TR/Vundo.Gen in ssqpp.dll . Geht nicht weg! |
||
---|---|---|
#0
| ||
09.09.2006, 12:55
Member
Beiträge: 22 |
||
|
||
09.09.2006, 17:20
Ehrenmitglied
Beiträge: 29434 |
#2
1.
Vundofix anwenden http://virus-protect.org/artikel/tools/vundofixx.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was erscheint ** Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung - Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. - Click:Temporäre Dateien, o.k ----------------------------- öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com** scanne http://virus-protect.org/artikel/bfu/alcanshorty.html ** Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. ** scanne mit sophos und poste den scanreport http://virus-protect.org/multiavtool.html ** scanne mit dr.web und poste den scanreport http://virus-protect.org/cureit.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.09.2006, 17:24
Member
Themenstarter Beiträge: 22 |
#3
Soll ich das im abgesicherten Modus machen? Und soll ich die Firewalls ausschalten?
|
|
|
||
09.09.2006, 17:36
Ehrenmitglied
Beiträge: 29434 |
||
|
||
09.09.2006, 17:45
Member
Themenstarter Beiträge: 22 |
#5
Edit dann bitte deinen post wenn du fertig bist okay?
|
|
|
||
09.09.2006, 17:45
Ehrenmitglied
Beiträge: 29434 |
#6
so, nun kannst du anfangen, alles im Normalmodus und poste alle reporte, vor allem dem vom avenger
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.09.2006, 17:47
Member
Themenstarter Beiträge: 22 |
#7
Ich denke mal da wird er die meisten sachen nicht finden bei avenger, weil ich das vorhin schon gemacht hab. Aber ich werd mal alles wieder einfügen. Ich fang dann mal wieder von vorne an .
|
|
|
||
09.09.2006, 17:50
Ehrenmitglied
Beiträge: 29434 |
||
|
||
09.09.2006, 17:57
Member
Themenstarter Beiträge: 22 |
#9
so avenger ist fertig. Die anderen kommen gleich noch
___________________Avenger________________________________ Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\dxymbsax ******************* Script file located at: \??\C:\dylaqrkx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService Status: 0xc0000034 File C:\WINDOWS\tasks\AFC4F1BC91CB62E4.job deleted successfully. File C:\WINDOWS\System32\ssqpp.dll not found! Deletion of file C:\WINDOWS\System32\ssqpp.dll failed! Could not process line: C:\WINDOWS\System32\ssqpp.dll Status: 0xc0000034 File C:\WINDOWS\System32\ddcca.dll not found! Deletion of file C:\WINDOWS\System32\ddcca.dll failed! Could not process line: C:\WINDOWS\System32\ddcca.dll Status: 0xc0000034 File C:\WINDOWS\system32\ppqss.ini not found! Deletion of file C:\WINDOWS\system32\ppqss.ini failed! Could not process line: C:\WINDOWS\system32\ppqss.ini Status: 0xc0000034 File C:\WINDOWS\system32\wintcc.exe not found! Deletion of file C:\WINDOWS\system32\wintcc.exe failed! Could not process line: C:\WINDOWS\system32\wintcc.exe Status: 0xc0000034 File C:\WINDOWS\system32\mcrh.tmp not found! Deletion of file C:\WINDOWS\system32\mcrh.tmp failed! Could not process line: C:\WINDOWS\system32\mcrh.tmp Status: 0xc0000034 File C:\WINDOWS\system32\ppqss.bak2 not found! Deletion of file C:\WINDOWS\system32\ppqss.bak2 failed! Could not process line: C:\WINDOWS\system32\ppqss.bak2 Status: 0xc0000034 File C:\WINDOWS\system32\ppqss.bak1 not found! Deletion of file C:\WINDOWS\system32\ppqss.bak1 failed! Could not process line: C:\WINDOWS\system32\ppqss.bak1 Status: 0xc0000034 File C:\WINDOWS\system32\ppqss.ini2 not found! Deletion of file C:\WINDOWS\system32\ppqss.ini2 failed! Could not process line: C:\WINDOWS\system32\ppqss.ini2 Status: 0xc0000034 File C:\WINDOWS\system32\rsm.dll not found! Deletion of file C:\WINDOWS\system32\rsm.dll failed! Could not process line: C:\WINDOWS\system32\rsm.dll Status: 0xc0000034 File C:\WINDOWS\1.dat not found! Deletion of file C:\WINDOWS\1.dat failed! Could not process line: C:\WINDOWS\1.dat Status: 0xc0000034 Could not open file C:\Programme\Common Files\svchostsys\svchostsys.exe for deletion Deletion of file C:\Programme\Common Files\svchostsys\svchostsys.exe failed! Could not process line: C:\Programme\Common Files\svchostsys\svchostsys.exe Status: 0xc000003a File C:\t.exe not found! Deletion of file C:\t.exe failed! Could not process line: C:\t.exe Status: 0xc0000034 Folder C:\WINDOWS\System32\P2P Networking not found! Deletion of folder C:\WINDOWS\System32\P2P Networking failed! Could not process line: C:\WINDOWS\System32\P2P Networking Status: 0xc0000034 Folder C:\Programme\TClock not found! Deletion of folder C:\Programme\TClock failed! Could not process line: C:\Programme\TClock Status: 0xc0000034 Folder C:\Programme\Save not found! Deletion of folder C:\Programme\Save failed! Could not process line: C:\Programme\Save Status: 0xc0000034 Folder C:\Programme\Gemeinsame Dateien\wwqw not found! Deletion of folder C:\Programme\Gemeinsame Dateien\wwqw failed! Could not process line: C:\Programme\Gemeinsame Dateien\wwqw Status: 0xc0000034 Folder C:\Programme\Common Files\svchostsys not found! Deletion of folder C:\Programme\Common Files\svchostsys failed! Could not process line: C:\Programme\Common Files\svchostsys Status: 0xc0000034 Folder C:\Programme\Common Files\misc001 not found! Deletion of folder C:\Programme\Common Files\misc001 failed! Could not process line: C:\Programme\Common Files\misc001 Status: 0xc0000034 Folder C:\Programme\Common Files\simtest not found! Deletion of folder C:\Programme\Common Files\simtest failed! Could not process line: C:\Programme\Common Files\simtest Status: 0xc0000034 Folder C:\Programme\Network Monitor not found! Deletion of folder C:\Programme\Network Monitor failed! Could not process line: C:\Programme\Network Monitor Status: 0xc0000034 Folder c:\program files\altnet not found! Deletion of folder c:\program files\altnet failed! Could not process line: c:\program files\altnet Status: 0xc0000034 Folder C:\Programme\TBONBin deleted successfully. Folder C:\WINDOWS\UGFwcGFz not found! Deletion of folder C:\WINDOWS\UGFwcGFz failed! Could not process line: C:\WINDOWS\UGFwcGFz Status: 0xc0000034 Folder C:\Programme\MyGlobalSearch not found! Deletion of folder C:\Programme\MyGlobalSearch failed! Could not process line: C:\Programme\MyGlobalSearch Status: 0xc0000034 Folder C:\Programme\Loud2Junk deleted successfully. Folder C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\BLAH COAL not found! Deletion of folder C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\BLAH COAL failed! Could not process line: C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\BLAH COAL Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Loud2Junk deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tbon deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Rsrm deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Services deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BaitOnce deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Tqtc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows ASN Services deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WhenUSave deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wwqw deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winsysban not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winsysban failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
09.09.2006, 18:19
Ehrenmitglied
Beiträge: 29434 |
#10
nun arbeite alles weitere ab und poste alle scanreporte
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.09.2006, 18:53
Member
Themenstarter Beiträge: 22 |
#11
Sophos:
