Home » Viren, Trojaner & Malware Forum » Wie bekomme ich Schädlinge wieder runter u.a. ssqrs.dll und SrchSTS.exe » Themenansicht

Wie bekomme ich Schädlinge wieder runter u.a. ssqrs.dll und SrchSTS.exe
#0
18.02.2007, 17:17
Midcall
...neu hier

Beiträge: 2
#1 Hallo,

habe ein paar Probleme mit Schädlingen. Habe schon diverse Sachen angewendet (z.B. Smitfraudfix, damit ging auch einiges weg, die SrchSTS.exe ist übrig geblieben.

Ich poste mal den Log:

SmitFraudFix v2.142

Scan done at 16:33:44,89, 18.02.2007
Run from C:\Dokumente und Einstellungen\Junaid\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 serial.alcohol-soft.com

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Als Ergänzung noch Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 17:16:37, on 18.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Programme\Norton AntiVirus\navapsvc.exe
E:\Programme\NETGEAR WG311v2 Adapter\wlancfg5.exe
E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
e:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
E:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Junaid\Desktop\Virenbekämpfung\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "e:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = E:\Programme\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\Programme\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - E:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Wer kann mir nen Tipp geben wie ich wo weitermachen muss?

Danke
Seitenanfang Seitenende
18.02.2007, 20:18
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Midcall

1.
poste dieses log
http://virus-protect.org/artikel/tools/comboscan.html

2.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

3.
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.02.2007, 21:33
Midcall
...neu hier

Themenstarter

Beiträge: 2
#3 OK, zu 1:

