TR/Vundo.Gen in ssqpp.dll . Geht nicht weg!

#1 Hallo,

AntiVir meldet immer nach starten des Computers dass er einen Trojaner Namens TR/Vundo.Gen in der Datei ssqpp.dll findet. Das kann er auch nicht löschen und mit Vundofix gehts auch nicht. Brauche dringend Hilfe. Das verlangsamt meinen PC um die hälfte und der PC stürzt am Tag ca. 20 mal ab, weil das Desktop immer "einfriert". Ich habe auch die entsprechenden Logs gemacht.


Logs:


________________________hjt___________________________________


Logfile of HijackThis v1.99.1
Scan saved at 00:10:58, on 08.09.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sw24.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Creative\ShareDLL\CtNotify.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Creative\ShareDLL\MediaDet.Exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Malaka\Desktop\hjt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Arcor
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O1 - Hosts: 65.19.154.99 www.halifax-online.co.uk
O1 - Hosts: 65.19.154.99 ibank.barclays.co.uk
O1 - Hosts: 65.19.154.99 online.lloydstsb.co.uk
O1 - Hosts: 65.19.154.99 online-business.lloydstsb.co.uk
O1 - Hosts: 65.19.154.99 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 65.19.154.99 banesnet.banesto.es
O1 - Hosts: 65.19.154.99 extranet.banesto.es
O1 - Hosts: 65.19.154.99 ebanking.bccbrescia.it
O1 - Hosts: 65.19.154.99 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 65.19.154.99 oi.cajamadrid.es
O1 - Hosts: 65.19.154.99 bancae.caixapenedes.com
O1 - Hosts: 65.19.154.99 banking.postbank.de
O1 - Hosts: 65.19.154.99 meine.deutsche-bank.de
O1 - Hosts: 65.19.154.99 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 65.19.154.99 ibank.cahoot.com
O1 - Hosts: 65.19.154.99 webbank.openplan.co.uk
O1 - Hosts: 65.19.154.99 bancopostaonline.poste.it
O1 - Hosts: 65.19.154.99 mybank.bybank.it
O1 - Hosts: 65.19.154.99 ibank.internationalbanking.barclays.com
O1 - Hosts: 65.19.154.99 welcome7.co-operativebank.co.uk
O1 - Hosts: 65.19.154.99 welcome11.co-operativebankonline.co.uk
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\ssqpp.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\ddcca.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BearShare] "D:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sys_up1] C:\Programme\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [BaitOnce] C:\DOKUME~1\Malaka\ANWEND~1\LOUD2J~1\Barb Eggs.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &MyToolBar Search - res://C:\Programme\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{592C9E7E-8041-4F1A-BF33-D9DE7AB1FB56}: NameServer = 195.50.140.250 195.50.140.114
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\SYSTEM32\ddcca.dll
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\System32\ssqpp.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\srimeng.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\azam0171e.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGFwcGFz\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DcomHelper Service (DcomHelper) - Creative Technology Ltd - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