Sophos Anti-Virus Version 4.09.0 [Win32/Intel] Virus data version 4.09, September 2006 Includes detection for 187747 viruses, trojans and worms Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 18:26:13, System date 09 September 2006 Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet >>> Virus 'Troj/Swizz-Fam' found in file C:\avenger\backup.zip\avenger/Loud2Junk-ren-214/Barb Eggs.exe >>> Virus 'Troj/Swizz-Fam' found in file C:\avenger\backup.zip\avenger/Loud2Junk-ren-214/fast anti long.exe >>> Virus 'Troj/Swizz-Fam' found in file C:\avenger\backup.zip\avenger/Loud2Junk-ren-214/regs copy bone license.exe >>> Virus 'Troj/Swizz-Fam' found in file C:\avenger\backup.zip\avenger/Loud2Junk-ren-214/sepfazej.exe Removal successful >>> Virus 'Troj/Swizz-Fam' found in file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CdromHeckForPeak\Cash Type.exe Disinfection failed Removal successful Could not open C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat Could not open C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat Could not open C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Password protected file C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0600win_DEUyhoo0010.pdf Password protected file C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0700win_DEUadbe0700.pdf Could not open C:\Dokumente und Einstellungen\Malaka\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open C:\Dokumente und Einstellungen\Malaka\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not open C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\RdrMsgDEU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\read0600win_DEUyhoo0010.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\read0600win_ENUyhoo0010.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig705\DEU\Data1.cab\WebSearchENU.pdf >>> Virus 'Troj/Swizzor-LY' found in file C:\Programme\Adverts\uninst.exe Disinfection failed Removal successful Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp Could not open C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279112.dll >>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279132.exe Disinfection failed Removal successful Could not open C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279141.dll >>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279177.exe Disinfection failed Removal successful >>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279178.exe Disinfection failed Removal successful >>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279179.exe Disinfection failed Removal successful >>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279180.exe Disinfection failed Removal successful >>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279209.exe Disinfection failed Removal successful >>> Virus 'Troj/Swizzor-LY' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279210.exe Disinfection failed Removal successful Could not open C:\WINDOWS\system32\config\system.LOG Could not open C:\WINDOWS\system32\drivers\dtscsi.sys Could not open C:\WINDOWS\system32\drivers\sptd.sys Could not open C:\WINDOWS\system32\drivers\sptd1485.sys 2 master boot records swept. 34182 files swept in 32 minutes and 27 seconds. 61 errors were encountered. 13 viruses were discovered. 10 files out of 34182 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 47 encrypted files were not checked. Ending Sophos Anti-Virus. ___________________________TrendLog_______________________________ 2006-09-09, 19:09:31, Auto-clean mode specified. 2006-09-09, 19:09:31, Running scanner "c:\AV-CLS\Trend\TSC.BIN"... 2006-09-09, 19:09:37, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running. 2006-09-09, 19:09:37, TSC Log: Damage Cleanup Engine (DCE) 3.98(Build 1012) Windows XP(Build 2600: Service Pack 1) Start time : Sat Sep 09 2006 19:09:32 Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 782) [success] Complete time : Sat Sep 09 2006 19:09:37 Execute pattern count(2957), Virus found count(0), Virus clean count(0), Clean failed count(0) 2006-09-09, 19:10:08, An error was detected on "C:\System Volume Information\*.*": Zugriff verweigert 2006-09-09, 19:10:24, An error was detected on "D:\Panos\Active member\Active Member - ÎÎÏαÏ?μα Ï?Ï?' ακÏÏ?νειÏο\*.*": Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. 2006-09-09, 19:10:25, An error was detected on "D:\Panos\Daten Handy\Sounds\??f?a??? ????\*.*": Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. 2006-09-09, 19:11:09, An error was detected on "D:\System Volume Information\*.*": Zugriff verweigert 2006-09-09, 19:11:12, An error was detected on "E:\System Volume Information\*.*": Zugriff verweigert 2006-09-09, 20:37:37, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/9/2006 19:11:12 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend C:\WINDOWS\system32\firewall.exe [WORM_RBOT.CJQ] 30670 files have been read. 30670 files have been checked. 28119 files have been scanned. 61179 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 9/9/2006 20:37:37 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-09, 20:37:37, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/9/2006 19:11:12 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 30670 files have been read. 30670 files have been checked. 28119 files have been scanned. 61179 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 9/9/2006 20:37:37 1 hour 26 minutes 24 seconds (5183.84 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-09, 20:37:37, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/9/2006 19:11:12 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 30670 files have been read. 30670 files have been checked. 28119 files have been scanned. 61179 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 9/9/2006 20:37:37 1 hour 26 minutes 24 seconds (5183.84 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-09, 20:37:37, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. 2006-09-09, 21:01:20, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/9/2006 20:37:38 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 44864 files have been read. 44864 files have been checked. 35312 files have been scanned. 122867 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/9/2006 21:01:20 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-09, 21:01:20, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/9/2006 20:37:38 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 44864 files have been read. 44864 files have been checked. 35312 files have been scanned. 122867 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/9/2006 21:01:20 23 minutes 41 seconds (1421.58 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-09, 21:01:20, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/9/2006 20:37:38 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 44864 files have been read. 44864 files have been checked. 35312 files have been scanned. 122867 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/9/2006 21:01:20 23 minutes 41 seconds (1421.58 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-09, 21:01:20, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. 2006-09-09, 21:01:22, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/9/2006 21:01:21 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 2 files have been read. 2 files have been checked. 2 files have been scanned. 2 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/9/2006 21:01:22 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-09, 21:01:22, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/9/2006 21:01:21 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 2 files have been read. 2 files have been checked. 2 files have been scanned. 2 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/9/2006 21:01:22 0.02 seconds has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-09, 21:01:22, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/9/2006 21:01:21 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 2 files have been read. 2 files have been checked. 2 files have been scanned. 2 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/9/2006 21:01:22 0.02 seconds has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-09, 21:01:22, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. EDIT: Der letzte log kommt morgen leider... konnte nicht alles machen muss weg. Dieser Beitrag wurde am 09.09.2006 um 21:32 Uhr von freegon editiert.
