Deckard's System Scanner v20071014.68 Run by Besitzer on 2007-11-20 17:10:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Unable to create WMI object; Der Vorgang wurde erfolgreich beendet. Backed up registry hives. Performed disk cleanup. [color=red]Total Physical Memory: 503 MiB (512 MiB recommended).[/color] -- HijackThis (run as Besitzer.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:11:00, on 20.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\umonit.exe C:\Programme\Ahead\InCD\InCD.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Besitzer\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Besitzer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = Diesen Eintrag löschen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: dcads - {C7C90A5E-BE0A-44DD-83D2-1BE138460BAC} - C:\WINDOWS\system32\nsx13.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVMFBoxMonitor] "C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe" O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-790525478-1979792683-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-790525478-1979792683-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-790525478-1979792683-725345543-1003 Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (User '?') O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158595014281 O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!Box-Kindersicherung (avmidentd) - AVM Berlin - C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8468 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20071101-203529-332 O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify backup-20071101-203529-812 O2 - BHO: dcads - {C7C90A5E-BE0A-44DD-83D2-1BE138460BAC} - C:\WINDOWS\system32\nsj3C.dll backup-20071101-203529-813 O2 - BHO: superiorads browser optimizer - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll backup-20071101-203529-896 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20071107-191952-248 O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file) backup-20071107-191952-468 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20071107-191952-643 O2 - BHO: dcads - {C7C90A5E-BE0A-44DD-83D2-1BE138460BAC} - C:\WINDOWS\system32\nsqB4.dll backup-20071107-191952-769 O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe backup-20071108-111452-103 O2 - BHO: (no name) - {C7C90A5E-BE0A-44DD-83D2-1BE138460BAC} - (no file) backup-20071108-111452-324 O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file) backup-20071108-111452-721 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys 3 fixustor - c:\windows\system32\drivers\fixustor.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2 aawservice (Ad-Aware 2007 Service) - c:\programme\lavasoft\ad-aware 2007\aawservice.exe 2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - c:\programme\antivir personaledition classic\sched.exe 2 Apple Mobile Device - c:\programme\gemeinsame dateien\apple\mobile device support\bin\applemobiledeviceservice.exe 2 AVM IGD CTRL Service - c:\programme\fritz!dsl\igdctrl.exe 2 avmidentd (AVM FRITZ!Box-Kindersicherung) - c:\programme\fritz!box-kindersicherung\avmident.exe 2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe 2 CCALib8 (Canon Camera Access Library 8) - c:\programme\canon\cal\calmain.exe 2 CVPND (Cisco Systems, Inc. VPN Service) - c:\programme\cisco systems\vpn client\cvpnd.exe 3 de_serv (AVM FRITZ!web Routing Service) - c:\programme\gemeinsame dateien\avm\de_serv.exe 3 ServiceLayer - c:\programme\pc connectivity solution\servicelayer.exe -- Device Manager: Disabled ---------------------------------------------------- Unable to create WMI object. -- Scheduled Tasks ------------------------------------------------------------- 2007-11-14 20:54:02 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-11-09 19:53:08 398 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job -- Files created between 2007-10-20 and 2007-11-20 ----------------------------- 2007-11-19 16:18:36 208896 --a------ C:\WINDOWS\system32\nsx13.dll 2007-11-19 13:01:25 0 d-------- C:\Programme\directx 2007-11-19 13:01:23 35328 --a------ C:\WINDOWS\system32\INETWH32.DLL 2007-11-19 13:01:22 0 d-------- C:\Programme\Davilex 2007-11-07 18:15:00 0 d-------- C:\Programme\Cornelsen 2007-11-06 11:30:28 0 d-------- C:\Programme\mp3DirectCut 2007-11-03 15:44:36 0 d-------- C:\Programme\Lavasoft 2007-11-01 20:22:02 0 d-------- C:\Programme\Trend Micro 2007-11-01 19:21:58 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-11-01 18:17:52 0 d-------- C:\Programme\Spyware Doctor 2007-11-01 18:13:07 0 d-------- C:\Programme\Norton Security Scan 2007-10-29 19:20:54 40731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2007-10-29 19:20:52 80105 --a------ C:\WINDOWS\system32\dcads-remove.exe 2007-10-29 11:13:56 38229 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys 2007-10-29 11:11:42 0 d-------- C:\WINDOWS\Downloaded Installations 2007-10-29 10:34:54 0 d-------- C:\Programme\iPod 2007-10-29 10:34:44 0 d-------- C:\Programme\iTunes 2007-10-29 10:33:53 0 d-------- C:\Programme\QuickTime 2007-10-29 10:33:11 0 d-------- C:\Programme\Gemeinsame