__________________________ComboFix________________________________

Malaka - 06-09-08 1:38:00.00
ComboFix 06.09.07 - Running from: C:\Dokumente und Einstellungen\Malaka\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{2E6348B0-F872-4789-982A-57EE22DD9D65}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E6348B0-F872-4789-982A-57EE22DD9D65}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E6348B0-F872-4789-982A-57EE22DD9D65}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E6348B0-F872-4789-982A-57EE22DD9D65}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjw3prt.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{BC9BF78B-4F04-48E1-8095-DB181C1791BD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC9BF78B-4F04-48E1-8095-DB181C1791BD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC9BF78B-4F04-48E1-8095-DB181C1791BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC9BF78B-4F04-48E1-8095-DB181C1791BD}\InprocServer32]
@="C:\\WINDOWS\\system32\\uerdpa.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0B9B9DD2-072C-4833-9E2E-5D19FFDFE516}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0B9B9DD2-072C-4833-9E2E-5D19FFDFE516}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0B9B9DD2-072C-4833-9E2E-5D19FFDFE516}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0B9B9DD2-072C-4833-9E2E-5D19FFDFE516}\InprocServer32]
@="C:\\WINDOWS\\system32\\wuhcon.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{ED2E019C-5CEE-42EA-AD6D-0865E066206F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED2E019C-5CEE-42EA-AD6D-0865E066206F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED2E019C-5CEE-42EA-AD6D-0865E066206F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED2E019C-5CEE-42EA-AD6D-0865E066206F}\InprocServer32]
@="C:\\WINDOWS\\system32\\uaer32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0593AE4C-6231-4A6D-86CD-6BED42680A27}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0593AE4C-6231-4A6D-86CD-6BED42680A27}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0593AE4C-6231-4A6D-86CD-6BED42680A27}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0593AE4C-6231-4A6D-86CD-6BED42680A27}\InprocServer32]
@="C:\\WINDOWS\\system32\\nwlanui2.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{791E85DE-5D85-406F-B1EE-C31899CFC7EF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{791E85DE-5D85-406F-B1EE-C31899CFC7EF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{791E85DE-5D85-406F-B1EE-C31899CFC7EF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{791E85DE-5D85-406F-B1EE-C31899CFC7EF}\InprocServer32]
@="C:\\WINDOWS\\system32\\xpnroll.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{7488E97B-0CDC-481F-9C39-249A78CAE93D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7488E97B-0CDC-481F-9C39-249A78CAE93D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7488E97B-0CDC-481F-9C39-249A78CAE93D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7488E97B-0CDC-481F-9C39-249A78CAE93D}\InprocServer32]
@="C:\\WINDOWS\\system32\\dywsock.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{73B604C5-16E7-45C7-AE19-112B6009F456}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73B604C5-16E7-45C7-AE19-112B6009F456}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73B604C5-16E7-45C7-AE19-112B6009F456}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73B604C5-16E7-45C7-AE19-112B6009F456}\InprocServer32]
@="C:\\WINDOWS\\system32\\nlwrsda.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{98C4348D-8FBC-4F9F-AD42-FD6BB4FC19ED}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{98C4348D-8FBC-4F9F-AD42-FD6BB4FC19ED}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{98C4348D-8FBC-4F9F-AD42-FD6BB4FC19ED}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{98C4348D-8FBC-4F9F-AD42-FD6BB4FC19ED}\InprocServer32]
@="C:\\WINDOWS\\system32\\LhgitCheckControl.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{C46A39E2-B3A2-4D46-B02B-1F8A3CAF624B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C46A39E2-B3A2-4D46-B02B-1F8A3CAF624B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C46A39E2-B3A2-4D46-B02B-1F8A3CAF624B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C46A39E2-B3A2-4D46-B02B-1F8A3CAF624B}\InprocServer32]
@="C:\\WINDOWS\\system32\\nlrsit.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{9A192FCB-5C70-464D-B9F3-D5E06A4200FB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9A192FCB-5C70-464D-B9F3-D5E06A4200FB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9A192FCB-5C70-464D-B9F3-D5E06A4200FB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9A192FCB-5C70-464D-B9F3-D5E06A4200FB}\InprocServer32]
@="C:\\WINDOWS\\system32\\ogbcp32r.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{FE72FDC1-0CB7-41CA-AC2B-B69AF8819D82}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE72FDC1-0CB7-41CA-AC2B-B69AF8819D82}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE72FDC1-0CB7-41CA-AC2B-B69AF8819D82}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE72FDC1-0CB7-41CA-AC2B-B69AF8819D82}\InprocServer32]
@="C:\\WINDOWS\\system32\\CEMedEng.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{8C857193-9B69-4432-BEC7-885E0927D5D7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C857193-9B69-4432-BEC7-885E0927D5D7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C857193-9B69-4432-BEC7-885E0927D5D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C857193-9B69-4432-BEC7-885E0927D5D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\iBsrad.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{56E9602B-BD4E-4CD3-84DB-064E7329AC44}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56E9602B-BD4E-4CD3-84DB-064E7329AC44}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56E9602B-BD4E-4CD3-84DB-064E7329AC44}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56E9602B-BD4E-4CD3-84DB-064E7329AC44}\InprocServer32]
@="C:\\WINDOWS\\system32\\ukrsdpia.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{CB4304C9-42E2-4B1B-AB61-43062AC5FFB5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB4304C9-42E2-4B1B-AB61-43062AC5FFB5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB4304C9-42E2-4B1B-AB61-43062AC5FFB5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB4304C9-42E2-4B1B-AB61-43062AC5FFB5}\InprocServer32]
@="C:\\WINDOWS\\system32\\dnvenum.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{CB96F0CC-0273-4D8E-AAC4-930E47EBB6B6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB96F0CC-0273-4D8E-AAC4-930E47EBB6B6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB96F0CC-0273-4D8E-AAC4-930E47EBB6B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB96F0CC-0273-4D8E-AAC4-930E47EBB6B6}\InprocServer32]
@="C:\\WINDOWS\\system32\\oktext32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{EE0D4AAB-2AB9-4F52-83E1-A5535A5F23FB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE0D4AAB-2AB9-4F52-83E1-A5535A5F23FB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE0D4AAB-2AB9-4F52-83E1-A5535A5F23FB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE0D4AAB-2AB9-4F52-83E1-A5535A5F23FB}\InprocServer32]
@="C:\\WINDOWS\\system32\\ijitpki.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{42E33826-8E83-462F-92BA-98399AFD64FF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42E33826-8E83-462F-92BA-98399AFD64FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42E33826-8E83-462F-92BA-98399AFD64FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42E33826-8E83-462F-92BA-98399AFD64FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\czyptsvc.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{CD0AFCF1-2C37-4601-BDCA-DC2276AA4C86}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CD0AFCF1-2C37-4601-BDCA-DC2276AA4C86}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CD0AFCF1-2C37-4601-BDCA-DC2276AA4C86}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CD0AFCF1-2C37-4601-BDCA-DC2276AA4C86}\InprocServer32]
@="C:\\WINDOWS\\system32\\mrvcp50.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{30F8FE4B-3C0F-4562-B32E-712FE9A9121C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{30F8FE4B-3C0F-4562-B32E-712FE9A9121C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{30F8FE4B-3C0F-4562-B32E-712FE9A9121C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{30F8FE4B-3C0F-4562-B32E-712FE9A9121C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{ED9B72CA-4314-441C-8D6F-5BDCDB28E2FD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED9B72CA-4314-441C-8D6F-5BDCDB28E2FD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED9B72CA-4314-441C-8D6F-5BDCDB28E2FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED9B72CA-4314-441C-8D6F-5BDCDB28E2FD}\InprocServer32]
@="C:\\WINDOWS\\system32\\nftui1.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{9F948C67-808B-4BBD-A38E-8447F3DD3E51}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F948C67-808B-4BBD-A38E-8447F3DD3E51}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F948C67-808B-4BBD-A38E-8447F3DD3E51}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F948C67-808B-4BBD-A38E-8447F3DD3E51}\InprocServer32]
@="C:\\WINDOWS\\system32\\osesvr32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{3BCEE8B3-8D77-4CA0-9ED6-9545CB8A6E4B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3BCEE8B3-8D77-4CA0-9ED6-9545CB8A6E4B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3BCEE8B3-8D77-4CA0-9ED6-9545CB8A6E4B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3BCEE8B3-8D77-4CA0-9ED6-9545CB8A6E4B}\InprocServer32]
@="C:\\WINDOWS\\system32\\cumpobj.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{D2D72F4D-2A47-4459-8739-D1FAA4498971}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D2D72F4D-2A47-4459-8739-D1FAA4498971}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D2D72F4D-2A47-4459-8739-D1FAA4498971}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D2D72F4D-2A47-4459-8739-D1FAA4498971}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{842F247D-E294-4648-9522-5D72F2ABF5B2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{842F247D-E294-4648-9522-5D72F2ABF5B2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{842F247D-E294-4648-9522-5D72F2ABF5B2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{842F247D-E294-4648-9522-5D72F2ABF5B2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rGsapi32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{63A7441E-0A94-4464-8EC1-E34461599592}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{63A7441E-0A94-4464-8EC1-E34461599592}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{63A7441E-0A94-4464-8EC1-E34461599592}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{63A7441E-0A94-4464-8EC1-E34461599592}\InprocServer32]
@="C:\\WINDOWS\\system32\\cnmsnap.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{5655F422-AF5D-496C-87DB-8A40403D2D6F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5655F422-AF5D-496C-87DB-8A40403D2D6F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5655F422-AF5D-496C-87DB-8A40403D2D6F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5655F422-AF5D-496C-87DB-8A40403D2D6F}\InprocServer32]
@="C:\\WINDOWS\\system32\\fusrch.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{5B4A10B0-6751-409C-B58B-410F553FCB38}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B4A10B0-6751-409C-B58B-410F553FCB38}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B4A10B0-6751-409C-B58B-410F553FCB38}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B4A10B0-6751-409C-B58B-410F553FCB38}\InprocServer32]
@="C:\\WINDOWS\\system32\\mavcp50.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{88FA59E9-ED10-4E86-A185-8DBC4B034A2B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88FA59E9-ED10-4E86-A185-8DBC4B034A2B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88FA59E9-ED10-4E86-A185-8DBC4B034A2B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88FA59E9-ED10-4E86-A185-8DBC4B034A2B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{F3E29267-E9D5-4CDE-8B61-8D204E5DAD93}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{F3E29267-E9D5-4CDE-8B61-8D204E5DAD93}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F3E29267-E9D5-4CDE-8B61-8D204E5DAD93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F3E29267-E9D5-4CDE-8B61-8D204E5DAD93}\InprocServer32]
@="C:\\WINDOWS\\system32\\masip32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{4F64887B-6E98-4D84-8F5C-2B87078DE0FC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F64887B-6E98-4D84-8F5C-2B87078DE0FC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F64887B-6E98-4D84-8F5C-2B87078DE0FC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F64887B-6E98-4D84-8F5C-2B87078DE0FC}\InprocServer32]
@="C:\\WINDOWS\\system32\\sadpapi.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{B518326B-CE01-4419-953A-25F6403DEDE5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B518326B-CE01-4419-953A-25F6403DEDE5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B518326B-CE01-4419-953A-25F6403DEDE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B518326B-CE01-4419-953A-25F6403DEDE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\iLssdo.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\f0j20a1oed.dll
C:\WINDOWS\system32\mgtext40.dll
C:\WINDOWS\system32\mpisam11.dll
C:\WINDOWS\system32\MWSCP.dll
C:\WINDOWS\system32\sacur32.dll
C:\WINDOWS\system32\sicsccp.dll
C:\WINDOWS\system32\smftpub.dll




