hwclock.exe - Hardware Clock Driver

hwclock.exe, Hardware Clock Driver

hwclock.exe
Hardware Clock Driver

hwclock.exe, Hardware Clock Driver

Start -- Ausführen -- schreib rein: cmd

kopiere rein:
sc stop hwclock
klicke "enter"

und warte ein bisschen, dann kopiere rein:
sc delete hwclock
klicke "enter"

kopiere rein:
del C:\WINDOWS\System32\hwclock.exe
Klicke "enter

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HWCLOCK]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hwclock]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HWCLOCK]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hwclock]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock]

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken).
Die Datei "fixme.reg" auf dem Desktop doppelklicken.
und sofort wieder neustarten

HijackThis

O4 - HKLM\..\Run: [rfagent] "C:\Programme\RFA\rfagent.exe
O4 - HKLM\..\Run: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKLM\..\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKCU\..\Run: [MS MSN Menssenger 7.0] MSMSN7.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

O4 - HKLM\..\Run: [MS UniX] navupdate64.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\RunServices: [MS UniX] navupdate64.exe
O4 - HKCU\..\Run: [MS UniX] navupdate64.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

O4 - HKLM\..\Run: [*Wssocks] wssocks.exe
O4 - HKLM\..\RunServices: [*Wssocks] wssocks.exe
O4 - HKCU\..\Run: [*Wssocks] wssocks.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

datfindbat
http://virus-protect.org/datfindbat.html

18.06.2005 17:19 109.056 navupdate64.exe
18.06.2005 16:04 0 TFTP2580
18.06.2005 01:29 0 TFTP3844
14.06.2005 13:07 0 TFTP3884
13.06.2005 21:15 0 TFTP868

C:\UNMT.EXE
C:\WINDOWS\system32\TFTP2580
C:\WINDOWS\system32\TFTP3844
C:\WINDOWS\system32\TFTP3884
C:\WINDOWS\system32\TFTP868
C:\WINDOWS\System32\hwclock.exe
C:\WINDOWS\system32\navupdate64.exe

C:\WINDOWS\System32\MSMSN7.exe
C:\WINDOWS\System32\hwclock.exe
Windows/Prefetch-Ordner (hwclock.exe-0f82b9c8)

C:\WINDOWS\System32\ntload.bat
C:\ntload.bat
C:\sys.bat
C:\WINDOWS\system32\TFTP1884
C:\WINDOWS\system32\TFTP2640
C:\WINDOWS\system32\TFTP1796
C:\WINDOWS\system32\TFTP2612
C:\WINDOWS\System32\hwclock.exe
C:\WINDOWS\system 32\ftpupd.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\work.exe
C:\WINDOWS\System32\winpnp32.exe
C:\WINDOWS\System32\SCardClnt.exe

?????
C:\Windows\System32\SYSTEM.EXE
C:\Windows\System32\winpnp32.exe
C:\Windows\System32\winpnp.exe
C:\Windows\System32\mousehs.exe
C:\Windows\System32\hwclock.exe

"dcpromo.log" into the "%Windows%\Debug" directory

W32/Hwbot-A sets the following entries in the registry:

HKLM\software\microsoft\ole
enabledcom
"n"

HKLM\system\currentcontrolset\control\lsa
restrictanonymous
"1"

Service name: Service Control Application
Display name: SCA
Description: Controls and manages system services.
Path to executable: %System%\SYSTEM.EXE
Startup type: Automatic

Service name: hwclock
Display name: Hardware Clock Driver
Description: Enables a computer to save and restore system time information using the hardware clock. Stopping or disabling this service will result in system instability.
Path to executable: %System%\hwclock.exe
Startup type: Automatic

Service name: winpnp32
Display name: Windows 32-bit PnP Driver
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path to executable: %System%\winpnp32.exe
Startup type: Automatic

Service name: mousehs
Display name: Mouse Hardware Sync
Description: Enables a computer to maintain synchronization with a PS/2 pointing device. Stopping or disabling this service will result in system instability.
Path to executable: %System%\mousehs.exe
Startup type: Automatic

Service name: winpnp
Display name: Windows PnP Driver
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path to executable: %System%\winpnp.exe
Startup type: Automatic