|
|
|
||
10.09.2006, 12:38
Ehrenmitglied
Beiträge: 29434 |
#12
freegon
1. falls es noch da ist, loesche: C:\WINDOWS\system32\firewall.exe 2. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) 3. scanne noch mit den anderen Proggies und poste die reporte 4. poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.09.2006, 15:46
Member
Themenstarter Beiträge: 22 |
#13
dr.web:
============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2006-09-10, 15:18:01 [PAPPAS][Malaka] Command-line: "C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Professional x86 (Build 2600), Service Pack 1 ============================================================================= Engine version: 4.33 (4.33.4.07270) Engine API version: 2.01 [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 1966 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 943 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 229 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 172 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records [Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 140381 Key file: C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] C:\WINDOWS\System32\smss.exe [Scan path] C:\WINDOWS\system32\csrss.exe [Scan path] C:\WINDOWS\system32\winlogon.exe [Scan path] C:\WINDOWS\system32\services.exe [Scan path] C:\WINDOWS\system32\lsass.exe [Scan path] C:\WINDOWS\system32\svchost.exe [Scan path] C:\WINDOWS\system32\spoolsv.exe [Scan path] C:\Programme\AntiVir PersonalEdition Classic\sched.exe [Scan path] C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [Scan path] C:\WINDOWS\System32\CTsvcCDA.EXE [Scan path] C:\WINDOWS\mtcls32.exe [Scan path] C:\WINDOWS\System32\nvsvc32.exe [Scan path] C:\Programme\CyberLink\Shared files\RichVideo.exe [Scan path] C:\WINDOWS\System32\wdfmgr.exe [Scan path] C:\WINDOWS\System32\UAService7.exe [Scan path] C:\WINDOWS\System32\MsPMSPSv.exe [Scan path] C:\WINDOWS\system32\ZoneLabs\vsmon.exe [Scan path] C:\WINDOWS\Explorer.EXE [Scan path] C:\WINDOWS\System32\rundll32.exe [Scan path] C:\Programme\Creative\ShareDLL\CtNotify.exe [Scan path] C:\Programme\Creative\ShareDLL\MediaDet.Exe [Scan path] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe [Scan path] C:\Programme\Microsoft IntelliType Pro\itype.exe [Scan path] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [Scan path] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [Scan path] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [Scan path] C:\WINDOWS\System32\ctfmon.exe [Scan path] C:\Programme\ArcorDSL\ArcorDSL.exe [Scan path] C:\Programme\Opera\Opera.exe [Scan path] C:\Dokumente und Einstellungen\Malaka\Desktop\drweb-cureit.exe [Scan path] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\_start.exe [Scan path] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cureit.exe [Scan path] c:\windows\system32\nvcpl.dll [Scan path] C:\WINDOWS\System32\nwiz.exe [Scan path] C:\WINDOWS\System32\sw20.exe [Scan path] C:\WINDOWS\System32\sw24.exe [Scan path] c:\programme\creative\splash screen\cteaxspl.exe [Scan path] c:\windows\system32\dumprep.exe [Scan path] C:\WINDOWS\System32\nvmctray.dll [Scan path] C:\Dokumente und Einstellungen\Malaka\Startmenü\Programme\Autostart\desktop.ini [Scan path] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [Scan path] C:\WINDOWS\System32\mmsys.cpl [Scan path] C:\WINDOWS\System32\icmui.dll [Scan path] C:\WINDOWS\System32\rshx32.dll [Scan path] C:\WINDOWS\System32\docprop.dll [Scan path] C:\WINDOWS\System32\ntshrui.dll [Scan path] C:\WINDOWS\System32\themeui.dll [Scan path] C:\WINDOWS\System32\deskadp.dll [Scan path] C:\WINDOWS\System32\deskmon.dll [Scan path] C:\WINDOWS\System32\dssec.dll [Scan path] C:\WINDOWS\System32\SlayerXP.dll [Scan path] C:\WINDOWS\System32\shscrap.dll [Scan path] C:\WINDOWS\System32\diskcopy.dll [Scan path] C:\WINDOWS\System32\ntlanui2.dll [Scan path] C:\WINDOWS\System32\printui.dll [Scan path] C:\WINDOWS\System32\dskquoui.dll [Scan path] C:\WINDOWS\System32\syncui.dll [Scan path] C:\WINDOWS\System32\hticons.dll [Scan path] C:\WINDOWS\System32\fontext.dll [Scan path] C:\WINDOWS\System32\deskperf.dll [Scan path] C:\WINDOWS\system32\cryptext.dll [Scan path] C:\WINDOWS\system32\NETSHELL.dll [Scan path] C:\WINDOWS\System32\wiashext.dll [Scan path] C:\WINDOWS\System32\remotepg.dll [Scan path] C:\WINDOWS\System32\wuaueng.dll [Scan path] C:\WINDOWS\System32\wshext.dll [Scan path] C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Scan path] C:\WINDOWS\System32\mstask.dll [Scan path] C:\WINDOWS\system32\shdocvw.dll [Scan path] C:\WINDOWS\System32\shmedia.dll [Scan path] C:\WINDOWS\System32\browseui.dll [Scan path] C:\WINDOWS\System32\sendmail.dll [Scan path] C:\WINDOWS\System32\occache.dll [Scan path] C:\WINDOWS\System32\webcheck.dll [Scan path] C:\WINDOWS\System32\appwiz.cpl [Scan path] C:\WINDOWS\System32\shimgvw.dll [Scan path] C:\WINDOWS\System32\netplwiz.dll [Scan path] C:\WINDOWS\System32\zipfldr.dll [Scan path] C:\WINDOWS\System32\cdfview.dll [Scan path] C:\WINDOWS\System32\msieftp.dll [Scan path] C:\WINDOWS\System32\docprop2.dll [Scan path] C:\WINDOWS\System32\dsquery.dll [Scan path] C:\WINDOWS\System32\dsuiext.dll [Scan path] C:\WINDOWS\System32\mydocs.dll [Scan path] C:\WINDOWS\System32\cscui.dll [Scan path] C:\WINDOWS\msagent\agentpsh.dll [Scan path] C:\WINDOWS\System32\dfsshlex.dll [Scan path] C:\WINDOWS\System32\photowiz.dll [Scan path] C:\WINDOWS\System32\mmcshext.dll [Scan path] C:\WINDOWS\System32\cabview.dll [Scan path] C:\Programme\Outlook Express\wabfind.dll [Scan path] C:\WINDOWS\System32\wmpshell.dll [Scan path] C:\WINDOWS\System32\nvcpl.dll [Scan path] C:\WINDOWS\System32\nvshell.dll [Scan path] C:\Programme\WinRAR\rarext.dll [Scan path] C:\Programme\Real\RealPlayer\rpshell.dll [Scan path] C:\WINDOWS\System32\Audiodev.dll [Scan path] C:\Programme\TuneUp Utilities 2006\sdshelex.dll [Scan path] C:\Programme\Sony Ericsson\Mobile\File Manager\fmgrgui.dll [Scan path] C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [Scan path] D:\Programme\ICQLite\ICQLiteShell.dll [Scan path] C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll [Scan path] C:\WINDOWS\system32\mscoree.dll [Scan path] C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Scan path] C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll [Scan path] C:\Programme\Microsoft IntelliType Pro\itcplzm.dll [Scan path] C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll [Scan path] C:\Programme\Microsoft IntelliType Pro\itcplkey.dll [Scan path] C:\Programme\Microsoft IntelliType Pro\itcplwir.dll [Scan path] C:\WINDOWS\system32\SHELL32.dll [Scan path] C:\WINDOWS\System32\stobject.dll [Scan path] C:\WINDOWS\System32\crypt32.dll [Scan path] C:\WINDOWS\System32\cryptnet.dll [Scan path] C:\WINDOWS\System32\cscdll.dll [Scan path] C:\WINDOWS\System32\wlnotify.dll [Scan path] C:\WINDOWS\System32\sclgntfy.dll [Scan path] C:\WINDOWS\System32\wzcdlg.dll [Scan path] C:\WINDOWS\System32\drivers\ACEDRV05.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys [Scan path] C:\WINDOWS\system32\drivers\aec.sys [Scan path] C:\WINDOWS\System32\drivers\afd.sys [Scan path] C:\WINDOWS\system32\drivers\ALCXWDM.SYS [Scan path] c:\windows\system32\svchost.exe [Scan path] C:\WINDOWS\System32\alg.exe [Scan path] C:\WINDOWS\System32\DRIVERS\AmdK8.sys [Scan path] C:\WINDOWS\System32\DRIVERS\arp1394.sys [Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys [Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys [Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys [Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys [Scan path] C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [Scan path] C:\WINDOWS\SYSTEM32\drivers\avgntmgr.sys [Scan path] C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys [Scan path] C:\WINDOWS\system32\cisvc.exe [Scan path] C:\WINDOWS\system32\clipsrv.exe [Scan path] c:\windows\system32\dllhost.exe [Scan path] C:\WINDOWS\System32\drivers\ctac32k.sys [Scan path] C:\WINDOWS\System32\drivers\ctprxy2k.sys [Scan path] C:\WINDOWS\System32\drivers\ctsfm2k.sys [Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys [Scan path] c:\windows\system32\dmadmin.exe [Scan path] C:\WINDOWS\System32\drivers\dmboot.sys [Scan path] C:\WINDOWS\System32\drivers\dmio.sys [Scan path] C:\WINDOWS\System32\drivers\dmload.sys [Scan path] C:\WINDOWS\system32\drivers\DMusic.sys [Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys [Scan path] C:\WINDOWS\System32\Drivers\dtscsi.sys C:\WINDOWS\System32\Drivers\dtscsi.sys - read error [Scan path] C:\WINDOWS\system32\drivers\e10kx2k.sys [Scan path] C:\WINDOWS\System32\drivers\emupia2k.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ENTECH.sys [Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys [Scan path] C:\WINDOWS\System32\DRIVERS\FLASHSYS.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys [Scan path] C:\WINDOWS\System32\DRIVERS\gameenum.sys [Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys [Scan path] C:\WINDOWS\System32\DRIVERS\hidusb.sys [Scan path] C:\WINDOWS\System32\DRIVERS\i8042prt.sys [Scan path] C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys [Scan path] C:\WINDOWS\System32\imapi.exe [Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys [Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys [Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys [Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys [Scan path] C:\WINDOWS\system32\drivers\kmixer.sys [Scan path] C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [Scan path] C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [Scan path] C:\WINDOWS\System32\DRIVERS\LMouKE.Sys [Scan path] C:\WINDOWS\System32\mnmsrvc.exe [Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys [Scan path] C:\WINDOWS\System32\DRIVERS\mouhid.sys [Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys [Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [Scan path] C:\WINDOWS\System32\msdtc.exe [Scan path] c:\windows\system32\msiexec.exe [Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys [Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys [Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys [Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys [Scan path] C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [Scan path] C:\WINDOWS\System32\DRIVERS\NdisIP.