((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Sskdmns.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\msiexec.dll
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon
C:\Programme\Gemeinsame Dateien\inetget
C:\Programme\Deskbar
C:\Programme\Inetget2
C:\Programme\Gemeinsame Dateien\{981D0EB5-07DA-1031-0909-050610050031}
C:\Programme\Gemeinsame Dateien\inetget

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Dokumente und Einstellungen\Malaka\Anwendungsdaten\SMBOLS~1
C:\QooBox\Purity\Dokumente und Einstellungen\Malaka\Anwendungsdaten\SMBOLS~1\c?rss.exe
C:\QooBox\Purity\WINDOWS\YSTEM3~1
C:\QooBox\Purity\WINDOWS\YSTEM3~1\YSTEM3~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-08 to 2006-09-08 ))))))))))))))))))))))))))))))))))


2006-09-08 00:07 218,112 --a------ C:\t.exe
2006-08-30 17:09 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe
2006-08-30 17:09 49,152 -ra------ C:\WINDOWS\system32\P0630Hwx.dll
2006-08-30 17:09 36,864 -ra------ C:\WINDOWS\system32\P0630Pin.dll
2006-08-30 17:09 36,864 -ra------ C:\WINDOWS\system32\CtCamMgr.dll
2006-08-30 17:09 32,768 -ra------ C:\WINDOWS\system32\P0630Sti.dll
2006-08-30 17:09 20,480 -ra------ C:\WINDOWS\system32\P0630Srv.exe
2006-08-30 17:09 20,480 -ra------ C:\WINDOWS\P0630Cfg.exe
2006-08-30 17:09 126,976 -ra------ C:\WINDOWS\system32\P0630Vfw.dll
2006-08-30 16:55 24,576 -ra------ C:\WINDOWS\system32\P0630Aor.dll
2006-08-30 16:52 24,576 --------- C:\WINDOWS\system32\CTWEBFUN.DLL
2006-08-30 01:08 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
2006-08-28 22:16 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-08-20 22:23 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-08-19 22:30 61,952 --a------ C:\WINDOWS\system32\den3cfc8.dll
2006-08-19 22:30 1,167 --a------ C:\WINDOWS\system32\den3cfc8.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-08 01:41 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-08 01:15 1193067 ---hs---- C:\WINDOWS\system32\ppqss.bak2
2006-09-07 23:18 -------- d-------- C:\Programme\MSN Messenger
2006-09-07 23:15 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-07 01:13 1187730 ---hs---- C:\WINDOWS\system32\ppqss.bak1
2006-09-04 23:28 -------- d-------- C:\Programme\Opera
2006-09-02 01:26 1143689 ---hs---- C:\WINDOWS\system32\ppqss.ini2
2006-08-30 17:05 -------- d-------- C:\Programme\Creative
2006-08-30 16:59 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Creative
2006-08-30 16:54 -------- d-------- C:\Programme\SightSpeed
2006-08-24 14:47 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\teamspeak2
2006-08-23 23:38 42920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2006-08-22 11:27 -------- d-------- C:\Programme\Save
2006-08-20 22:32 -------- d-------- C:\Programme\Gemeinsame Dateien\wwqw
2006-08-20 22:23 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-08-20 17:05 -------- d-------- C:\Programme\MyGlobalSearch
2006-08-19 22:30 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\InstallShield
2006-08-18 16:14 -------- d-------- C:\Programme\MessengerPlus! 3
2006-08-18 16:07 -------- d-------- C:\Programme\Loud2Junk
2006-08-18 16:07 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Loud2Junk
2006-08-18 16:07 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\BLAH COAL
2006-08-18 16:05 -------- d-------- C:\Programme\Adverts
2006-08-17 22:57 -------- d-------- C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Azureus
2006-07-10 00:51 -------- d-------- C:\Programme\thriXXX
2006-06-26 11:46 602 --a------ C:\Programme\INSTALL.LOG
2006-06-26 01:16 2 --a------ C:\WINDOWS\system32\wintcc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\\WINDOWS\\System32\\sw20.exe"
"SW24"="C:\\WINDOWS\\System32\\sw24.exe"
"Disc Detector"="C:\\Programme\\Creative\\ShareDLL\\CtNotify.exe"
"CTStartup"="C:\\Programme\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"itype"="\"C:\\Programme\\Microsoft IntelliType Pro\\itype.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"MessengerPlus3"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"BearShare"="\"D:\\Programme\\BearShare\\BearShare.exe\" /pause"
"Zone Labs Client"="\"D:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"BaitOnce"="C:\\DOKUME~1\\Malaka\\ANWEND~1\\LOUD2J~1\\Barb Eggs.exe"
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\CTStartup]
"CTStartup"="\"C:\\Programme\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5f,00,00,00
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"wwqw"="C:\\PROGRA~1\\GEMEIN~1\\wwqw\\wwqwm.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"wwqw"="C:\\PROGRA~1\\GEMEIN~1\\wwqw\\wwqwm.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^CoreCenter.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\CoreCenter.lnk"
"backup"="C:\\WINDOWS\\pss\\CoreCenter.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\CORECE~1\\CORECE~1.EXE "
"item"="CoreCenter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^DigiCell.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\DigiCell.lnk"
"backup"="C:\\WINDOWS\\pss\\DigiCell.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\DigiCell\\DigiCell.exe "
"item"="DigiCell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech SetPoint.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Logitech SetPoint.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SetPoint\\KEM.exe "
"item"="Logitech SetPoint"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="points manager"
"hkey"="HKLM"
"command"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BaitOnce]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Barb Eggs"
"hkey"="HKCU"
"command"="C:\\DOKUME~1\\Malaka\\ANWEND~1\\LOUD2J~1\\Barb Eggs.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"D:\\Programme\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Creative WebCam Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CamTray"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Creative\\Shared Files\\CamTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_12"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_12.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\den3cfc8]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w0071cfb.dll,n 0033cfc50000000a0071cfb"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\For Peak About Nurb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Cash Type"
"hkey"="HKLM"
"command"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\CdromHeckForPeak\\Cash Type.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Programme\\ipwins\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Jet Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADGJDet"
"hkey"="HKLM"
"command"="C:\\Programme\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="D:\\Programme\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_12"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_12.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LiveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LMonitor"
"hkey"="HKLM"
"command"="C:\\Programme\\MSI\\Live Update 3\\LMonitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSNS PLUS XP2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winpad"
"hkey"="HKLM"
"command"="winpad.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_11"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_11.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Programme\\outlook\\outlook.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Rsrm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dvdplay"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\YSTEM3~1\\dvdplay.exe\" -vt yazr"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SemanticInsight]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SemanticInsight"
"hkey"="HKLM"
"command"="C:\\Programme\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tt38"
"hkey"="HKLM"
"command"="C:\\tt38.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"D:\\Spiele\\Steam\\Steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tbon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tbon"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\TBONBin\\tbon.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TClock.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tclock_install"
"hkey"="HKCU"
"command"="C:\\Programme\\TClock\\tclock_install.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Tqtc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="c?rss"
"hkey"="HKCU"
"command"="C:\\Dokumente und Einstellungen\\Malaka\\Anwendungsdaten\\s?mbols\\c?rss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Save\\Save.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows ASN Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hxw"
"hkey"="HKLM"
"command"="hxw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winsysban]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winsysban3"
"hkey"="HKLM"
"command"="C:\\windows\\winsysban3.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wwqw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wwqwm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\GEMEIN~1\\wwqw\\wwqwm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"D:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AFC4F1BC91CB62E4.job