ComboScan v20070212.14 run by Junaid on 2007-02-18 at 20:52:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis log (run as Junaid.com) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:53:10, on 18.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Programme\Norton AntiVirus\navapsvc.exe
E:\Programme\NETGEAR WG311v2 Adapter\wlancfg5.exe
E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
e:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
E:\Programme\Common\Database\bin\fbserver.exe
E:\Programme\Common\Database\bin\fabs.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Junaid\Desktop\Virenbekämpfung\comboscan.exe
C:\DOKUME~1\Junaid\LOKALE~1\Temp\~aqppxxd.tmp\Junaid.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6FBA3D14-0256-4840-B921-926B21DCB9BD} - C:\WINDOWS\system32\ssqrs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vfcecglt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "e:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = E:\Programme\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\Programme\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - E:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 Arp1394 (1394-ARP-Clientprotokoll) - System32\DRIVERS\arp1394.sys
3 cmpci (C-Media PCI Audio Driver (WDM)) - system32\drivers\cmaudio.sys
3 CO_Mon - \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
3 E1000 (Intel(R) PRO/1000 Adapter Driver) - system32\DRIVERS\e1000325.sys
3 hidusb (Microsoft HID Class-Treiber) - System32\DRIVERS\hidusb.sys
4 InCDFs (InCD File System) - system32\drivers\InCDFs.sys
1 InCDPass - system32\drivers\InCDPass.sys
1 InCDRm (InCD Reader) - system32\drivers\InCDRm.sys
1 intelppm (Intel-Prozessortreiber) - System32\DRIVERS\intelppm.sys
3 IPFilter (Microsoft IntelliPoint Features driver) - system32\DRIVERS\IPFilter.sys
1 kbdhid (Tastatur-HID-Treiber) - system32\DRIVERS\kbdhid.sys
3 mouhid (Maus-HID-Treiber) - System32\DRIVERS\mouhid.sys
3 NAVENG - \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20070214.020\NAVENG.Sys
3 NAVEX15 - \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20070214.020\NavEx15.Sys
3 netwg311 (NETGEAR WG311v2 802.11g Wireless PCI Adapter) - system32\DRIVERS\netwg311.sys
3 NIC1394 (1394-Netzwerktreiber) - System32\DRIVERS\nic1394.sys
3 nv - System32\DRIVERS\nv4_mini.sys
3 odysseyIM3 (Odyssey Network Services Miniport) - system32\DRIVERS\odysseyIM3.sys
0 ohci1394 (VIA OHCI-konformer IEEE 1394-Hostcontroller) - System32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
1 SAVRT - \??\E:\Programme\Norton AntiVirus\SAVRT.SYS
1 SAVRTPEL - \??\E:\Programme\Norton AntiVirus\SAVRTPEL.SYS
1 SPBBCDrv - \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
0 sptd - System32\Drivers\sptd.sys
0 srescan - system32\ZoneLabs\srescan.sys
3 StillCam (Treiber für serielle Digitalkamera) - system32\DRIVERS\serscan.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\Programme\Symantec\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20070214.003\symidsco.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 usbccgp (Microsoft Standard-USB-Haupttreiber) - system32\DRIVERS\usbccgp.sys
3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - System32\DRIVERS\usbehci.sys
3 usbscan (USB-Scannertreiber) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB-Massenspeichertreiber) - system32\DRIVERS\USBSTOR.SYS
3 vaxscsi - \SystemRoot\System32\Drivers\vaxscsi.sys
1 vsdatant - System32\vsdatant.sys
3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - system32\DRIVERS\w810bus.sys
3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - system32\DRIVERS\w810mdfl.sys
3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - system32\DRIVERS\w810mdm.sys
3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - system32\DRIVERS\w810mgmt.sys
3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - system32\DRIVERS\w810obex.sys
3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
4 WS2IFSL (Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung) - \SystemRoot\System32\drivers\ws2ifsl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AOL ACS (AOL Connectivity Service) - "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"
2 Automatisches LiveUpdate - Scheduler - "C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 Brother XP spl Service (BrSplService) - C:\WINDOWS\system32\brsvc01a.exe
3 CAISafe (CA ISafe) - C:\WINDOWS\system32\ZoneLabs\isafe.exe
2 ccEvtMgr (Symantec Event Manager) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
3 ccPwdSvc (Symantec Password Validation) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"
3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - E:\Programme\Common\Database\bin\fbserver.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2 navapsvc (Norton AntiVirus Auto-Protect-Dienst) - "E:\Programme\Norton AntiVirus\navapsvc.exe"
2 NPFMntor (Norton AntiVirus Firewall Monitor Service) - "E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe"
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\system32\nvsvc32.exe
3 PDEngine - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
2 PDSched (PDScheduler) - C:\Programme\Raxco\PerfectDisk\PDSched.exe
3 SAVScan - "E:\Programme\Norton AntiVirus\SAVScan.exe"
2 SBService (ScriptBlocking Service) - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
2 SNDSrvc (Symantec Network Drivers Service) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"
2 SPBBCSvc (Symantec SPBBCSvc) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe"
2 StarWindService (StarWind iSCSI Service) - e:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
2 Symantec Core LC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe"
3 UPnPService - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service


-- Scheduled Tasks --------------------------------------------------------------

2007-01-26 20:57:21 570 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Meinen Computer prüfen - Junaid.job<NORTON~1.JOB>


-- Files created between 2007-01-18 and 2007-02-18 ------------------------------