Dateien\Apple 2007-10-26 12:23:40 0 d--hs---- C:\WINDOWS\ftpcache -- Find3M Report --------------------------------------------------------------- 2007-11-12 10:46:01 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AdobeUM 2007-11-07 21:08:48 0 d-------- C:\Programme\Google 2007-11-07 19:32:58 0 d-------- C:\Programme\Java 2007-11-04 19:11:02 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe 2007-11-03 15:44:14 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-11-01 20:04:41 0 d-------- C:\Programme\XPcleanv5 2007-11-01 19:21:58 0 d-------- C:\Programme\Gemeinsame Dateien 2007-11-01 18:17:52 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PC Tools 2007-10-31 21:40:05 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype 2007-10-30 23:38:39 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Apple Computer 2007-10-29 20:59:53 0 d--h----- C:\Programme\InstallShield Installation Information 2007-10-29 11:31:00 0 d-------- C:\Programme\SCHLECKERFotobuch 2007-10-29 10:33:36 0 d-------- C:\Programme\Apple Software Update 2007-10-28 22:16:39 0 d-------- C:\Programme\IKEA HomePlanner 2007-10-28 22:15:45 0 d-------- C:\Programme\FoxyTunes 2007-10-28 21:35:58 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Winamp 2007-10-24 12:24:10 0 d-------- C:\Programme\Oetinger 2007-10-24 11:59:20 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\FrostWire 2007-10-23 22:08:32 1048576 --a------ C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\NMM-MetaData.db 2007-10-23 19:24:55 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nokia Multimedia Player 2007-10-19 18:20:21 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-10-19 10:47:48 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DivX 2007-10-19 10:39:07 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\vlc 2007-10-19 09:43:57 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ahead 2007-10-17 18:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe 2007-10-04 17:55:58 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ArcSoft 2007-10-04 17:16:08 0 d-------- C:\Programme\ArcSoft 2007-10-04 17:12:59 0 d-------- C:\Programme\Gemeinsame Dateien\ArcSoft 2007-10-04 17:08:09 0 d-------- C:\Programme\USB 2.0 PC Camera 2007-10-04 17:07:38 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield 2007-09-23 13:18:16 0 d-------- C:\Programme\TomTom DesktopSuite 2007-09-13 11:02:37 3313 --a------ C:\WINDOWS\mozver.dat 2007-09-13 10:45:06 32 --a------ C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Settings.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}] 19.11.2007 16:18 208896 --a------ C:\WINDOWS\system32\nsx13.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [05.10.2004 15:25] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [05.10.2004 15:24] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [11.10.2007 23:37] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [07.01.2005 16:07 C:\WINDOWS\system32\HdAShCut.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 12:00 C:\WINDOWS\system32\bthprops.cpl] "AVMFBoxMonitor"="C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe" [08.05.2007 01:00] "snp2std"="C:\WINDOWS\vsnp2std.exe" [04.12.2006 10:58] "UMonit"="C:\WINDOWS\system32\umonit.exe" [22.06.2005 06:42] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50] "InCD"="C:\Programme\Ahead\InCD\InCD.exe" [25.07.2005 12:01] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [10.11.2005 12:03] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04.08.2004 12:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 12:00] "NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe" [11.10.2005 18:25] "updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30.03.2006 15:45] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Dokumente und Einstellungen\Besitzer\Startmen\Programme\Autostart\ FRITZ!DSL Startcenter.lnk - C:\Programme\FRITZ!DSL\StCenter.exe [20.08.2007 13:28:05] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 20:05:26] Cisco Systems VPN Client.lnk - C:\Programme\Cisco Systems\VPN Client\vpngui.exe [06.10.2006 20:17:56] Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [18.02.1999 04:05:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoTaskGrouping"=1 (0x1) "NoAutoTrayNotify"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) "NoTaskGrouping"=1 (0x1) "NoAutoTrayNotify"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=1 (0x1) "NoTaskGrouping"=1 (0x1) "NoAutoTrayNotify"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk] backup=Diesen Eintrag löschen [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI_SUED_FotoSuite_Download] Diesen Eintrag löschen [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] "C:\Programme\Spyware Doctor\SDTrayApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] "C:\Programme\TomTom HOME 2\HOMERunner.exe" -s [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5872536d-62a8-11dc-bf1e-000ae4b5b5fc}] AutoRun\command- F:\InstallTomTomHOME.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 7284 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-11-20 17:12:51 ------------