Completion time: 06-09-08 1:43:23.01
ComboFix.txt


_______________________datfindbat_________________________________

Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Volumeseriennummer: 981D-0EB5

Verzeichnis von C:\WINDOWS\system32

06-09-08 02:10 1,193,512 ppqss.ini
06-09-08 01:57 54,107 vsconfig.xml
06-09-08 01:56 63,062 nvapps.xml
06-09-08 01:42 28,056 BMXBkpCtrlState-{00000000-00000000-00000006-00001102-00000004-00531102}.rfx
06-09-08 01:42 28,056 BMXCtrlState-{00000000-00000000-00000006-00001102-00000004-00531102}.rfx
06-09-08 01:42 24 DVCStateBkp-{00000000-00000000-00000006-00001102-00000004-00531102}.dat
06-09-08 01:42 24 DVCState-{00000000-00000000-00000006-00001102-00000004-00531102}.dat
06-09-08 01:42 1,072 settings.sfm
06-09-08 01:42 1,072 settingsbkup.sfm
06-09-08 01:42 20,160 BMXStateBkp-{00000000-00000000-00000006-00001102-00000004-00531102}.rfx
06-09-08 01:42 20,160 BMXState-{00000000-00000000-00000006-00001102-00000004-00531102}.rfx
06-09-08 01:15 1,193,067 ppqss.bak2
06-09-07 22:37 4,212 zllictbl.dat
06-09-07 01:13 1,187,730 ppqss.bak1
06-09-05 02:13 6,516 BMXCtrlState-{00000000-00000000-00000006-00001102-00000004-00401102}.rfx
06-09-05 02:13 10,432 BMXState-{00000000-00000000-00000006-00001102-00000004-00401102}.rfx
06-09-05 02:13 6,516 BMXBkpCtrlState-{00000000-00000000-00000006-00001102-00000004-00401102}.rfx
06-09-05 02:13 10,432 BMXStateBkp-{00000000-00000000-00000006-00001102-00000004-00401102}.rfx
06-09-02 01:26 1,143,689 ppqss.ini2
06-08-24 13:00 2,206 wpa.dbl
06-08-23 23:38 42,920 vsutil_loc0407.dll
06-08-23 23:38 392,824 vsdatant.sys
06-08-23 23:38 83,960 zlcomm.dll
06-08-23 23:38 71,672 zlcommdb.dll
06-08-23 23:38 59,384 vswmi.dll
06-08-23 23:38 100,344 vsxml.dll
06-08-23 23:38 440,312 vsutil.dll
06-08-23 23:38 268,280 vspubapi.dll
06-08-23 23:38 71,672 vsregexp.dll
06-08-23 23:38 104,440 vsmonapi.dll
06-08-23 23:38 157,688 vsinit.dll
06-08-23 23:37 83,960 vsdata.dll
06-08-20 22:16 1,167 den3cfc8.sys
06-08-19 22:30 61,952 den3cfc8.dll
06-06-26 01:16 2 wintcc.exe
06-06-20 23:32 796,584 libeay32_0.9.6l.dll
06-06-11 22:10 143 mcrh.tmp
06-06-06 16:51 139,264 rsm.dll
06-06-02 11:04 57,384 avsda.dll
06-06-01 19:09 208,896 NVUNINST.EXE
06-06-01 19:09 208,896 nvudisp.exe
06-06-01 19:09 208,896 nvunrm.exe
06-06-01 17:22 73,728 nvtuicpl.cpl
06-06-01 17:22 155,715 nvsvc32.exe
06-06-01 17:22 2,924,544 nvvitvs.dll
06-06-01 17:22 2,977,792 nvvitvsr.dll
06-06-01 17:22 81,920 nvwddi.dll
06-06-01 17:22 1,662,976 nvwdmcpl.dll
06-06-01 17:22 1,019,904 nvwimg.dll
06-06-01 17:22 282,624 nvwrsar.dll
06-06-01 17:22 266,240 nvrsptb.dll
06-06-01 17:22 286,720 nvwrscs.dll
06-06-01 17:22 425,984 keystone.exe
06-06-01 17:22 311,296 nvwrsde.dll
06-06-01 17:22 335,872 nvwrsel.dll
06-06-01 17:22 286,720 nvwrseng.dll
06-06-01 17:22 335,872 nvwrses.dll
06-06-01 17:22 327,680 nvwrsesm.dll
06-06-01 17:22 303,104 nvwrsfi.dll
06-06-01 17:22 327,680 nvwrsfr.dll
06-06-01 17:22 258,048 nvrspl.dll
06-06-01 17:22 253,952 nvrsno.dll
06-06-01 17:22 274,432 nvrsnl.dll

Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Volumeseriennummer: 981D-0EB5

Verzeichnis von C:\DOKUME~1\Malaka\LOKALE~1\Temp

06-09-08 02:06 406 jusched.log
06-09-08 01:57 49,152 ~DF4D68.tmp
06-09-08 01:44 49,152 ~DF724C.tmp
06-09-01 11:16 247 1F1205F7.TMP

Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Volumeseriennummer: 981D-0EB5

Verzeichnis von C:\WINDOWS

06-09-08 01:44 0 0.log
06-09-08 01:44 157 wiadebug.log
06-09-08 01:44 50 wiaservc.log
06-09-08 01:43 2,048 bootstat.dat
06-09-08 01:22 32,552 SchedLgU.Txt
06-09-08 01:12 321,144 ntbtlog.txt
06-09-07 18:17 116 NeroDigital.ini
06-09-04 23:30 3,778,236 {00000000-00000000-00000006-00001102-00000004-00531102}.CDF
06-09-04 23:30 3,778,236 {00000000-00000000-00000006-00001102-00000004-00531102}.BAK
06-09-03 22:18 54,156 QTFont.qfn
06-09-02 22:13 2,476,791 discwriter.log
06-09-02 22:04 0 OrangeBurn.log
06-08-31 00:47 442,374 DirectX.log
06-08-31 00:46 105,755 setupapi.log
06-08-30 17:06 201 setup.log
06-08-30 17:06 189 setuplog
06-08-30 16:49 1,409 QTFont.for
06-08-30 12:27 227 system.ini
06-08-30 12:27 487 win.ini
06-08-29 22:43 1,174 OEWABLog.txt
06-08-28 18:26 24,778 Xbox_360_CC_Driver.log
06-08-28 18:20 17,930 comsetup.log
06-08-28 18:20 53,473 iis6.log
06-08-28 18:20 9,178 ntdtcsetup.log
06-08-28 18:20 13,014 tsoc.log
06-08-28 18:20 1,374 imsins.log
06-08-28 18:20 1,626 tabletoc.log
06-08-28 18:20 1,177 msgsocm.log
06-08-28 18:20 18,590 ocgen.log
06-08-28 18:20 3,560 netfxocm.log
06-08-28 18:20 1,277 ocmsn.log
06-08-28 18:20 17,721 FaxSetup.log
06-08-28 18:20 11,734 msmqinst.log
06-08-28 18:13 2,002,967 setupapi.log.0.old
06-08-28 12:32 103 CTRec.INI
06-08-25 23:56 63,424 wmsetup.log
06-08-22 00:00 0 1.dat
06-08-19 22:59 2,440 DIFx.log
06-07-17 21:00 178,884 setupact.log
06-07-11 00:13 0 nsreg.dat

Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Volumeseriennummer: 981D-0EB5

Verzeichnis von C:\

06-09-08 02:12 0 sys.txt
06-09-08 02:12 7,700 system.txt
06-09-08 02:12 439 systemtemp.txt
06-09-08 02:10 104,863 system32.txt
06-09-08 01:56 53 biosinfo
06-09-08 01:43 38,862 ComboFix.txt
06-09-08 01:43 1,207,959,552 pagefile.sys
06-09-08 00:41 184 VundoFix.txt
06-09-08 00:40 8,052 hijackthis.log
06-08-30 12:27 194 boot.ini








So das wars. Danke dir im voraus.