2007-02-18 18:26:41 430080 --a------ C:\WINDOWS\system32\MXRestore.exe<MXREST~1.EXE><Unsigned: MAGIX AG>
2007-02-18 14:10:37 44177 --a------ C:\WINDOWS\system32\vfcecglt.dll<Unsigned: n/a>
2007-02-18 10:20:27 66529214 --a------ C:\Backup Registry.reg<BACKUP~1.REG>
2007-02-11 02:19:53 0 d-------- C:\Programme\Microsoft Hardware<MICROS~2>
2007-02-11 00:55:57 12288 --a------ C:\WINDOWS\system32\vetntmsg.dll<Unsigned: n/a>
2007-02-11 00:55:56 15668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys<Unsigned: n/a>
2007-02-11 00:55:56 541733 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys<Unsigned: Computer Associates International, Inc.>
2007-02-11 00:55:56 21605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys<Unsigned: n/a>
2007-02-11 00:55:55 733236 --a------ C:\WINDOWS\system32\vete.dll<Unsigned: Computer Associates International, Inc.>
2007-02-11 00:55:55 108453 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys<Unsigned: Computer Associates International, Inc.>
2007-02-11 00:55:55 77824 --a------ C:\WINDOWS\system32\driverif.dll<Unsigned: Computer Associates International, Inc.>
2007-02-10 23:21:22 0 d-------- C:\Programme\Java
2007-02-10 23:21:20 0 d-------- C:\Programme\Gemeinsame Dateien\Java
2007-02-07 13:30:05 503745 ---hs---- C:\WINDOWS\system32\srqss.bak2<SRQSS~2.BAK>
2007-02-06 11:14:43 484903 ---hs---- C:\WINDOWS\system32\srqss.bak1<SRQSS~1.BAK>
2007-02-06 11:14:37 277286 ---hs---- C:\WINDOWS\system32\ssqrs.dll<Unsigned: n/a>
2007-02-06 04:01:10 0 d-------- C:\Programme\VSAdd-in
2007-01-27 22:40:06 0 d-------- C:\Programme\Microsoft IntelliPoint 4.12<MICROS~1.12>
2007-01-27 20:41:14 1152 --a------ C:\WINDOWS\mozver.dat


-- Find3M Report ----------------------------------------------------------------

2007-02-18 18:39:25 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared<SYMANT~1>
2007-02-18 18:39:03 0 d-------- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\MAGIX
2007-02-18 18:30:57 0 d-------- C:\Programme\Gemeinsame Dateien\MAGIX Shared<MAGIXS~1>
2007-02-18 17:55:53 2216 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-11 04:43:37 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-02-11 00:57:41 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-10 23:21:20 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-02-07 15:39:16 0 d-------- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\MyPhoneExplorer<MYPHON~1>
2007-02-05 17:56:08 316924 --a------ C:\WINDOWS\system32\perfh007.dat
2007-02-05 17:56:08 48354 --a------ C:\WINDOWS\system32\perfc007.dat
2007-01-27 15:16:38 0 d-------- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\Mozilla
2007-01-14 00:03:07 0 d-------- C:\Programme\Gemeinsame Dateien\Expert System<EXPERT~1>
2007-01-01 04:58:06 2547 --a------ C:\WINDOWS\dixfshkx.exe<Unsigned: n/a>
2007-01-01 04:57:38 2547 --a------ C:\WINDOWS\o3f8pto0.exe<Unsigned: n/a>
2007-01-01 04:57:35 2547 --a------ C:\WINDOWS\r0zmww1g.exe<Unsigned: n/a>
2006-12-31 18:43:11 0 d-------- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\Help
2006-12-31 10:44:44 0 d-------- C:\Programme\Symantec
2006-12-31 10:44:17 0 d-------- C:\Programme\SymNetDrv<SYMNET~1>
2006-12-31 10:32:19 0 d-------- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\Symantec
2006-12-31 10:22:45 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys<Unsigned: Symantec Corporation>
2006-12-30 20:04:22 0 d---s---- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\Microsoft<MICROS~1>
2006-12-30 19:48:59 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys<Unsigned: n/a>
2006-12-30 19:34:43 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard<WISEIN~1>
2006-12-30 18:36:44 0 d-------- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\TuneUp Software<TUNEUP~1>
2006-12-30 14:39:00 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys<Unsigned: n/a>
2006-12-30 14:06:28 0 d-------- C:\Programme\Intel
2006-12-30 10:52:45 0 d-------- C:\Programme\Raxco
2006-12-30 10:52:45 0 d-------- C:\Programme\Gemeinsame Dateien\Raxco
2006-12-30 09:35:35 4608 --a------ C:\WINDOWS\system32\w95inf32.dll<Unsigned: Microsoft Corporation>
2006-12-30 09:35:35 2272 --a------ C:\WINDOWS\system32\w95inf16.dll<Unsigned: Microsoft Corporation>
2006-12-24 20:34:00 0 d-------- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\Teleca
2006-12-24 17:24:42 0 d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared<TELECA~1>
2006-12-24 17:24:24 0 d-------- C:\Programme\Sony Ericsson<SONYER~1>
2006-12-24 17:21:07 5808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys<Signed: MCCI>
2006-12-24 17:21:07 6176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys<Signed: MCCI>
2006-12-19 20:56:31 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys<Unsigned: n/a>
2006-12-18 19:44:01 0 d-------- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\DivX
2006-12-12 17:30:29 520192 --a------ C:\WINDOWS\system32\DivXsm.exe<Unsigned: n/a>
2006-12-12 17:30:26 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
2006-12-12 17:30:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2006-12-12 17:30:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2006-12-12 17:25:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
2006-12-12 17:25:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
2006-12-12 17:25:24 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
2006-12-12 17:25:22 57344 --a------ C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
2006-12-12 17:25:22 344064 --a------ C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
2006-12-12 17:25:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
2006-12-12 17:25:22 294912 --a------ C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
2006-12-12 17:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>
2006-12-12 17:25:20 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
2006-12-12 17:25:20 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
2006-12-12 17:25:19 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
2006-12-12 17:25:19 635486 --a------ C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
2006-12-12 17:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>
2006-12-12 17:24:42 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>
2006-12-03 18:38:00 335 --a------ C:\WINDOWS\nsreg.dat
2006-12-03 17:11:29 101 --a------ C:\WINDOWS\system32\mit.bat
2006-12-02 11:42:31 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL><Unsigned: Sony DADC Austria AG.>
2006-12-01 22:58:47 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2006-11-27 00:31:21 0 -rahs---- C:\MSDOS.SYS<Unsigned: n/a>
2006-11-27 00:31:21 0 -rahs---- C:\IO.SYS<Unsigned: n/a>
2006-11-27 00:31:21 0 --a------ C:\CONFIG.SYS<Unsigned: n/a>
2006-11-27 00:31:21 0 --a------ C:\AUTOEXEC.BAT
2006-11-27 00:28:41 21740 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2006-11-27 00:21:24 62 --ahs---- C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten\desktop.ini


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"Zone Labs Client"="\"e:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"POINTER"="point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ControlCenter2.0"="C:\\Programme\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\AOL 9.0 Tray-Symbol.lnk"
"backup"="C:\\WINDOWS\\pss\\AOL 9.0 Tray-Symbol.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\AOL9~1.0\\aoltray.exe -check"
"item"="AOL 9.0 Tray-Symbol"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\MICROS~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Status Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Status Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Brother\\Brmfcmon\\BrMfcWnd.exe Brother DCP-340CW /STARTUP"
"item"="Status Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Junaid^Startmenü^Programme^Autostart^Talisman.lnk]
"path"="C:\\Dokumente und Einstellungen\\Junaid\\Startmenü\\Programme\\Autostart\\Talisman.lnk"
"backup"="C:\\WINDOWS\\pss\\Talisman.lnkStartup"
"location"="Startup"
"command"="E:\\PROGRA~1\\TALISM~1\\talisman.exe "
"item"="Talisman"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mixer"
"hkey"="HKLM"
"command"="Mixer.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"e:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DaemonTools_WhenUSaveNow_Installer"
"hkey"="HKLM"
"command"="C:\\Programme\\DaemonTools_WhenUSaveNow_Installer\\DaemonTools_WhenUSaveNow_Installer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fwwmnfyc"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\fwwmnfyc.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"E:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Programme\\ScanSoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="e:\\Programme\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"command"="C:\\Programme\\ScanSoft\\PaperPort\\pptd40nt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Application Launcher"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0AFEA888-B97B-4EDE-AC47-1FEE31D5CEE5}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\start.exe /checksection

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75a85699-7dac-11db-bdb4-806d6172696f}]
Shell\AutoRun\command G:\autorun6e.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5fcdc54-81f4-11db-be39-00095bba840a}]
Shell\AutoRun\command H:\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc8d9d10-8169-11db-be35-806d6172696f}]
Shell\AutoRun\command F:\CDStart.Exe
Shell\Install\Command F:\navsetup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_HTTPFILTER
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_UPNPHOST
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_UPNPSERVICE


-- End of ComboScan: finished at 2007-02-18 at 20:54:19 -------------------------



ComboScan v20070212.14 run by Junaid on 2007-02-18 at 20:52:19
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1023.48 MiB / 638.07 MiB
Pagefile Memory (total/avail): 2461.64 MiB / 2184.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1998.17 MiB

C: is Fixed (NTFS) - 9.77 GiB total, 3.23 GiB free.
D: is Fixed (NTFS) - 76.69 GiB total, 1.16 GiB free.
E: is Fixed (NTFS) - 64.75 GiB total, 26.6 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FW: Norton Internet Worm Protection v2005 (Symantec)
FW: ZoneAlarm Security Suite Firewall v6.5.737.000 (Zone Labs, Inc.) [COLOR=RED]Disabled[/COLOR]
AV: ZoneAlarm Security Suite Antivirus v6.5.737.000 (Zone Labs, Inc.) [COLOR=RED]Disabled[/COLOR] [COLOR=RED]Outdated[/COLOR]
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Junaid\Anwendungsdaten
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=ABFAHRER
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Junaid
LOGONSERVER=\\ABFAHRER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"E:\Programme\Zone Labs\ZoneAlarm\MailFrontier";C:\Programme\Gemeinsame Dateien\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Programme
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Junaid\LOKALE~1\Temp
TMP=C:\DOKUME~1\Junaid\LOKALE~1\Temp
tvdumpflags=8
USERDOMAIN=ABFAHRER
USERNAME=Junaid
USERPROFILE=C:\Dokumente und Einstellungen\Junaid
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Junaid (admin)
Administrator (new local, admin)


-- Add/Remove Programs ----------------------------------------------------------

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> E:\Nero 7\Nero 7\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.7 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70700000002}
AOL Coach Version 1.0(Build:20040229.1 de) --> "C:\Programme\Gemeinsame Dateien\aolshare\Coach\AolCInUn.exe" -lang="de-de"
AOL Deutschland --> C:\Programme\Gemeinsame Dateien\aolshare\Aolunins_de.exe
AOL Meine Fotos Bildschirmschoner --> C:\Programme\Gemeinsame Dateien\AOL\Screensaver\uninst_ygpss.exe
AOL Optimized Dial-In --> "C:\Programme\Gemeinsame Dateien\AOL\ACS\AcsUninstall.exe" /c
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x7 Brunin03.dllBrunin03.dll
Call of Duty(R) 2 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CDRoller version 6.03 --> "e:\Programme\CDRoller\unins000.exe"
DivX Codec --> e:\Programme\DivX\DivXCodecUninstall.exe /CODEC
Driver Genius Professional Edition 6 --> "e:\Programme\DriverGenius\unins000.exe"
Firebird SQL Server - MAGIX Edition (D) --> E:\Programme\Common\Database\uninstall.exe
HijackThis 1.99.1 --> C:\Dokumente und Einstellungen\Junaid\Desktop\HijackThis.exe /uninstall
ICQ 5.1 --> E:\Programme\ICQLite\ICQLiteUninstall.EXE
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
IrfanView (remove only) --> e:\Programme\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Learn2 Player (Uninstall Only) --> C:\Programme\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation) --> C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Programme\Symantec\LiveUpdate\LSETUP.EXE" /U
MAGIX Foto Manager 2007 (D) --> E:\Programme\Foto_Manager_2007\instslct.exe
MAGIX MP3 Maker 12 (D) --> E:\Programme\Magix Music Maker 12\instslct.exe
MAGIX Online Druck Service (D) --> E:\Programme\Online_Druck_Service\instslct.exe
MicroMachines V4 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E4511CEC-2E60-4076-95B6-0E193269EB86}\setup.exe" -l0x7 -removeonly
Microsoft Office XP Professional mit FrontPage --> MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.1) --> E:\Programme\Mozilla Firefox\uninstall\uninst.exe
MyPhoneExplorer --> e:\Programme\MyPhoneExplorer\uninstall.exe
Nero 7 Demo --> MsiExec.exe /I{C7E1449D-7638-6832-426D-589655951031}
NETGEAR WG311v2 802.11g Wireless PCI Adapter --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{936D42B8-FE51-41D5-A74A-6182F6CDB17B}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Programme\Gemeinsame Dateien\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PaperPort --> MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PCI Audio Driver --> cmuninst.exe
PerfectDisk --> MsiExec.exe /I{C190CB55-817E-4713-84F4-0BBB8961CED9}
PowerDVD --> C:\WINDOWS\IsUn0407.exe -fe:\Programme\PowerDVD\Uninst.isu
Pro Evolution Soccer 6 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1031
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
ratDVD 0.78.1444 --> e:\Programme\ratDVD\uninst.exe
RealPlayer Basic --> C:\Programme\Gemeinsame Dateien\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Top Spin 2 --> MsiExec.exe /I{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.5 --> e:\Programme\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885295 --> C:\WINDOWS\$NtUninstallKB885295$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR Archivierer --> e:\Programme\WinRAR\uninstall.exe
XP Codec Pack --> e:\Programme\XP Codec Pack\Uninstall.exe
ZoneAlarm Security Suite --> e:\Programme\Zone Labs\ZoneAlarm\zauninst.exe


-- End of ComboScan: finished at 2007-02-18 at 20:54:19 -------------------------


zu 3:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DC59-A929

Verzeichnis von C:\WINDOWS\system32

18.02.2007 21:24 516.954 srqss.ini
18.02.2007 21:07 88.566 nvapps.xml
18.02.2007 21:07 56.960 vsconfig.xml
18.02.2007 17:55 0 tmp.txt
18.02.2007 17:55 2.216 tmp.reg
18.02.2007 14:10 44.177 vfcecglt.dll
17.02.2007 23:26 503.745 srqss.bak2
16.02.2007 23:23 2.206 wpa.dbl
13.02.2007 18:14 111.784 FNTCACHE.DAT
11.02.2007 00:57 4.212 zllictbl.dat
10.02.2007 23:22 9.857 jupdate-1.5.0_11-b03.log
06.02.2007 11:14 484.903 srqss.bak1
06.02.2007 11:14 277.286 ssqrs.dll
06.02.2007 11:02 353 bcbeg.ini
06.02.2007 04:01 972.387 cyfnmwwf.ini
05.02.2007 17:56 311.740 perfh009.dat
05.02.2007 17:56 40.128 perfc009.dat
05.02.2007 17:56 48.354 perfc007.dat
05.02.2007 17:56 316.924 perfh007.dat
05.02.2007 17:56 722.222 PerfStringBackup.INI
05.02.2007 11:18 962.564 xfggaouk.ini
21.01.2007 17:25 2.778 qtplugin.log
01.01.2007 06:24 540 PDBootState

2240 Datei(en) 486.310.797 Bytes
0 Verzeichnis(se), 3.476.291.584 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DC59-A929

Verzeichnis von C:\DOKUME~1\Junaid\LOKALE~1\Temp

18.02.2007 21:09 54.272 ginstall.dll
18.02.2007 21:08 16.384 ~DF5BE1.tmp
2 Datei(en) 70.656 Bytes
0 Verzeichnis(se), 3.476.267.008 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DC59-A929

Verzeichnis von C:\WINDOWS\Temp

18.02.2007 21:07 256 ZLT05399.TMP
18.02.2007 21:07 256 ZLT05392.TMP
2 Datei(en) 512 Bytes
0 Verzeichnis(se), 3.476.242.432 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DC59-A929

Verzeichnis von C:\WINDOWS\Downloaded Program Files

30.12.2006 15:52 2.072 vscanmsx.dat
20.12.2006 01:00 1.957 tinfl.dat
20.12.2006 01:00 2.504 catalog.dat
20.12.2006 01:00 32 virscant.dat
20.12.2006 01:00 3.940.959 virscan9.dat
20.12.2006 01:00 6.899 ecbootil.vxd
20.12.2006 01:00 1.650.979 virscan8.dat
20.12.2006 01:00 5.396.298 virscan7.dat
20.12.2006 01:00 97.696 scrauth.dat
20.12.2006 01:00 390.030 virscan6.dat
20.12.2006 01:00 9.237 symaveng.cat
20.12.2006 01:00 1.061 symaveng.inf
20.12.2006 01:00 187.543 tcdefs.dat
20.12.2006 01:00 1.172.076 tcscan7.dat
20.12.2006 01:00 323.242 tcscan8.dat
20.12.2006 01:00 728.804 tcscan9.dat
20.12.2006 01:00 453 tinf.dat
20.12.2006 01:00 148 tinfidx.dat
20.12.2006 01:00 224 zdone.dat
20.12.2006 01:00 64.048 tscan1.dat
20.12.2006 01:00 3.072 tscan1hd.dat
20.12.2006 01:00 4.778 v.grd
20.12.2006 01:00 2.261 v.sig
20.12.2006 01:00 106.244 virscan.inf
20.12.2006 01:00 974.242 virscan1.dat
20.12.2006 01:00 569.910 virscan2.dat
20.12.2006 01:00 147.296 virscan3.dat
20.12.2006 01:00 320.186 virscan4.dat
20.12.2006 01:00 3.086.703 virscan5.dat
27.11.2006 00:30 65 desktop.ini
09.11.2006 14:36 5.019 swflash.inf
17.05.2006 14:29 241 CabSA.inf
17.05.2006 14:29 878 avsniff.inf
17.05.2006 14:28 6.850 navapi.vxd
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
36 Datei(en) 19.205.866 Bytes
0 Verzeichnis(se), 3.476.221.952 Bytes frei




Hallo, das Thema hat sich erledigt, ich habe es hinbekommen. Danke für die Antworten.

MfG Midcall
Dieser Beitrag wurde am 18.02.2007 um 23:54 Uhr von Midcall editiert.
Seitenanfang Seitenende
19.02.2007, 16:16
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Midcall

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{6FBA3D14-0256-4840-B921-926B21DCB9BD}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{0AFEA888-B97B-4EDE-AC47-1FEE31D5CEE5}

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E03C740E-BB24-4d3c-B92A-6F84DE1DD99C}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0AFEA888-B97B-4EDE-AC47-1FEE31D5CEE5}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FBA3D14-0256-4840-B921-926B21DCB9BD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E03C740E-BB24-4d3c-B92A-6F84DE1DD99C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FBA3D14-0256-4840-B921-926B21DCB9BD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AFEA888-B97B-4EDE-AC47-1FEE31D5CEE5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqrs

Files to delete:
C:\WINDOWS\dixfshkx.exe
C:\WINDOWS\o3f8pto0.exe
C:\WINDOWS\r0zmww1g.exe
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.tmp
C:\WINDOWS\system32\vfcecglt.dll
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\cyfnmwwf.ini
C:\WINDOWS\system32\xfggaouk.ini
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\ginstall.dll

Folders to delete:
C:\Programme\DaemonTools_WhenUSaveNow_Installer
C:\Programme\VSAdd-in
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
wende vundofix an
http://virus-protect.org/artikel/tools/vundofixx.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1