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys [Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys [Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys [Scan path] C:\WINDOWS\system32\netdde.exe [Scan path] C:\WINDOWS\System32\DRIVERS\nic1394.sys [Scan path] C:\WINDOWS\system32\drivers\nmwcdc.sys [Scan path] C:\WINDOWS\system32\drivers\nmwcdcm.sys [Scan path] C:\WINDOWS\system32\drivers\nmwcd.sys [Scan path] D:\Spiele\Pristontale\npkcrypt.sys [Scan path] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [Scan path] C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [Scan path] C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ohci1394.sys [Scan path] C:\WINDOWS\system32\drivers\ctoss2k.sys [Scan path] C:\WINDOWS\System32\DRIVERS\P0630Vid.sys [Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys [Scan path] C:\WINDOWS\System32\PCANDIS5.SYS [Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys [Scan path] C:\WINDOWS\System32\DRIVERS\pciide.sys [Scan path] C:\WINDOWS\System32\PfModNT.sys [Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys [Scan path] C:\WINDOWS\System32\DRIVERS\processr.sys [Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys [Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys [Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys [Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys [Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys [Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys [Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys [Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [Scan path] C:\WINDOWS\System32\DRIVERS\rdpdr.sys [Scan path] C:\WINDOWS\system32\sessmgr.exe [Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys [Scan path] C:\WINDOWS\System32\locator.exe [Scan path] C:\WINDOWS\System32\rsvp.exe [Scan path] C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [Scan path] C:\Programme\MSI\Core Center\RushTop.sys [Scan path] C:\WINDOWS\System32\SCardSvr.exe [Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys [Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys [Scan path] C:\WINDOWS\System32\DRIVERS\Seri*hier nicht!*.sys [Scan path] C:\WINDOWS\System32\drivers\sfdrv01.sys [Scan path] C:\WINDOWS\System32\drivers\sfhlp02.sys [Scan path] C:\WINDOWS\System32\drivers\sfsync02.sys [Scan path] C:\WINDOWS\System32\drivers\sfsync04.sys [Scan path] C:\WINDOWS\System32\drivers\sfvfs02.sys [Scan path] C:\WINDOWS\System32\DRIVERS\SLIP.sys [Scan path] C:\WINDOWS\system32\drivers\splitter.sys [Scan path] C:\WINDOWS\System32\Drivers\sptd.sys C:\WINDOWS\System32\Drivers\sptd.sys - read error [Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys [Scan path] C:\WINDOWS\System32\ZoneLabs\srescan.sys [Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys [Scan path] C:\WINDOWS\System32\DRIVERS\StreamIP.sys [Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys [Scan path] C:\WINDOWS\system32\drivers\swmidi.sys [Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys [Scan path] C:\WINDOWS\system32\smlogsvc.exe [Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys [Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys [Scan path] C:\WINDOWS\System32\tlntsvr.exe [Scan path] C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe [Scan path] C:\WINDOWS\System32\DRIVERS\update.sys [Scan path] C:\WINDOWS\System32\ups.exe [Scan path] C:\WINDOWS\System32\DRIVERS\usbehci.sys [Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys [Scan path] C:\WINDOWS\System32\DRIVERS\usbohci.sys [Scan path] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [Scan path] C:\WINDOWS\System32\DRIVERS\v800bus.sys [Scan path] C:\WINDOWS\System32\DRIVERS\v800mdfl.sys [Scan path] C:\WINDOWS\System32\DRIVERS\v800mdm.sys [Scan path] C:\WINDOWS\System32\DRIVERS\v800mgmt.sys [Scan path] C:\WINDOWS\System32\DRIVERS\v800obex.sys [Scan path] C:\WINDOWS\System32\drivers\vga.sys [Scan path] C:\WINDOWS\System32\vsdatant.sys [Scan path] c:\windows\system32\zonelabs\vsmon.exe [Scan path] C:\WINDOWS\System32\vssvc.exe [Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys [Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys [Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe [Scan path] C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [Scan path] C:\WINDOWS\System32\DRIVERS\xnacc.sys [Scan path] C:\WINDOWS\System32\ntsd.exe ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 277 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 5105 Kb/s Scan time: 00:00:15 ----------------------------------------------------------------------------- [Prüfpfad] C:\ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat - Lesefehler C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat - Lesefehler C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT - Lesefehler C:\Dokumente und Einstellungen\LocalService\NTUSER~1.LOG - Lesefehler C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\Dokumente und Einstellungen\Malaka\NTUSER.DAT - Lesefehler C:\Dokumente und Einstellungen\Malaka\NTUSER~1.LOG - Lesefehler C:\Dokumente und Einstellungen\Malaka\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\Dokumente und Einstellungen\Malaka\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT - Lesefehler C:\Dokumente und Einstellungen\NetworkService\NTUSER~1.LOG - Lesefehler C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\WINDOWS\system32\config\default - Lesefehler C:\WINDOWS\system32\config\default.LOG - Lesefehler C:\WINDOWS\system32\config\SAM - Lesefehler C:\WINDOWS\system32\config\SAM.LOG - Lesefehler C:\WINDOWS\system32\config\SECURITY - Lesefehler C:\WINDOWS\system32\config\SECURITY.LOG - Lesefehler C:\WINDOWS\system32\config\software - Lesefehler C:\WINDOWS\system32\config\software.LOG - Lesefehler C:\WINDOWS\system32\config\system - Lesefehler C:\WINDOWS\system32\config\system.LOG - Lesefehler C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\WINDOWS\system32\drivers\dtscsi.sys - Lesefehler C:\WINDOWS\system32\drivers\sptd.sys - Lesefehler C:\WINDOWS\system32\drivers\sptd1485.sys - Lesefehler ----------------------------------------------------------------------------- Prüfstatistiken ----------------------------------------------------------------------------- Geprüfte Objekte: 94258 Infizierte Objekte gefunden: 0 Objekte mit Modifikation gefunden: 0 Verdächtige Objekte gefunden: 0 Adware-Programm gefunden: 0 Dialer-Programm gefunden: 0 Scherz-Programm gefunden: 0 Riskware programm gefunden: 0 Hacktool-Programm gefunden: 0 Desinfizierte Objekte: 0 Gelöschte Objekte: 0 Umbenannte Objekte: 0 Verschobene Objekte: 0 Ignorierte Objekte: 0 Leistung:: 1433 Kb/s Dauer:: 00:31:17 ----------------------------------------------------------------------------- ============================================================================= Gesamte Sitzungsstatistik ============================================================================= Geprüfte Objekte: 94535 Infizierte Objekte gefunden: 0 Objekte mit Modifikation gefunden: 0 Verdächtige Objekte gefunden: 0 Adware-Programm gefunden: 0 Dialer-Programm gefunden: 0 Scherz-Programm gefunden: 0 Riskware programm gefunden: 0 Hacktool-Programm gefunden: 0 Desinfizierte Objekte: 0 Gelöschte Objekte: 0 Umbenannte Objekte: 0 Verschobene Objekte: 0 Ignorierte Objekte: 0 Leistung:: 1462 Kb/s Dauer:: 00:31:32 ============================================================================= so das wars dann auch erstmal. Ich hoffe es ist alles richtig gelaufen ! |
|
|
||
10.09.2006, 16:48
Ehrenmitglied
Beiträge: 29434 |
||
|
||
10.09.2006, 20:05
Member
Themenstarter Beiträge: 22 |
#15
Logfile of HijackThis v1.99.1
Scan saved at 20:12, on 06-09-10 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\System32\rundll32.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Microsoft IntelliType Pro\itype.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\RunDLL32.exe C:\Programme\Creative\ShareDLL\MediaDet.Exe D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\ArcorDSL\ArcorDSL.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\mtcls32.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\Opera\Opera.exe C:\Dokumente und Einstellungen\Malaka\Desktop\hjt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Arcor O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de O15 - Trusted Zone: http://locator.cdn.imageservr.com O15 - Trusted Zone: http://scanner.sysprotect.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O17 - HKLM\System\CCS\Services\Tcpip\..\{592C9E7E-8041-4F1A-BF33-D9DE7AB1FB56}: NameServer = 195.50.140.250 195.50.140.114 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: DcomHelper Service (DcomHelper) - Creative Technology Ltd - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: mtc l32 (mtcl32) - Unknown owner - C:\WINDOWS\mtcls32.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
||
AntiVir meldet immer nach starten des Computers dass er einen Trojaner Namens TR/Vundo.Gen in der Datei ssqpp.dll findet. Das kann er auch nicht löschen und mit Vundofix gehts auch nicht. Brauche dringend Hilfe. Das verlangsamt meinen PC um die hälfte und der PC stürzt am Tag ca. 20 mal ab, weil das Desktop immer "einfriert". Ich habe auch die entsprechenden Logs gemacht.
Logs:
________________________hjt___________________________________
Logfile of HijackThis v1.99.1
Scan saved at 00:10:58, on 08.09.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sw24.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Creative\ShareDLL\CtNotify.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Creative\ShareDLL\MediaDet.Exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Malaka\Desktop\hjt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Arcor
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O1 - Hosts: 65.19.154.99 www.halifax-online.co.uk
O1 - Hosts: 65.19.154.99 ibank.barclays.co.uk
O1 - Hosts: 65.19.154.99 online.lloydstsb.co.uk
O1 - Hosts: 65.19.154.99 online-business.lloydstsb.co.uk
O1 - Hosts: 65.19.154.99 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 65.19.154.99 banesnet.banesto.es
O1 - Hosts: 65.19.154.99 extranet.banesto.es
O1 - Hosts: 65.19.154.99 ebanking.bccbrescia.it
O1 - Hosts: 65.19.154.99 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 65.19.154.99 oi.cajamadrid.es
O1 - Hosts: 65.19.154.99 bancae.caixapenedes.com
O1 - Hosts: 65.19.154.99 banking.postbank.de
O1 - Hosts: 65.19.154.99 meine.deutsche-bank.de
O1 - Hosts: 65.19.154.99 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 65.19.154.99 ibank.cahoot.com
O1 - Hosts: 65.19.154.99 webbank.openplan.co.uk
O1 - Hosts: 65.19.154.99 bancopostaonline.poste.it
O1 - Hosts: 65.19.154.99 mybank.bybank.it
O1 - Hosts: 65.19.154.99 ibank.internationalbanking.barclays.com
O1 - Hosts: 65.19.154.99 welcome7.co-operativebank.co.uk
O1 - Hosts: 65.19.154.99 welcome11.co-operativebankonline.co.uk
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\ssqpp.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\ddcca.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BearShare] "D:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sys_up1] C:\Programme\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [BaitOnce] C:\DOKUME~1\Malaka\ANWEND~1\LOUD2J~1\Barb Eggs.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &MyToolBar Search - res://C:\Programme\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{592C9E7E-8041-4F1A-BF33-D9DE7AB1FB56}: NameServer = 195.50.140.250 195.50.140.114
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\SYSTEM32\ddcca.dll
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\System32\ssqpp.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\srimeng.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\azam0171e.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGFwcGFz\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DcomHelper Service (DcomHelper) - Creative Technology Ltd - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
__________________________ComboFix________________________________
Malaka - 06-09-08 1:38:00.00
ComboFix 06.09.07 - Running from: C:\Dokumente und Einstellungen\Malaka\Desktop
Microsoft Windows XP [Version 5.1.2600]
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{2E6348B0-F872-4789-982A-57EE22DD9D65}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2E6348B0-F872-4789-982A-57EE22DD9D65}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2E6348B0-F872-4789-982A-57EE22DD9D65}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2E6348B0-F872-4789-982A-57EE22DD9D65}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjw3prt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{BC9BF78B-4F04-48E1-8095-DB181C1791BD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BC9BF78B-4F04-48E1-8095-DB181C1791BD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BC9BF78B-4F04-48E1-8095-DB181C1791BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BC9BF78B-4F04-48E1-8095-DB181C1791BD}\InprocServer32]
@="C:\\WINDOWS\\system32\\uerdpa.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{0B9B9DD2-072C-4833-9E2E-5D19FFDFE516}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0B9B9DD2-072C-4833-9E2E-5D19FFDFE516}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0B9B9DD2-072C-4833-9E2E-5D19FFDFE516}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0B9B9DD2-072C-4833-9E2E-5D19FFDFE516}\InprocServer32]
@="C:\\WINDOWS\\system32\\wuhcon.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{ED2E019C-5CEE-42EA-AD6D-0865E066206F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ED2E019C-5CEE-42EA-AD6D-0865E066206F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ED2E019C-5CEE-42EA-AD6D-0865E066206F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ED2E019C-5CEE-42EA-AD6D-0865E066206F}\InprocServer32]
@="C:\\WINDOWS\\system32\\uaer32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{0593AE4C-6231-4A6D-86CD-6BED42680A27}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0593AE4C-6231-4A6D-86CD-6BED42680A27}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0593AE4C-6231-4A6D-86CD-6BED42680A27}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0593AE4C-6231-4A6D-86CD-6BED42680A27}\InprocServer32]
@="C:\\WINDOWS\\system32\\nwlanui2.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{791E85DE-5D85-406F-B1EE-C31899CFC7EF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{791E85DE-5D85-406F-B1EE-C31899CFC7EF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{791E85DE-5D85-406F-B1EE-C31899CFC7EF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{791E85DE-5D85-406F-B1EE-C31899CFC7EF}\InprocServer32]
@="C:\\WINDOWS\\system32\\xpnroll.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{7488E97B-0CDC-481F-9C39-249A78CAE93D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7488E97B-0CDC-481F-9C39-249A78CAE93D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7488E97B-0CDC-481F-9C39-249A78CAE93D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7488E97B-0CDC-481F-9C39-249A78CAE93D}\InprocServer32]
@="C:\\WINDOWS\\system32\\dywsock.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{73B604C5-16E7-45C7-AE19-112B6009F456}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{73B604C5-16E7-45C7-AE19-112B6009F456}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{73B604C5-16E7-45C7-AE19-112B6009F456}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{73B604C5-16E7-45C7-AE19-112B6009F456}\InprocServer32]
@="C:\\WINDOWS\\system32\\nlwrsda.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{98C4348D-8FBC-4F9F-AD42-FD6BB4FC19ED}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{98C4348D-8FBC-4F9F-AD42-FD6BB4FC19ED}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{98C4348D-8FBC-4F9F-AD42-FD6BB4FC19ED}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{98C4348D-8FBC-4F9F-AD42-FD6BB4FC19ED}\InprocServer32]
@="C:\\WINDOWS\\system32\\LhgitCheckControl.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{C46A39E2-B3A2-4D46-B02B-1F8A3CAF624B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C46A39E2-B3A2-4D46-B02B-1F8A3CAF624B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C46A39E2-B3A2-4D46-B02B-1F8A3CAF624B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C46A39E2-B3A2-4D46-B02B-1F8A3CAF624B}\InprocServer32]
@="C:\\WINDOWS\\system32\\nlrsit.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{9A192FCB-5C70-464D-B9F3-D5E06A4200FB}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9A192FCB-5C70-464D-B9F3-D5E06A4200FB}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9A192FCB-5C70-464D-B9F3-D5E06A4200FB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9A192FCB-5C70-464D-B9F3-D5E06A4200FB}\InprocServer32]
@="C:\\WINDOWS\\system32\\ogbcp32r.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{FE72FDC1-0CB7-41CA-AC2B-B69AF8819D82}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FE72FDC1-0CB7-41CA-AC2B-B69AF8819D82}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FE72FDC1-0CB7-41CA-AC2B-B69AF8819D82}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FE72FDC1-0CB7-41CA-AC2B-B69AF8819D82}\InprocServer32]
@="C:\\WINDOWS\\system32\\CEMedEng.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{8C857193-9B69-4432-BEC7-885E0927D5D7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8C857193-9B69-4432-BEC7-885E0927D5D7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8C857193-9B69-4432-BEC7-885E0927D5D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8C857193-9B69-4432-BEC7-885E0927D5D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\iBsrad.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{56E9602B-BD4E-4CD3-84DB-064E7329AC44}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{56E9602B-BD4E-4CD3-84DB-064E7329AC44}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{56E9602B-BD4E-4CD3-84DB-064E7329AC44}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{56E9602B-BD4E-4CD3-84DB-064E7329AC44}\InprocServer32]
@="C:\\WINDOWS\\system32\\ukrsdpia.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{CB4304C9-42E2-4B1B-AB61-43062AC5FFB5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB4304C9-42E2-4B1B-AB61-43062AC5FFB5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB4304C9-42E2-4B1B-AB61-43062AC5FFB5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB4304C9-42E2-4B1B-AB61-43062AC5FFB5}\InprocServer32]
@="C:\\WINDOWS\\system32\\dnvenum.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{CB96F0CC-0273-4D8E-AAC4-930E47EBB6B6}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB96F0CC-0273-4D8E-AAC4-930E47EBB6B6}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB96F0CC-0273-4D8E-AAC4-930E47EBB6B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB96F0CC-0273-4D8E-AAC4-930E47EBB6B6}\InprocServer32]
@="C:\\WINDOWS\\system32\\oktext32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{EE0D4AAB-2AB9-4F52-83E1-A5535A5F23FB}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EE0D4AAB-2AB9-4F52-83E1-A5535A5F23FB}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EE0D4AAB-2AB9-4F52-83E1-A5535A5F23FB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EE0D4AAB-2AB9-4F52-83E1-A5535A5F23FB}\InprocServer32]
@="C:\\WINDOWS\\system32\\ijitpki.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{42E33826-8E83-462F-92BA-98399AFD64FF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42E33826-8E83-462F-92BA-98399AFD64FF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42E33826-8E83-462F-92BA-98399AFD64FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{42E33826-8E83-462F-92BA-98399AFD64FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\czyptsvc.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{CD0AFCF1-2C37-4601-BDCA-DC2276AA4C86}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CD0AFCF1-2C37-4601-BDCA-DC2276AA4C86}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CD0AFCF1-2C37-4601-BDCA-DC2276AA4C86}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CD0AFCF1-2C37-4601-BDCA-DC2276AA4C86}\InprocServer32]
@="C:\\WINDOWS\\system32\\mrvcp50.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{30F8FE4B-3C0F-4562-B32E-712FE9A9121C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{30F8FE4B-3C0F-4562-B32E-712FE9A9121C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{30F8FE4B-3C0F-4562-B32E-712FE9A9121C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{30F8FE4B-3C0F-4562-B32E-712FE9A9121C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{ED9B72CA-4314-441C-8D6F-5BDCDB28E2FD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ED9B72CA-4314-441C-8D6F-5BDCDB28E2FD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ED9B72CA-4314-441C-8D6F-5BDCDB28E2FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ED9B72CA-4314-441C-8D6F-5BDCDB28E2FD}\InprocServer32]
@="C:\\WINDOWS\\system32\\nftui1.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{9F948C67-808B-4BBD-A38E-8447F3DD3E51}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9F948C67-808B-4BBD-A38E-8447F3DD3E51}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9F948C67-808B-4BBD-A38E-8447F3DD3E51}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9F948C67-808B-4BBD-A38E-8447F3DD3E51}\InprocServer32]
@="C:\\WINDOWS\\system32\\osesvr32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{3BCEE8B3-8D77-4CA0-9ED6-9545CB8A6E4B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3BCEE8B3-8D77-4CA0-9ED6-9545CB8A6E4B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3BCEE8B3-8D77-4CA0-9ED6-9545CB8A6E4B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3BCEE8B3-8D77-4CA0-9ED6-9545CB8A6E4B}\InprocServer32]
@="C:\\WINDOWS\\system32\\cumpobj.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{D2D72F4D-2A47-4459-8739-D1FAA4498971}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D2D72F4D-2A47-4459-8739-D1FAA4498971}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D2D72F4D-2A47-4459-8739-D1FAA4498971}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D2D72F4D-2A47-4459-8739-D1FAA4498971}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{842F247D-E294-4648-9522-5D72F2ABF5B2}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{842F247D-E294-4648-9522-5D72F2ABF5B2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{842F247D-E294-4648-9522-5D72F2ABF5B2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{842F247D-E294-4648-9522-5D72F2ABF5B2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rGsapi32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{63A7441E-0A94-4464-8EC1-E34461599592}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{63A7441E-0A94-4464-8EC1-E34461599592}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{63A7441E-0A94-4464-8EC1-E34461599592}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{63A7441E-0A94-4464-8EC1-E34461599592}\InprocServer32]
@="C:\\WINDOWS\\system32\\cnmsnap.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{5655F422-AF5D-496C-87DB-8A40403D2D6F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5655F422-AF5D-496C-87DB-8A40403D2D6F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5655F422-AF5D-496C-87DB-8A40403D2D6F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5655F422-AF5D-496C-87DB-8A40403D2D6F}\InprocServer32]
@="C:\\WINDOWS\\system32\\fusrch.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{5B4A10B0-6751-409C-B58B-410F553FCB38}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5B4A10B0-6751-409C-B58B-410F553FCB38}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5B4A10B0-6751-409C-B58B-410F553FCB38}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5B4A10B0-6751-409C-B58B-410F553FCB38}\InprocServer32]
@="C:\\WINDOWS\\system32\\mavcp50.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{88FA59E9-ED10-4E86-A185-8DBC4B034A2B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{88FA59E9-ED10-4E86-A185-8DBC4B034A2B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{88FA59E9-ED10-4E86-A185-8DBC4B034A2B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{88FA59E9-ED10-4E86-A185-8DBC4B034A2B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{F3E29267-E9D5-4CDE-8B61-8D204E5DAD93}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{F3E29267-E9D5-4CDE-8B61-8D204E5DAD93}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F3E29267-E9D5-4CDE-8B61-8D204E5DAD93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F3E29267-E9D5-4CDE-8B61-8D204E5DAD93}\InprocServer32]
@="C:\\WINDOWS\\system32\\masip32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{4F64887B-6E98-4D84-8F5C-2B87078DE0FC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4F64887B-6E98-4D84-8F5C-2B87078DE0FC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4F64887B-6E98-4D84-8F5C-2B87078DE0FC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4F64887B-6E98-4D84-8F5C-2B87078DE0FC}\InprocServer32]
@="C:\\WINDOWS\\system32\\sadpapi.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{B518326B-CE01-4419-953A-25F6403DEDE5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B518326B-CE01-4419-953A-25F6403DEDE5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B518326B-CE01-4419-953A-25F6403DEDE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B518326B-CE01-4419-953A-25F6403DEDE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\iLssdo.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\f0j20a1oed.dll
C:\WINDOWS\system32\mgtext40.dll
C:\WINDOWS\system32\mpisam11.dll
C:\WINDOWS\system32\MWSCP.dll
C:\WINDOWS\system32\sacur32.dll
C:\WINDOWS\system32\sicsccp.dll
C:\WINDOWS\system32\smftpub.dll
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Sskdmns.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\msiexec.dll
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon
C:\Programme\Gemeinsame Dateien\inetget
C:\Programme\Deskbar
C:\Programme\Inetget2
C:\Programme\Gemeinsame Dateien\{981D0EB5-07DA-1031-0909-050610050031}
C:\Programme\Gemeinsame Dateien\inetget
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Dokumente und Einstellungen\Malaka\Anwendungsdaten\SMBOLS~1
C:\QooBox\Purity\Dokumente und Einstellungen\Malaka\Anwendungsdaten\SMBOLS~1\c?rss.exe
C:\QooBox\Purity\WINDOWS\YSTEM3~1
C:\QooBox\Purity\WINDOWS\YSTEM3~1\YSTEM3~1
((((((((((((((((((((((((((((((( Files Created from 2006-08-08 to 2006-09-08 ))))))))))))))))))))))))))))))))))
2006-09-08 00:07 218,112 --a------ C:\t.exe
2006-08-30 17:09 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe
2006-08-30 17:09 49,152 -ra------ C:\WINDOWS\system32\P0630Hwx.dll
2006-08-30 17:09 36,864 -ra------ C:\WINDOWS\system32\P0630Pin.dll
2006-08-30 17:09 36,864 -ra------ C:\WINDOWS\system32\CtCamMgr.dll
2006-08-30 17:09 32,768 -ra------ C:\WINDOWS\system32\P0630Sti.dll
2006-08-30 17:09 20,480 -ra------ C:\WINDOWS\system32\P0630Srv.exe
2006-08-30 17:09 20,480 -ra------ C:\WINDOWS\P0630Cfg.exe
2006-08-30 17:09 126,976 -ra------ C:\WINDOWS\system32\P0630Vfw.dll
2006-08-30 16:55 24,576 -ra------ C:\WINDOWS\system32\P0630Aor.dll
2006-08-30 16:52 24,576 --------- C:\WINDOWS\system32\CTWEBFUN.DLL
2006-08-30 01:08 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
2006-08-28 22:16 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-08-20 22:23 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-08-19 22:30 61,952 --a------ C:\WINDOWS\system32\den3cfc8.dll
2006-08-19 22:30 1,167 --a------ C:\WINDOWS\system32\den3cfc8.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-08 01:41 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-08 01:15 1193067 ---hs---- C:\WINDOWS\system32\ppqss.bak2
2006-09-07 23:18 -------- d-------- C:\Programme\MSN Messenger
2006-09-07 23:15 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-07 01:13 1187730 ---hs---- C:\WINDOWS\system32\ppqss.bak1
2006-09-04 23:28 -------- d-------- C:\Programme\Opera
2006-09-02 01:26 1143689 ---hs---- C:\WINDOWS\system32\ppqss.ini2
2006-08-30 17:05 -------- d-------- C:\Programme\Creative
2006-08-30 16:59 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Creative
2006-08-30 16:54 -------- d-------- C:\Programme\SightSpeed
2006-08-24 14:47 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\teamspeak2
2006-08-23 23:38 42920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2006-08-22 11:27 -------- d-------- C:\Programme\Save
2006-08-20 22:32 -------- d-------- C:\Programme\Gemeinsame Dateien\wwqw
2006-08-20 22:23 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-08-20 17:05 -------- d-------- C:\Programme\MyGlobalSearch
2006-08-19 22:30 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\InstallShield
2006-08-18 16:14 -------- d-------- C:\Programme\MessengerPlus! 3
2006-08-18 16:07 -------- d-------- C:\Programme\Loud2Junk
2006-08-18 16:07 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Loud2Junk
2006-08-18 16:07 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\BLAH COAL
2006-08-18 16:05 -------- d-------- C:\Programme\Adverts
2006-08-17 22:57 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Azureus
2006-07-10 00:51 -------- d-------- C:\Programme\thriXXX
2006-06-26 11:46 602 --a------ C:\Programme\INSTALL.LOG
2006-06-26 01:16 2 --a------ C:\WINDOWS\system32\wintcc.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\\WINDOWS\\System32\\sw20.exe"
"SW24"="C:\\WINDOWS\\System32\\sw24.exe"
"Disc Detector"="C:\\Programme\\Creative\\ShareDLL\\CtNotify.exe"
"CTStartup"="C:\\Programme\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"itype"="\"C:\\Programme\\Microsoft IntelliType Pro\\itype.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"MessengerPlus3"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"BearShare"="\"D:\\Programme\\BearShare\\BearShare.exe\" /pause"
"Zone Labs Client"="\"D:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"BaitOnce"="C:\\DOKUME~1\\Malaka\\ANWEND~1\\LOUD2J~1\\Barb Eggs.exe"
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\CTStartup]
"CTStartup"="\"C:\\Programme\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5f,00,00,00
@=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"wwqw"="C:\\PROGRA~1\\GEMEIN~1\\wwqw\\wwqwm.exe"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"wwqw"="C:\\PROGRA~1\\GEMEIN~1\\wwqw\\wwqwm.exe"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^CoreCenter.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\CoreCenter.lnk"
"backup"="C:\\WINDOWS\\pss\\CoreCenter.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\CORECE~1\\CORECE~1.EXE "
"item"="CoreCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^DigiCell.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\DigiCell.lnk"
"backup"="C:\\WINDOWS\\pss\\DigiCell.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\DigiCell\\DigiCell.exe "
"item"="DigiCell"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech SetPoint.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Logitech SetPoint.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SetPoint\\KEM.exe "
"item"="Logitech SetPoint"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="points manager"
"hkey"="HKLM"
"command"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BaitOnce]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Barb Eggs"
"hkey"="HKCU"
"command"="C:\\DOKUME~1\\Malaka\\ANWEND~1\\LOUD2J~1\\Barb Eggs.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"D:\\Programme\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Creative WebCam Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CamTray"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Creative\\Shared Files\\CamTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_12"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_12.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\den3cfc8]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w0071cfb.dll,n 0033cfc50000000a0071cfb"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\For Peak About Nurb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Cash Type"
"hkey"="HKLM"
"command"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\CdromHeckForPeak\\Cash Type.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Programme\\ipwins\\ipwins.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Jet Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADGJDet"
"hkey"="HKLM"
"command"="C:\\Programme\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="D:\\Programme\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_12"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_12.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LiveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LMonitor"
"hkey"="HKLM"
"command"="C:\\Programme\\MSI\\Live Update 3\\LMonitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSNS PLUS XP2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winpad"
"hkey"="HKLM"
"command"="winpad.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_11"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_11.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Programme\\outlook\\outlook.exe /auto"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Rsrm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dvdplay"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\YSTEM3~1\\dvdplay.exe\" -vt yazr"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SemanticInsight]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SemanticInsight"
"hkey"="HKLM"
"command"="C:\\Programme\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tt38"
"hkey"="HKLM"
"command"="C:\\tt38.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"D:\\Spiele\\Steam\\Steam.exe\" -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tbon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tbon"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\TBONBin\\tbon.exe /r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TClock.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tclock_install"
"hkey"="HKCU"
"command"="C:\\Programme\\TClock\\tclock_install.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Tqtc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="c?rss"
"hkey"="HKCU"
"command"="C:\\Dokumente und Einstellungen\\Malaka\\Anwendungsdaten\\s?mbols\\c?rss.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Save\\Save.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows ASN Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hxw"
"hkey"="HKLM"
"command"="hxw.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winsysban]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winsysban3"
"hkey"="HKLM"
"command"="C:\\windows\\winsysban3.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wwqw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wwqwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\GEMEIN~1\\wwqw\\wwqwm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"D:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AFC4F1BC91CB62E4.job
Completion time: 06-09-08 1:43:23.01
ComboFix.txt
_______________________datfindbat_________________________________
Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Volumeseriennummer: 981D-0EB5
Verzeichnis von C:\WINDOWS\system32
06-09-08 02:10 1,193,512 ppqss.ini
06-09-08 01:57 54,107 vsconfig.xml
06-09-08 01:56 63,062 nvapps.xml
06-09-08 01:42 28,056 BMXBkpCtrlState-{00000000-00000000-00000006-00001102-00000004-00531102}.rfx
06-09-08 01:42 28,056 BMXCtrlState-{00000000-00000000-00000006-00001102-00000004-00531102}.rfx
06-09-08 01:42 24 DVCStateBkp-{00000000-00000000-00000006-00001102-00000004-00531102}.dat
06-09-08 01:42 24 DVCState-{00000000-00000000-00000006-00001102-00000004-00531102}.dat
06-09-08 01:42 1,072 settings.sfm
06-09-08 01:42 1,072 settingsbkup.sfm
06-09-08 01:42 20,160 BMXStateBkp-{00000000-00000000-00000006-00001102-00000004-00531102}.rfx
06-09-08 01:42 20,160 BMXState-{00000000-00000000-00000006-00001102-00000004-00531102}.rfx
06-09-08 01:15 1,193,067 ppqss.bak2
06-09-07 22:37 4,212 zllictbl.dat
06-09-07 01:13 1,187,730 ppqss.bak1
06-09-05 02:13 6,516 BMXCtrlState-{00000000-00000000-00000006-00001102-00000004-00401102}.rfx
06-09-05 02:13 10,432 BMXState-{00000000-00000000-00000006-00001102-00000004-00401102}.rfx
06-09-05 02:13 6,516 BMXBkpCtrlState-{00000000-00000000-00000006-00001102-00000004-00401102}.rfx
06-09-05 02:13 10,432 BMXStateBkp-{00000000-00000000-00000006-00001102-00000004-00401102}.rfx
06-09-02 01:26 1,143,689 ppqss.ini2
06-08-24 13:00 2,206 wpa.dbl
06-08-23 23:38 42,920 vsutil_loc0407.dll
06-08-23 23:38 392,824 vsdatant.sys
06-08-23 23:38 83,960 zlcomm.dll
06-08-23 23:38 71,672 zlcommdb.dll
06-08-23 23:38 59,384 vswmi.dll
06-08-23 23:38 100,344 vsxml.dll
06-08-23 23:38 440,312 vsutil.dll
06-08-23 23:38 268,280 vspubapi.dll
06-08-23 23:38 71,672 vsregexp.dll
06-08-23 23:38 104,440 vsmonapi.dll
06-08-23 23:38 157,688 vsinit.dll
06-08-23 23:37 83,960 vsdata.dll
06-08-20 22:16 1,167 den3cfc8.sys
06-08-19 22:30 61,952 den3cfc8.dll
06-06-26 01:16 2 wintcc.exe
06-06-20 23:32 796,584 libeay32_0.9.6l.dll
06-06-11 22:10 143 mcrh.tmp
06-06-06 16:51 139,264 rsm.dll
06-06-02 11:04 57,384 avsda.dll
06-06-01 19:09 208,896 NVUNINST.EXE
06-06-01 19:09 208,896 nvudisp.exe
06-06-01 19:09 208,896 nvunrm.exe
06-06-01 17:22 73,728 nvtuicpl.cpl
06-06-01 17:22 155,715 nvsvc32.exe
06-06-01 17:22 2,924,544 nvvitvs.dll
06-06-01 17:22 2,977,792 nvvitvsr.dll
06-06-01 17:22 81,920 nvwddi.dll
06-06-01 17:22 1,662,976 nvwdmcpl.dll
06-06-01 17:22 1,019,904 nvwimg.dll
06-06-01 17:22 282,624 nvwrsar.dll
06-06-01 17:22 266,240 nvrsptb.dll
06-06-01 17:22 286,720 nvwrscs.dll
06-06-01 17:22 425,984 keystone.exe
06-06-01 17:22 311,296 nvwrsde.dll
06-06-01 17:22 335,872 nvwrsel.dll
06-06-01 17:22 286,720 nvwrseng.dll
06-06-01 17:22 335,872 nvwrses.dll
06-06-01 17:22 327,680 nvwrsesm.dll
06-06-01 17:22 303,104 nvwrsfi.dll
06-06-01 17:22 327,680 nvwrsfr.dll
06-06-01 17:22 258,048 nvrspl.dll
06-06-01 17:22 253,952 nvrsno.dll
06-06-01 17:22 274,432 nvrsnl.dll
Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Volumeseriennummer: 981D-0EB5
Verzeichnis von C:\DOKUME~1\Malaka\LOKALE~1\Temp
06-09-08 02:06 406 jusched.log
06-09-08 01:57 49,152 ~DF4D68.tmp
06-09-08 01:44 49,152 ~DF724C.tmp
06-09-01 11:16 247 1F1205F7.TMP
Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Volumeseriennummer: 981D-0EB5
Verzeichnis von C:\WINDOWS
06-09-08 01:44 0 0.log
06-09-08 01:44 157 wiadebug.log
06-09-08 01:44 50 wiaservc.log
06-09-08 01:43 2,048 bootstat.dat
06-09-08 01:22 32,552 SchedLgU.Txt
06-09-08 01:12 321,144 ntbtlog.txt
06-09-07 18:17 116 NeroDigital.ini
06-09-04 23:30 3,778,236 {00000000-00000000-00000006-00001102-00000004-00531102}.CDF
06-09-04 23:30 3,778,236 {00000000-00000000-00000006-00001102-00000004-00531102}.BAK
06-09-03 22:18 54,156 QTFont.qfn
06-09-02 22:13 2,476,791 discwriter.log
06-09-02 22:04 0 OrangeBurn.log
06-08-31 00:47 442,374 DirectX.log
06-08-31 00:46 105,755 setupapi.log
06-08-30 17:06 201 setup.log
06-08-30 17:06 189 setuplog
06-08-30 16:49 1,409 QTFont.for
06-08-30 12:27 227 system.ini
06-08-30 12:27 487 win.ini
06-08-29 22:43 1,174 OEWABLog.txt
06-08-28 18:26 24,778 Xbox_360_CC_Driver.log
06-08-28 18:20 17,930 comsetup.log
06-08-28 18:20 53,473 iis6.log
06-08-28 18:20 9,178 ntdtcsetup.log
06-08-28 18:20 13,014 tsoc.log
06-08-28 18:20 1,374 imsins.log
06-08-28 18:20 1,626 tabletoc.log
06-08-28 18:20 1,177 msgsocm.log
06-08-28 18:20 18,590 ocgen.log
06-08-28 18:20 3,560 netfxocm.log
06-08-28 18:20 1,277 ocmsn.log
06-08-28 18:20 17,721 FaxSetup.log
06-08-28 18:20 11,734 msmqinst.log
06-08-28 18:13 2,002,967 setupapi.log.0.old
06-08-28 12:32 103 CTRec.INI
06-08-25 23:56 63,424 wmsetup.log
06-08-22 00:00 0 1.dat
06-08-19 22:59 2,440 DIFx.log
06-07-17 21:00 178,884 setupact.log
06-07-11 00:13 0 nsreg.dat
Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Volumeseriennummer: 981D-0EB5
Verzeichnis von C:\
06-09-08 02:12 0 sys.txt
06-09-08 02:12 7,700 system.txt
06-09-08 02:12 439 systemtemp.txt
06-09-08 02:10 104,863 system32.txt
06-09-08 01:56 53 biosinfo
06-09-08 01:43 38,862 ComboFix.txt
06-09-08 01:43 1,207,959,552 pagefile.sys
06-09-08 00:41 184 VundoFix.txt
06-09-08 00:40 8,052 hijackthis.log
06-08-30 12:27 194 boot.ini
So das wars. Danke dir im voraus.
MfG
Theo