MfG

Theo

#2 1.
Vundofix anwenden
http://virus-protect.org/artikel/tools/vundofixx.html

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tbon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Rsrm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BaitOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Tqtc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows ASN Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WhenUSave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wwqw
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winsysban
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Files to delete:
C:\WINDOWS\tasks\AFC4F1BC91CB62E4.job
C:\WINDOWS\System32\ssqpp.dll
C:\WINDOWS\System32\ddcca.dll
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\wintcc.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\rsm.dll
C:\WINDOWS\1.dat
C:\Programme\Common Files\svchostsys\svchostsys.exe
C:\t.exe

Folders to delete:
C:\WINDOWS\System32\P2P Networking
C:\Programme\TClock
C:\Programme\Save
C:\Programme\Gemeinsame Dateien\wwqw
C:\Programme\Common Files\svchostsys
C:\Programme\Common Files\misc001
C:\Programme\Common Files\simtest
C:\Programme\Network Monitor
c:\program files\altnet
C:\Programme\TBONBin
C:\WINDOWS\UGFwcGFz
C:\Programme\MyGlobalSearch
C:\Programme\Loud2Junk
C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\BLAH COAL
C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Loud2Junk

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was erscheint

**
Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung
- Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
- Click:Temporäre Dateien, o.k

-----------------------------
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O1 - Hosts: 65.19.154.99 www.halifax-online.co.uk
O1 - Hosts: 65.19.154.99 ibank.barclays.co.uk
O1 - Hosts: 65.19.154.99 online.lloydstsb.co.uk
O1 - Hosts: 65.19.154.99 online-business.lloydstsb.co.uk
O1 - Hosts: 65.19.154.99 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 65.19.154.99 banesnet.banesto.es
O1 - Hosts: 65.19.154.99 extranet.banesto.es
O1 - Hosts: 65.19.154.99 ebanking.bccbrescia.it
O1 - Hosts: 65.19.154.99 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 65.19.154.99 oi.cajamadrid.es
O1 - Hosts: 65.19.154.99 bancae.caixapenedes.com
O1 - Hosts: 65.19.154.99 banking.postbank.de
O1 - Hosts: 65.19.154.99 meine.deutsche-bank.de
O1 - Hosts: 65.19.154.99 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 65.19.154.99 ibank.cahoot.com
O1 - Hosts: 65.19.154.99 webbank.openplan.co.uk
O1 - Hosts: 65.19.154.99 bancopostaonline.poste.it
O1 - Hosts: 65.19.154.99 mybank.bybank.it
O1 - Hosts: 65.19.154.99 ibank.internationalbanking.barclays.com
O1 - Hosts: 65.19.154.99 welcome7.co-operativebank.co.uk
O1 - Hosts: 65.19.154.99 welcome11.co-operativebankonline.co.uk

O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\ssqpp.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\ddcca.dll

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O4 - HKLM\..\Run: [winlog] winlog.exe

O4 - HKLM\..\Run: [BearShare] "D:\Programme\BearShare\BearShare.exe" /pause

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKCU\..\Run: [sys_up1] C:\Programme\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [BaitOnce] C:\DOKUME~1\Malaka\ANWEND~1\LOUD2J~1\Barb Eggs.exe

O8 - Extra context menu item: &MyToolBar Search - res://C:\Programme\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM

O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab

O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\SYSTEM32\ddcca.dll
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\System32\ssqpp.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\srimeng.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\azam0171e.dll (file missing)

**
scanne
http://virus-protect.org/artikel/bfu/alcanshorty.html

**
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

**
scanne mit sophos und poste den scanreport
http://virus-protect.org/multiavtool.html

**
scanne mit dr.web und poste den scanreport
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Soll ich das im abgesicherten Modus machen? Und soll ich die Firewalls ausschalten?

#4 warte..ich bin noch nicht fertig...........
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Edit dann bitte deinen post wenn du fertig bist okay?

#6 so, nun kannst du anfangen, alles im Normalmodus und poste alle reporte, vor allem dem vom avenger
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Ich denke mal da wird er die meisten sachen nicht finden bei avenger, weil ich das vorhin schon gemacht hab. Aber ich werd mal alles wieder einfügen. Ich fang dann mal wieder von vorne an .

#8 machs noch mal und poste den report
__________
MfG Sabina

rund um die PC-Sicherheit

#9 so avenger ist fertig. Die anderen kommen gleich noch

___________________Avenger________________________________

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dxymbsax

*******************

Script file located at: \??\C:\dylaqrkx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Status: 0xc0000034

File C:\WINDOWS\tasks\AFC4F1BC91CB62E4.job deleted successfully.


File C:\WINDOWS\System32\ssqpp.dll not found!
Deletion of file C:\WINDOWS\System32\ssqpp.dll failed!

Could not process line:
C:\WINDOWS\System32\ssqpp.dll
Status: 0xc0000034



File C:\WINDOWS\System32\ddcca.dll not found!
Deletion of file C:\WINDOWS\System32\ddcca.dll failed!

Could not process line:
C:\WINDOWS\System32\ddcca.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ppqss.ini not found!
Deletion of file C:\WINDOWS\system32\ppqss.ini failed!

Could not process line:
C:\WINDOWS\system32\ppqss.ini
Status: 0xc0000034



File C:\WINDOWS\system32\wintcc.exe not found!
Deletion of file C:\WINDOWS\system32\wintcc.exe failed!

Could not process line:
C:\WINDOWS\system32\wintcc.exe
Status: 0xc0000034



File C:\WINDOWS\system32\mcrh.tmp not found!
Deletion of file C:\WINDOWS\system32\mcrh.tmp failed!

Could not process line:
C:\WINDOWS\system32\mcrh.tmp
Status: 0xc0000034



File C:\WINDOWS\system32\ppqss.bak2 not found!
Deletion of file C:\WINDOWS\system32\ppqss.bak2 failed!

Could not process line:
C:\WINDOWS\system32\ppqss.bak2
Status: 0xc0000034



File C:\WINDOWS\system32\ppqss.bak1 not found!
Deletion of file C:\WINDOWS\system32\ppqss.bak1 failed!

Could not process line:
C:\WINDOWS\system32\ppqss.bak1
Status: 0xc0000034



File C:\WINDOWS\system32\ppqss.ini2 not found!
Deletion of file C:\WINDOWS\system32\ppqss.ini2 failed!

Could not process line:
C:\WINDOWS\system32\ppqss.ini2
Status: 0xc0000034



File C:\WINDOWS\system32\rsm.dll not found!
Deletion of file C:\WINDOWS\system32\rsm.dll failed!

Could not process line:
C:\WINDOWS\system32\rsm.dll
Status: 0xc0000034



File C:\WINDOWS\1.dat not found!
Deletion of file C:\WINDOWS\1.dat failed!

Could not process line:
C:\WINDOWS\1.dat
Status: 0xc0000034



Could not open file C:\Programme\Common Files\svchostsys\svchostsys.exe for deletion
Deletion of file C:\Programme\Common Files\svchostsys\svchostsys.exe failed!

Could not process line:
C:\Programme\Common Files\svchostsys\svchostsys.exe
Status: 0xc000003a



File C:\t.exe not found!
Deletion of file C:\t.exe failed!

Could not process line:
C:\t.exe
Status: 0xc0000034



Folder C:\WINDOWS\System32\P2P Networking not found!
Deletion of folder C:\WINDOWS\System32\P2P Networking failed!

Could not process line:
C:\WINDOWS\System32\P2P Networking
Status: 0xc0000034



Folder C:\Programme\TClock not found!
Deletion of folder C:\Programme\TClock failed!

Could not process line:
C:\Programme\TClock
Status: 0xc0000034



Folder C:\Programme\Save not found!
Deletion of folder C:\Programme\Save failed!

Could not process line:
C:\Programme\Save
Status: 0xc0000034



Folder C:\Programme\Gemeinsame Dateien\wwqw not found!
Deletion of folder C:\Programme\Gemeinsame Dateien\wwqw failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\wwqw
Status: 0xc0000034



Folder C:\Programme\Common Files\svchostsys not found!
Deletion of folder C:\Programme\Common Files\svchostsys failed!

Could not process line:
C:\Programme\Common Files\svchostsys
Status: 0xc0000034



Folder C:\Programme\Common Files\misc001 not found!
Deletion of folder C:\Programme\Common Files\misc001 failed!

Could not process line:
C:\Programme\Common Files\misc001
Status: 0xc0000034



Folder C:\Programme\Common Files\simtest not found!
Deletion of folder C:\Programme\Common Files\simtest failed!

Could not process line:
C:\Programme\Common Files\simtest
Status: 0xc0000034



Folder C:\Programme\Network Monitor not found!
Deletion of folder C:\Programme\Network Monitor failed!

Could not process line:
C:\Programme\Network Monitor
Status: 0xc0000034



Folder c:\program files\altnet not found!
Deletion of folder c:\program files\altnet failed!

Could not process line:
c:\program files\altnet
Status: 0xc0000034

Folder C:\Programme\TBONBin deleted successfully.


Folder C:\WINDOWS\UGFwcGFz not found!
Deletion of folder C:\WINDOWS\UGFwcGFz failed!

Could not process line:
C:\WINDOWS\UGFwcGFz
Status: 0xc0000034



Folder C:\Programme\MyGlobalSearch not found!
Deletion of folder C:\Programme\MyGlobalSearch failed!

Could not process line:
C:\Programme\MyGlobalSearch
Status: 0xc0000034

Folder C:\Programme\Loud2Junk deleted successfully.


Folder C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\BLAH COAL not found!
Deletion of folder C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\BLAH COAL failed!

Could not process line:
C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\BLAH COAL
Status: 0xc0000034

Folder C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Loud2Junk deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tbon deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Rsrm deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Services deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BaitOnce deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Tqtc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows ASN Services deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WhenUSave deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wwqw deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winsysban not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winsysban failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#10 nun arbeite alles weitere ab und poste alle scanreporte
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Sophos:


Sophos Anti-Virus
Version 4.09.0 [Win32/Intel]
Virus data version 4.09, September 2006
Includes detection for 187747 viruses, trojans and worms
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com

System time 18:26:13, System date 09 September 2006
Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet


>>> Virus 'Troj/Swizz-Fam' found in file C:\avenger\backup.zip\avenger/Loud2Junk-ren-214/Barb Eggs.exe
>>> Virus 'Troj/Swizz-Fam' found in file C:\avenger\backup.zip\avenger/Loud2Junk-ren-214/fast anti long.exe
>>> Virus 'Troj/Swizz-Fam' found in file C:\avenger\backup.zip\avenger/Loud2Junk-ren-214/regs copy bone license.exe
>>> Virus 'Troj/Swizz-Fam' found in file C:\avenger\backup.zip\avenger/Loud2Junk-ren-214/sepfazej.exe
Removal successful
>>> Virus 'Troj/Swizz-Fam' found in file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CdromHeckForPeak\Cash Type.exe
Disinfection failed
Removal successful
Could not open C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat
Could not open C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat
Could not open C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Password protected file C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0600win_DEUyhoo0010.pdf
Password protected file C:\Dokumente und Einstellungen\Malaka\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0700win_DEUadbe0700.pdf
Could not open C:\Dokumente und Einstellungen\Malaka\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open C:\Dokumente und Einstellungen\Malaka\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Could not open C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\RdrMsgDEU.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\read0600win_DEUyhoo0010.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\read0600win_ENUyhoo0010.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig705\DEU\Data1.cab\WebSearchENU.pdf
>>> Virus 'Troj/Swizzor-LY' found in file C:\Programme\Adverts\uninst.exe
Disinfection failed
Removal successful
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp
Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp
Could not open C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279112.dll
>>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279132.exe
Disinfection failed
Removal successful
Could not open C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279141.dll
>>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279177.exe
Disinfection failed
Removal successful
>>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279178.exe
Disinfection failed
Removal successful
>>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279179.exe
Disinfection failed
Removal successful
>>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279180.exe
Disinfection failed
Removal successful
>>> Virus 'Troj/Swizz-Fam' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279209.exe
Disinfection failed
Removal successful
>>> Virus 'Troj/Swizzor-LY' found in file C:\System Volume Information\_restore{EFCF27AC-61A1-4228-B43E-1977BE2F55CA}\RP267\A0279210.exe
Disinfection failed
Removal successful
Could not open C:\WINDOWS\system32\config\system.LOG
Could not open C:\WINDOWS\system32\drivers\dtscsi.sys
Could not open C:\WINDOWS\system32\drivers\sptd.sys
Could not open C:\WINDOWS\system32\drivers\sptd1485.sys

2 master boot records swept.
34182 files swept in 32 minutes and 27 seconds.
61 errors were encountered.
13 viruses were discovered.
10 files out of 34182 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
47 encrypted files were not checked.
Ending Sophos Anti-Virus.



___________________________TrendLog_______________________________

2006-09-09, 19:09:31, Auto-clean mode specified.
2006-09-09, 19:09:31, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2006-09-09, 19:09:37, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running.
2006-09-09, 19:09:37, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 1)

Start time : Sat Sep 09 2006 19:09:32

Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 782) [success]

Complete time : Sat Sep 09 2006 19:09:37
Execute pattern count(2957), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-09-09, 19:10:08, An error was detected on "C:\System Volume Information\*.*": Zugriff verweigert
2006-09-09, 19:10:24, An error was detected on "D:\Panos\Active member\Active Member - ÎέÏ�αÏ?μα Ï?Ï?' ακÏ�Ï?νειÏ�ο\*.*": Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch.
2006-09-09, 19:10:25, An error was detected on "D:\Panos\Daten Handy\Sounds\??f?a??? ????\*.*": Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch.
2006-09-09, 19:11:09, An error was detected on "D:\System Volume Information\*.*": Zugriff verweigert
2006-09-09, 19:11:12, An error was detected on "E:\System Volume Information\*.*": Zugriff verweigert
2006-09-09, 20:37:37, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2006 19:11:12
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

C:\WINDOWS\system32\firewall.exe [WORM_RBOT.CJQ]
30670 files have been read.
30670 files have been checked.
28119 files have been scanned.
61179 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2006 20:37:37
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-09, 20:37:37, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2006 19:11:12
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

30670 files have been read.
30670 files have been checked.
28119 files have been scanned.
61179 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2006 20:37:37 1 hour 26 minutes 24 seconds (5183.84 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-09, 20:37:37, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2006 19:11:12
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

30670 files have been read.
30670 files have been checked.
28119 files have been scanned.
61179 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2006 20:37:37 1 hour 26 minutes 24 seconds (5183.84 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-09, 20:37:37, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
2006-09-09, 21:01:20, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2006 20:37:38
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

44864 files have been read.
44864 files have been checked.
35312 files have been scanned.
122867 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2006 21:01:20
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-09, 21:01:20, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2006 20:37:38
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

44864 files have been read.
44864 files have been checked.
35312 files have been scanned.
122867 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2006 21:01:20 23 minutes 41 seconds (1421.58 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-09, 21:01:20, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2006 20:37:38
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

44864 files have been read.
44864 files have been checked.
35312 files have been scanned.
122867 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2006 21:01:20 23 minutes 41 seconds (1421.58 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-09, 21:01:20, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
2006-09-09, 21:01:22, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2006 21:01:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend

2 files have been read.
2 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2006 21:01:22
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-09, 21:01:22, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2006 21:01:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend

2 files have been read.
2 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2006 21:01:22 0.02 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-09, 21:01:22, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2006 21:01:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 735 (130318 Patterns) (2006/09/08) (373500)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend

2 files have been read.
2 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2006 21:01:22 0.02 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-09, 21:01:22, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.





EDIT: Der letzte log kommt morgen leider... konnte nicht alles machen muss weg.

#12 freegon

1.
falls es noch da ist, loesche: C:\WINDOWS\system32\firewall.exe

2.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren)

3.
scanne noch mit den anderen Proggies und poste die reporte

4.
poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#13 dr.web:


=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-09-10, 15:18:01 [PAPPAS][Malaka]
Command-line: "C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 1
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 1966 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 943 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 229 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 172 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 140381
Key file: C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] C:\WINDOWS\System32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\Programme\AntiVir PersonalEdition Classic\sched.exe
[Scan path] C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
[Scan path] C:\WINDOWS\System32\CTsvcCDA.EXE
[Scan path] C:\WINDOWS\mtcls32.exe
[Scan path] C:\WINDOWS\System32\nvsvc32.exe
[Scan path] C:\Programme\CyberLink\Shared files\RichVideo.exe
[Scan path] C:\WINDOWS\System32\wdfmgr.exe
[Scan path] C:\WINDOWS\System32\UAService7.exe
[Scan path] C:\WINDOWS\System32\MsPMSPSv.exe
[Scan path] C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[Scan path] C:\WINDOWS\Explorer.EXE
[Scan path] C:\WINDOWS\System32\rundll32.exe
[Scan path] C:\Programme\Creative\ShareDLL\CtNotify.exe
[Scan path] C:\Programme\Creative\ShareDLL\MediaDet.Exe
[Scan path] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
[Scan path] C:\Programme\Microsoft IntelliType Pro\itype.exe
[Scan path] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
[Scan path] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
[Scan path] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
[Scan path] C:\WINDOWS\System32\ctfmon.exe
[Scan path] C:\Programme\ArcorDSL\ArcorDSL.exe
[Scan path] C:\Programme\Opera\Opera.exe
[Scan path] C:\Dokumente und Einstellungen\Malaka\Desktop\drweb-cureit.exe
[Scan path] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOKUME~1\Malaka\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] c:\windows\system32\nvcpl.dll
[Scan path] C:\WINDOWS\System32\nwiz.exe
[Scan path] C:\WINDOWS\System32\sw20.exe
[Scan path] C:\WINDOWS\System32\sw24.exe
[Scan path] c:\programme\creative\splash screen\cteaxspl.exe
[Scan path] c:\windows\system32\dumprep.exe
[Scan path] C:\WINDOWS\System32\nvmctray.dll
[Scan path] C:\Dokumente und Einstellungen\Malaka\Startmenü\Programme\Autostart\desktop.ini
[Scan path] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
[Scan path] C:\WINDOWS\System32\mmsys.cpl
[Scan path] C:\WINDOWS\System32\icmui.dll
[Scan path] C:\WINDOWS\System32\rshx32.dll
[Scan path] C:\WINDOWS\System32\docprop.dll
[Scan path] C:\WINDOWS\System32\ntshrui.dll
[Scan path] C:\WINDOWS\System32\themeui.dll
[Scan path] C:\WINDOWS\System32\deskadp.dll
[Scan path] C:\WINDOWS\System32\deskmon.dll
[Scan path] C:\WINDOWS\System32\dssec.dll
[Scan path] C:\WINDOWS\System32\SlayerXP.dll
[Scan path] C:\WINDOWS\System32\shscrap.dll
[Scan path] C:\WINDOWS\System32\diskcopy.dll
[Scan path] C:\WINDOWS\System32\ntlanui2.dll
[Scan path] C:\WINDOWS\System32\printui.dll
[Scan path] C:\WINDOWS\System32\dskquoui.dll
[Scan path] C:\WINDOWS\System32\syncui.dll
[Scan path] C:\WINDOWS\System32\hticons.dll
[Scan path] C:\WINDOWS\System32\fontext.dll
[Scan path] C:\WINDOWS\System32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\System32\wiashext.dll
[Scan path] C:\WINDOWS\System32\remotepg.dll
[Scan path] C:\WINDOWS\System32\wuaueng.dll
[Scan path] C:\WINDOWS\System32\wshext.dll
[Scan path] C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\System32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\System32\shmedia.dll
[Scan path] C:\WINDOWS\System32\browseui.dll
[Scan path] C:\WINDOWS\System32\sendmail.dll
[Scan path] C:\WINDOWS\System32\occache.dll
[Scan path] C:\WINDOWS\System32\webcheck.dll
[Scan path] C:\WINDOWS\System32\appwiz.cpl
[Scan path] C:\WINDOWS\System32\shimgvw.dll
[Scan path] C:\WINDOWS\System32\netplwiz.dll
[Scan path] C:\WINDOWS\System32\zipfldr.dll
[Scan path] C:\WINDOWS\System32\cdfview.dll
[Scan path] C:\WINDOWS\System32\msieftp.dll
[Scan path] C:\WINDOWS\System32\docprop2.dll
[Scan path] C:\WINDOWS\System32\dsquery.dll
[Scan path] C:\WINDOWS\System32\dsuiext.dll
[Scan path] C:\WINDOWS\System32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\System32\dfsshlex.dll
[Scan path] C:\WINDOWS\System32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\System32\cabview.dll
[Scan path] C:\Programme\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\System32\wmpshell.dll
[Scan path] C:\WINDOWS\System32\nvcpl.dll
[Scan path] C:\WINDOWS\System32\nvshell.dll
[Scan path] C:\Programme\WinRAR\rarext.dll
[Scan path] C:\Programme\Real\RealPlayer\rpshell.dll
[Scan path] C:\WINDOWS\System32\Audiodev.dll
[Scan path] C:\Programme\TuneUp Utilities 2006\sdshelex.dll
[Scan path] C:\Programme\Sony Ericsson\Mobile\File Manager\fmgrgui.dll
[Scan path] C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
[Scan path] D:\Programme\ICQLite\ICQLiteShell.dll
[Scan path] C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
[Scan path] C:\WINDOWS\system32\mscoree.dll
[Scan path] C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
[Scan path] C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll
[Scan path] C:\Programme\Microsoft IntelliType Pro\itcplzm.dll
[Scan path] C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll
[Scan path] C:\Programme\Microsoft IntelliType Pro\itcplkey.dll
[Scan path] C:\Programme\Microsoft IntelliType Pro\itcplwir.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\System32\stobject.dll
[Scan path] C:\WINDOWS\System32\crypt32.dll
[Scan path] C:\WINDOWS\System32\cryptnet.dll
[Scan path] C:\WINDOWS\System32\cscdll.dll
[Scan path] C:\WINDOWS\System32\wlnotify.dll
[Scan path] C:\WINDOWS\System32\sclgntfy.dll
[Scan path] C:\WINDOWS\System32\wzcdlg.dll
[Scan path] C:\WINDOWS\System32\drivers\ACEDRV05.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\system32\drivers\ALCXWDM.SYS
[Scan path] c:\windows\system32\svchost.exe
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\AmdK8.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\arp1394.sys
[Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys
[Scan path] C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys
[Scan path] C:\WINDOWS\SYSTEM32\drivers\avgntmgr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] C:\WINDOWS\System32\drivers\ctac32k.sys
[Scan path] C:\WINDOWS\System32\drivers\ctprxy2k.sys
[Scan path] C:\WINDOWS\System32\drivers\ctsfm2k.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\WINDOWS\System32\Drivers\dtscsi.sys
C:\WINDOWS\System32\Drivers\dtscsi.sys - read error

[Scan path] C:\WINDOWS\system32\drivers\e10kx2k.sys
[Scan path] C:\WINDOWS\System32\drivers\emupia2k.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ENTECH.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\FLASHSYS.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\gameenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\hidusb.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\i8042prt.sys
[Scan path] C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\System32\imapi.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\LHidKE.Sys
[Scan path] C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
[Scan path] C:\WINDOWS\System32\DRIVERS\LMouKE.Sys
[Scan path] C:\WINDOWS\System32\mnmsrvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mouhid.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\System32\msdtc.exe
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NdisIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nic1394.sys
[Scan path] C:\WINDOWS\system32\drivers\nmwcdc.sys
[Scan path] C:\WINDOWS\system32\drivers\nmwcdcm.sys
[Scan path] C:\WINDOWS\system32\drivers\nmwcd.sys
[Scan path] D:\Spiele\Pristontale\npkcrypt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NVENETFD.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nvnetbus.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ohci1394.sys
[Scan path] C:\WINDOWS\system32\drivers\ctoss2k.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\P0630Vid.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\System32\PCANDIS5.SYS
[Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\System32\PfModNT.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\processr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\System32\locator.exe
[Scan path] C:\WINDOWS\System32\rsvp.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys
[Scan path] C:\Programme\MSI\Core Center\RushTop.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\Seri*hier nicht!*.sys
[Scan path] C:\WINDOWS\System32\drivers\sfdrv01.sys
[Scan path] C:\WINDOWS\System32\drivers\sfhlp02.sys
[Scan path] C:\WINDOWS\System32\drivers\sfsync02.sys
[Scan path] C:\WINDOWS\System32\drivers\sfsync04.sys
[Scan path] C:\WINDOWS\System32\drivers\sfvfs02.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\SLIP.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\System32\Drivers\sptd.sys
C:\WINDOWS\System32\Drivers\sptd.sys - read error

[Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\System32\ZoneLabs\srescan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\StreamIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\System32\tlntsvr.exe
[Scan path] C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbohci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\System32\DRIVERS\v800bus.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\v800mdfl.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\v800mdm.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\v800mgmt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\v800obex.sys
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\System32\vsdatant.sys
[Scan path] c:\windows\system32\zonelabs\vsmon.exe
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
[Scan path] C:\WINDOWS\System32\DRIVERS\xnacc.sys
[Scan path] C:\WINDOWS\System32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 277
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 5105 Kb/s
Scan time: 00:00:15
-----------------------------------------------------------------------------

[Prüfpfad] C:\
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat - Lesefehler
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat - Lesefehler
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\LocalService\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\Malaka\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\Malaka\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\Malaka\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\Malaka\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\WINDOWS\system32\config\default - Lesefehler
C:\WINDOWS\system32\config\default.LOG - Lesefehler
C:\WINDOWS\system32\config\SAM - Lesefehler
C:\WINDOWS\system32\config\SAM.LOG - Lesefehler
C:\WINDOWS\system32\config\SECURITY - Lesefehler
C:\WINDOWS\system32\config\SECURITY.LOG - Lesefehler
C:\WINDOWS\system32\config\software - Lesefehler
C:\WINDOWS\system32\config\software.LOG - Lesefehler
C:\WINDOWS\system32\config\system - Lesefehler
C:\WINDOWS\system32\config\system.LOG - Lesefehler
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\WINDOWS\system32\drivers\dtscsi.sys - Lesefehler
C:\WINDOWS\system32\drivers\sptd.sys - Lesefehler
C:\WINDOWS\system32\drivers\sptd1485.sys - Lesefehler

-----------------------------------------------------------------------------
Prüfstatistiken
-----------------------------------------------------------------------------
Geprüfte Objekte: 94258
Infizierte Objekte gefunden: 0
Objekte mit Modifikation gefunden: 0
Verdächtige Objekte gefunden: 0
Adware-Programm gefunden: 0
Dialer-Programm gefunden: 0
Scherz-Programm gefunden: 0
Riskware programm gefunden: 0
Hacktool-Programm gefunden: 0
Desinfizierte Objekte: 0
Gelöschte Objekte: 0
Umbenannte Objekte: 0
Verschobene Objekte: 0
Ignorierte Objekte: 0
Leistung:: 1433 Kb/s
Dauer:: 00:31:17
-----------------------------------------------------------------------------

=============================================================================
Gesamte Sitzungsstatistik
=============================================================================
Geprüfte Objekte: 94535
Infizierte Objekte gefunden: 0
Objekte mit Modifikation gefunden: 0
Verdächtige Objekte gefunden: 0
Adware-Programm gefunden: 0
Dialer-Programm gefunden: 0
Scherz-Programm gefunden: 0
Riskware programm gefunden: 0
Hacktool-Programm gefunden: 0
Desinfizierte Objekte: 0
Gelöschte Objekte: 0
Umbenannte Objekte: 0
Verschobene Objekte: 0
Ignorierte Objekte: 0
Leistung:: 1462 Kb/s
Dauer:: 00:31:32
=============================================================================

so das wars dann auch erstmal. Ich hoffe es ist alles richtig gelaufen !

#14 poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#15 Logfile of HijackThis v1.99.1
Scan saved at 20:12, on 06-09-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programme\Creative\ShareDLL\MediaDet.Exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\ArcorDSL\ArcorDSL.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\mtcls32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\Malaka\Desktop\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Arcor
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O17 - HKLM\System\CCS\Services\Tcpip\..\{592C9E7E-8041-4F1A-BF33-D9DE7AB1FB56}: NameServer = 195.50.140.250 195.50.140.114
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DcomHelper Service (DcomHelper) - Creative Technology Ltd - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mtc l32 (mtcl32) - Unknown owner - C:\WINDOWS\mtcls32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe