected with W32/Smalltroj.CTLW)
Deleted file

D:\System Volume Information\_RESTO~4\RP203\A0055987.exe (Infected with W32/DLoader.DOLA)
Deleted file

D:\System Volume Information\_RC9B9~1\RP177\A0042362.exe (Infected with W32/Malware.AGSM)
Deleted file

D:\System Volume Information\_RC9B9~1\RP177\A0042363.exe (Infected with W32/Suspicious_N.gen)
Deleted file

D:\System Volume Information\_RC9B9~1\RP177\A0042364.exe (Infected with W32/Suspicious_N.gen)
Deleted file

D:\System Volume Information\_RC9B9~1\RP177\A0042365.exe (Infected with W32/Suspicious_U.gen)
Deleted file

D:\System Volume Information\_RC9B9~1\RP177\A0042366.EXE (Infected with W32/Smalltroj.CTLW)
Deleted file

Scanning: G:\*.*

G:\System Volume Information\_RESTO~1\RP165\A0038967.exe (Infected with W32/SDBot.BLCK)
Deleted file

Scanning: c:\System Volume Information\*.*

Scanning: d:\System Volume Information\*.*

Scanning: g:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 804578
Number of archives unpacked: 15265
Number of files scanned: 804509
Number of files not scanned: 69
Number of files skipped due to exclude list: 0
Number of infected files found: 14
Number of infected files repaired/deleted: 14
Number of infections removed: 14
Total scanning time: 3h 29m 17s
Seitenanfang Seitenende
03.05.2008, 14:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 Hallo,

««
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
dann das Häkchen wieder rausnehmen.(also wieder aktivieren)

««
ich selbst finde nichts mehr in den Logs, will ja auch nicht alle Partitionen + PC in die Einzelteile zerlegen ;)
deshalb nun Onlinscans:

scanne Online mit F-Secure + poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.05.2008, 22:18
...neu hier

Themenstarter

Beiträge: 9
#15 so nachdem ich probleme hatte wegen IE, hier nun der report:

Scanning Report
Tuesday, May 06, 2008 18:45:51 - 22:16:13

Computer name: MKS
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ G:\
Result: 1 malware found
Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 80423
* System: 4140
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Blacklight: 1.0.68
* F-Secure Hydra: 2.8.8110, 2008-05-06
* F-Secure Pegasus: 1.20.0, 2008-02-28
* F-Secure AVP: 7.0.171, 2008-05-06

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics




scheint glaub nicht allzuviel rausgekommen zu sein oder?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »