Schadsoftware eingefangen!

#1 Hi leudde

Vor ein paar minuten hat mein hotmail konto eine sogenannte "Spam" an meine adressenliste verschickt!

Ein kolleg hat mir diese dann zurückgemailt und es handel sich um eine ctksu.com internetadresse, noch nie davon gehört

Habe danach umgehen...
Ad-Aware
a-squared Free
Spywareterminator

durchlaufen lassen, die aber seit einer halben stunde immer noch kein schadsoftware gefunden habe

Dazu läuft im Hintergrund Kaspersky, Spywareterminator und Spyboot

Wo liegt das Problem?

hier noch das Logfile vom Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:04, on 11.05.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\a-squared Free\a2service.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\eMule\emule.exe
C:\Programme\MediaMonkey\MediaMonkey.exe
C:\Programme\QuickDic\QuickDic.exe
C:\Programme\KillProcess\KillProcess.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\a-squared Free\a2free.exe
C:\Programme\Ad-Aware 2007\Ad-Aware2007.exe
C:\Programme\Eusing Free Registry Cleaner\Regcleaner.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
J:\Persönliche Daten\Internet Security\RootAlyzer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Spyware Terminator\SpywareTerminator.exe
C:\Dokumente und Einstellungen\Dan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UB70G5IN\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.20min.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\PowerDVD\Language\Language.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Tucan] "J:\Persönliche Daten\Internet Security\PAVARK.exe" /Monitor
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1209226317234
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDown...iaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/...ows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programme\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

#2 also laut...

Spyboot
Spywareterminator
Kaspersky
Ad-Aware
CCleaner
Eusing Free Registry
a-squared free
Pavarax (Panda)
Sophos Anti Rootkit
AVG Anti Rootkit

ist mein Computer clean!

Habe zwar heute morgen einen Trojan.Agent.259360 gefunden, eine DivXComponent.exe datei, diese wurde aber gelöscht.

Was könnte somit das Problem sein, dass von meiner E-Mail Adresse Spam verschickt wird und was kann ich dagegen tun?

#3 im übrigen muss ich ergänzen, dass ich die Spam mail unter den gesendeten im postfach befindet und dies 3x

kann es sein, das sich da jemand zutritt zu meinem hotmail/msn konto verschaffen hat?

#4 Hallo,

du hast Proggies auf dem Rechner, die eventuell in die Rouge-Liste passen (also gefakte Tools)
wende Comboscan an + poste die 2 reporte
http://virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 wieso sollten diese gefakt sein und welche meinst du damit?

normalerweise lade ich programme von der herstellerseite selbst, oder dann über chip oder die schweizer version pctipp.ch runter

die beiden bericht folgen

#6 Deckard's System Scanner v20071014.68
Run by Dan on 2008-05-11 23:15:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
60: 2008-05-11 21:16:09 UTC - RP60 - Deckard's System Scanner Restore Point
59: 2008-05-11 08:45:41 UTC - RP59 - Spyware Terminator - restore point
58: 2008-05-10 14:25:48 UTC - RP58 - Systemprüfpunkt
57: 2008-05-09 11:38:00 UTC - RP57 - Systemprüfpunkt
56: 2008-05-08 11:23:48 UTC - RP56 - Systemprüfpunkt


-- First Restore Point --
1: 2008-04-26 15:44:46 UTC - RP1 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-11 23:18:09
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\sttray.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Spyware Terminator\SpywareTerminatorShield.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\HP\HP Software Update\hpwuSchd2.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\a-squared Free\a2service.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Maxtor\Sync\SyncServices.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\eMule\emule.exe
C:\Programme\MediaMonkey\MediaMonkey.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\WinPatrol\WinPatrol.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Dan\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SD5L0CDV\dss[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.20min.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinPatrol] C:\Programme\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209226317234
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=
1209314231_650ee737facdedb965de4deb2b67e8b2&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40
/JSCDL/jre/6u5-b19/jinstall
-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programme\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe


--
End of file - 10153 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SAVRKBootTasks (Boot Tasks Driver) - c:\windows\system32\savrkboottasks.sys <Not Verified; Sophos Plc; Sophos Anti-Rootkit>
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys

S3 FXDrv32 - d:\fxdrv32.sys (file missing)
S3 MEMSWEEP2 - c:\windows\system32\52a3.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\programme\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R3 NMIndexingService - "c:\programme\gemeinsame dateien\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 ServiceLayer - "c:\programme\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Netzwerkcontroller
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_011A16EC&REV_02\4&2C3BA146&0&08F0
Manufacturer:
Name: Netzwerkcontroller
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_011A16EC&REV_02\4&2C3BA146&0&08F0
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6280
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6280
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 22:41:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 22:41:22 0 d-------- C:\Programme\Mozilla Thunderbird
2008-05-11 22:26:13 0 d-------- C:\Programme\WinPatrol
2008-05-11 19:22:27 18816 -----n--- C:\WINDOWS\system32\SAVRKBootTasks.sys <Not Verified; Sophos Plc; Sophos Anti-Rootkit>
2008-05-11 18:38:09 0 d-------- C:\Programme\Sophos
2008-05-11 18:27:48 0 d-------- C:\Programme\AVG Anti-Rootkit Free
2008-05-07 00:52:25 0 d-------- C:\WINDOWS\Prefetch
2008-05-07 00:47:12 0 d-------- C:\WINDOWS\l2schemas
2008-05-07 00:47:11 0 d-------- C:\WINDOWS\system32\de
2008-05-07 00:47:11 0 d-------- C:\WINDOWS\system32\bits
2008-05-07 00:45:26 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 00:38:32 0 d-------- C:\WINDOWS\EHome
2008-04-28 16:57:35 0 d-------- C:\Programme\EA GAMES
2008-04-28 13:50:25 0 d-------- C:\Games
2008-04-27 19:36:01 0 d-------- C:\Programme\Cyberlink
2008-04-27 19:34:44 0 d-------- C:\Programme\PowerDVD
2008-04-27 18:37:48 0 d-------- C:\WINDOWS\Sun
2008-04-27 18:36:46 0 d-------- C:\Programme\Java
2008-04-27 18:35:56 0 d-------- C:\Programme\Gemeinsame Dateien\Java
2008-04-27 16:43:45 0 d-------- C:\Programme\Eusing Free Registry Cleaner
2008-04-27 16:43:34 0 d-------- C:\Programme\a-squared Free
2008-04-27 16:42:26 0 d-------- C:\Programme\CCleaner
2008-04-27 16:41:34 0 d-------- C:\Programme\a-squared HiJackFree
2008-04-27 16:40:51 0 d-------- C:\Programme\Ad-Aware 2007
2008-04-27 16:40:23 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-27 16:33:52 0 d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2008-04-27 16:33:51 0 d-------- C:\Programme\Gemeinsame Dateien\Nokia
2008-04-27 16:33:44 0 d-------- C:\Programme\DIFX
2008-04-27 16:33:35 0 d-------- C:\Programme\PC Connectivity Solution
2008-04-27 16:33:25 0 d-------- C:\Programme\Nokia
2008-04-27 13:31:09 0 d-------- C:\bin
2008-04-27 13:29:28 0 d-------- C:\Programme\Gemeinsame Dateien\Sonic Shared
2008-04-27 13:28:09 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-04-27 13:27:34 0 d-------- C:\Programme\Gemeinsame Dateien\HP
2008-04-27 13:10:28 11634 --a------ C:\WINDOWS\hpomdl11.dat
2008-04-27 13:05:02 0 d-------- C:\Programme\Hewlett-Packard
2008-04-27 13:04:59 0 d-------- C:\Programme\Gemeinsame Dateien\Hewlett-Packard
2008-04-27 13:03:23 127781 --a------ C:\WINDOWS\hpoins11.dat
2008-04-27 12:22:06 73728 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-04-27 12:22:02 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-27 12:21:44 0 d-------- C:\Programme\HP
2008-04-27 12:19:43 98304 --a------ C:\WINDOWS\system32\hpzjsn01.dll <Not Verified; Hewlett Packard Company; HPJZSN01 Dynamic Link Library>
2008-04-27 11:58:15 0 d-------- C:\Programme\KillProcess
2008-04-27 11:44:29 0 d-------- C:\WINDOWS\NV39162708.TMP
2008-04-27 11:43:50 0 d-------- C:\NVIDIA
2008-04-27 11:33:17 0 d-------- C:\Programme\SystemRequirementsLab
2008-04-27 10:50:05 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-04-27 10:47:51 0 d-------- C:\Programme\Creative
2008-04-27 09:52:20 0 d-------- C:\Programme\Google
2008-04-27 09:44:40 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-27 09:43:40 0 d-------- C:\Programme\Reference Assemblies
2008-04-27 09:32:03 0 d-------- C:\Programme\Messenger Plus! Live
2008-04-27 09:31:21 0 d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2008-04-27 09:26:30 0 d-------- C:\Programme\Nero
2008-04-27 09:26:30 0 d-------- C:\Programme\Gemeinsame Dateien\Ahead
2008-04-27 09:23:46 0 d-------- C:\Programme\QuickDic
2008-04-27 09:14:35 0 d-------- C:\Programme\Maxtor
2008-04-27 09:14:00 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-27 09:13:52 0 d-------- C:\Programme\MSXML 6.0
2008-04-27 09:13:36 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-27 01:40:10 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-27 01:40:08 0 d-------- C:\Programme\Spyware Terminator
2008-04-27 01:13:58 0 d-------- C:\WINDOWS\system32\de-de
2008-04-27 01:11:49 0 d-------- C:\WINDOWS\network diagnostic
2008-04-27 00:53:56 0 d-------- C:\Programme\Windows Media Connect 2
2008-04-27 00:53:12 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-27 00:53:12 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-27 00:36:37 0 d-------- C:\Programme\DivX
2008-04-27 00:33:31 0 d-------- C:\Programme\eMule
2008-04-26 19:25:33 0 d-------- C:\WINDOWS
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\WinSxS
2008-04-26 19:25:33 0 dr------- C:\WINDOWS\Web
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\twain_32
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\wins
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\wbem
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\usmt
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\spool
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\Setup
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\ras
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\oobe
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\npp
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\mui
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\IME
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\ias
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\export
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\drivers
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-26 19:25:33 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\config
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\3076
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\2052
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\1054
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\1042
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\1041
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\1037
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\1033
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\1031
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\1028
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system32\1025
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\system
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\security
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\Resources
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\repair
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\Provisioning
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\PeerNet
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\pchealth
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\mui
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\msapps
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\msagent
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\Media
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\java
2008-04-26 19:25:33 0 d--h----- C:\WINDOWS\inf
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\ime
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\Help
2008-04-26 19:25:33 0 dr--s---- C:\WINDOWS\Fonts
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\Driver Cache
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\Debug
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\Cursors
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\Config
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\AppPatch
2008-04-26 19:25:33 0 d-------- C:\WINDOWS\addins
2008-04-26 18:46:23 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-26 18:44:37 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-04-26 18:40:30 0 d-------- C:\Programme\MediaMonkey
2008-04-26 18:32:31 0 d--hs---- C:\WINDOWS\Installer
2008-04-26 18:32:31 0 d-------- C:\Programme\Gemeinsame Dateien\ODBC
2008-04-26 18:32:28 0 dr------- C:\Programme
2008-04-26 18:32:28 0 d-------- C:\Programme\Gemeinsame Dateien
2008-04-26 18:32:28 0 d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines
2008-04-26 18:32:00 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-26 18:32:00 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-26 18:31:33 0 d-------- C:\Dokumente und Einstellungen
2008-04-26 18:31:32 0 d--hs---- C:\System Volume Information
2008-04-26 18:27:40 0 d--hs--c- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
2008-04-26 18:27:36 0 d-------- C:\Programme\Windows Live
2008-04-26 18:24:01 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-26 18:23:59 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-26 18:10:27 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-26 18:08:26 0 d-------- C:\Programme\Microsoft Works
2008-04-26 18:08:20 0 d-------- C:\Programme\MSBuild
2008-04-26 18:05:59 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-26 18:05:17 0 dr-h----- C:\MSOCache
2008-04-26 18:02:03 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-26 18:02:03 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-26 18:01:49 2641696 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-26 18:01:49 65537056 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-26 18:01:49 0 d-------- C:\Programme\Kaspersky Lab
2008-04-26 18:00:17 0 d-------- C:\WINDOWS\nview
2008-04-26 17:56:24 0 d-------- C:\Programme\Intel Desktop Board
2008-04-26 17:52:09 1097728 -----n--- C:\WINDOWS\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-04-26 17:52:09 90112 -----n--- C:\WINDOWS\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-04-26 17:52:09 303104 -----n--- C:\WINDOWS\sttray.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-04-26 17:51:52 0 d-------- C:\Programme\SigmaTel
2008-04-26 17:51:52 0 d--h----- C:\Programme\InstallShield Installation Information
2008-04-26 17:51:50 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-04-26 17:47:49 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-26 17:47:47 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-26 17:47:47 0 d-------- C:\Programme\Intel
2008-04-26 17:47:45 0 d-------- C:\Intel
2008-04-26 17:47:29 0 d-------- C:\Programme\MSXML 4.0
2008-04-26 17:47:25 0 d-------- C:\TempEI4
2008-04-26 17:44:09 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-26 17:44:07 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-26 17:41:17 0 d-------- C:\WINDOWS\system32\xircom
2008-04-26 17:41:17 0 d-------- C:\Programme\microsoft frontpage
2008-04-26 17:41:10 0 -rahs---- C:\MSDOS.SYS
2008-04-26 17:41:10 0 -rahs---- C:\IO.SYS
2008-04-26 17:41:10 0 --a------ C:\CONFIG.SYS
2008-04-26 17:41:10 0 --a------ C:\AUTOEXEC.BAT
2008-04-26 17:40:29 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-26 17:40:29 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-26 17:40:23 0 d--h----- C:\Programme\WindowsUpdate
2008-04-26 17:40:20 0 d-------- C:\Programme\Online-Dienste
2008-04-26 17:40:08 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-26 17:39:42 0 d-------- C:\Programme\Gemeinsame Dateien\Dienste
2008-04-26 17:39:40 0 d---s---- C:\WINDOWS\Tasks
2008-04-26 17:39:39 0 d-------- C:\Programme\Gemeinsame Dateien\MSSoap
2008-04-26 17:39:36 0 d-------- C:\WINDOWS\srchasst
2008-04-26 17:39:35 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-26 17:39:28 0 d-------- C:\Programme\Movie Maker
2008-04-26 17:39:21 0 d-------- C:\WINDOWS\system32\Restore
2008-04-26 17:39:07 21740 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-26 17:38:54 0 d-------- C:\WINDOWS\Registration
2008-04-26 17:38:35 0 d-------- C:\Programme\Online Services
2008-04-26 17:38:31 0 d-------- C:\Programme\Messenger
2008-04-26 17:38:28 0 d-------- C:\Programme\MSN Gaming Zone
2008-04-26 17:37:55 0 d-------- C:\Programme\Windows NT
2008-04-26 17:37:52 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-26 17:37:51 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-05-11 23:04:37 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Spyware Terminator
2008-05-11 22:41:39 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Mozilla
2008-05-11 22:41:38 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Thunderbird
2008-05-11 22:26:25 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\WinPatrol
2008-05-07 00:54:40 462764 --a------ C:\WINDOWS\system32\perfh007.dat
2008-05-07 00:54:39 85892 --a------ C:\WINDOWS\system32\perfc007.dat
2008-04-29 13:52:51 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Creative
2008-04-28 11:47:58 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\PC Suite
2008-04-28 11:46:33 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Nokia
2008-04-27 19:45:55 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\CyberLink
2008-04-27 18:37:48 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Sun
2008-04-27 18:25:09 70 ---h----- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\xpy.ini
2008-04-27 16:46:52 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\UpdateStar
2008-04-27 15:47:34 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Google
2008-04-27 13:32:29 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\HP
2008-04-27 11:56:37 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\WinRAR
2008-04-27 00:57:12 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\DivX
2008-04-26 18:56:23 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Adobe
2008-04-26 18:45:58 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Macromedia
2008-04-26 18:32:09 62 --ahs---- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\desktop.ini
2008-04-26 17:44:38 0 d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Identities
2008-03-31 23:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 23:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 22:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 22:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 22:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 22:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [05.04.2007 07:47 C:\WINDOWS\sttray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05.12.2007 01:41]
"nwiz"="nwiz.exe" [05.12.2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [08.02.2008 18:36]
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [24.08.2007 07:00]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]
"SpywareTerminator"="C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe" [05.05.2008 10:32]
"mxomssmenu"="C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe" [06.09.2007 14:53]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [12.01.2006 15:40]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05.12.2007 01:41]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [19.02.2006 02:41]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]
"RemoteControl"="C:\Programme\PowerDVD\PDVDServ.exe" [07.02.2007 16:24]
"LanguageShortcut"="C:\Programme\PowerDVD\Language\Language.exe" [07.02.2007 16:21]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"WinPatrol"="C:\Programme\WinPatrol\winpatrol.exe" [25.04.2008 19:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 04:22]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [23.12.2006 18:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31fec3c2-13ae-11dd-b714-806d6172696f}]
AutoRun\command- E:\Autorun.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8369 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-11 23:20:34 ------------

#7 Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: German

CPU 0: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 2029.68 MiB / 1015.79 MiB
Pagefile Memory (total/avail): 3922.61 MiB / 2900.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.16 MiB

C: is Fixed (NTFS) - 465.75 GiB total, 447.04 GiB free.
D: is CDROM (No Media)
E: is CDROM (UDF)
F: is Removable (Unformatted)
G: is Removable (Unformatted)
H: is Removable (Unformatted)
I: is Removable (Unformatted)
J: is Fixed (NTFS) - 698.64 GiB total, 154.32 GiB free.
L: is Fixed (NTFS) - 74.53 GiB total, 65.28 GiB free.
M: is Fixed (NTFS) - 55.89 GiB total, 42.89 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-75TMA0 - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 465.75 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - Maxtor OneTouch USB Device - 698.64 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 698.64 GiB - J:

\\.\PHYSICALDRIVE6 - Maxtor OneTouch III Disk - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 74.53 GiB - L:

\\.\PHYSICALDRIVE7 - Maxtor OneTouch III Disk - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 55.89 GiB - M:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------



-- User Profiles ---------------------------------------------------------------

Dan (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
a-squared Free 3.5 --> "C:\Programme\a-squared Free\unins000.exe"
a-squared HiJackFree 3.0 --> "C:\Programme\a-squared HiJackFree\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AVG Anti-Rootkit Free --> C:\Programme\AVG Anti-Rootkit Free\Uninstall.exe
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
Creative-Manager für Wechseldatenträger --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x7 /remove
Creative-Systeminformationen --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 /remove
Creative Zen Vision M --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x7 /remove
DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
eMule --> "C:\Programme\eMule\Uninstall.exe"
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Fussball Challenge 2008 (SF) --> "C:\Games\Fussball Challenge 2008 (SF)\uninstall.exe" fc08-CH_SF
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Programme\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Programme\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Programme\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Programme\HP\Digital Imaging\{3A316611-45D1-429C-AA26-B71259C44689}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Programme\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel(R) Management Engine Interface --> C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) PRO Network Connections 12.1.2.9 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Maxtor Manager --> "C:\Programme\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0407 -removeonly
Maxtor Manager --> MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
MediaMonkey 3.0 --> "C:\Programme\MediaMonkey\unins000.exe"
Messenger Plus! Live --> "C:\Programme\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007 --> MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007 --> MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007 --> MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007 --> MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007 --> MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Mozilla Thunderbird (2.0.0.14) --> C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need for Speed™ Most Wanted --> C:\Programme\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero 7 Essentials --> MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641031}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite --> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_ger_web[1].exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S 7.0 --> C:\Programme\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PowerDVD --> "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000407 /z-uninstall
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sicherheitsupdate für Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Sophos Anti-Rootkit 1.3.1 --> C:\Programme\Sophos\Sophos Anti-Rootkit\helper.exe remove
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "C:\Programme\Spyware Terminator\unins000.exe"
System Requirements Lab --> C:\Programme\SystemRequirementsLab\Uninstall.exe
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
UpdateStar --> MsiExec.exe /X{7B049115-744F-4827-B032-331E2BA27831}
Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2008 --> C:\PROGRA~1\WINPAT~1\Setup.exe /remove /q0
WinRAR --> C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1906 / Success
Event Submitted/Written: 05/11/2008 08:12:38 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1899 / Success
Event Submitted/Written: 05/11/2008 07:26:48 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1879 / Error
Event Submitted/Written: 05/11/2008 06:38:11 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : helper: Shared heap exhausted or damaged, process ID 1114, total alloc:36e28...

Event Record #/Type1878 / Error
Event Submitted/Written: 05/11/2008 06:38:11 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : helper: Shared heap exhausted or damaged, process ID 1114, total alloc:36e28...

Event Record #/Type1877 / Error
Event Submitted/Written: 05/11/2008 06:38:11 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : helper: Shared heap exhausted or damaged, process ID 1114, total alloc:36e28...



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type47722 / Warning
Event Submitted/Written: 05/11/2008 11:13:38 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.

Event Record #/Type47715 / Warning
Event Submitted/Written: 05/11/2008 08:19:05 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.

Event Record #/Type47688 / Error
Event Submitted/Written: 05/11/2008 08:00:07 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Event Record #/Type47685 / Error
Event Submitted/Written: 05/11/2008 08:00:07 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Event Record #/Type47682 / Error
Event Submitted/Written: 05/11/2008 08:00:07 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126



-- End of Deckard's System Scanner: finished at 2008-05-11 23:20:34 ------------

#8 In einem anderen Forum hatte einer genau den gleichen Vorfall heute mit seinem Hotmail Account! Es wurden auch 3 Spammails an seine Kontakte mit dem genau gleichen Mailinhalt versendet!!! Nur etwa 30mins später als meine!

Auch er hatte danach einen Systemscann gemacht und ebenfalls nichts gefunden

Was könnte das bedeuten?

#9 Hallo,

1.
deinstalliere:
Spyware Terminator

2.
wende bitte Combofix an + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#10 wieso, was ist mit Spyterminator nicht okay?

und was siehst du nun aus den anderen beiden reports und was bringt der nächste report?

#11 um Spywareterminator gibt es viele Diskussionen (gefaktes Programm ?....) , letztlich hatte ich einen User, wo per Terminator Schadware nachgeladen wurde... besser du deinstallierst das Ding.
Dann poste den report von Combofix, ist das gleiche wie Comboscan, hat aber noch andere Infos, die ich brauche
__________
MfG Sabina

rund um die PC-Sicherheit

#12 ComboFix 08-05-11.1 - Dan 2008-05-12 10:11:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.1371 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Dan\Desktop\ComboFix1.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat
J:\Autorun.inf
L:\Autorun.inf
M:\Autorun.inf

----- BITS: Possible infected sites -----

updatestar.com
.
((((((((((((((((((((((( Dateien erstellt von 2008-04-12 bis 2008-05-12 ))))))))))))))))))))))))))))))
.

2008-05-12 10:03 . 2008-05-12 10:03 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Ahead
2008-05-12 09:56 . 2008-05-12 09:56 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-12 09:49 . 2008-05-12 09:49 <DIR> d-------- C:\Programme\EVEREST Home Edition
2008-05-12 01:07 . 2008-05-12 01:07 324 --ahs---- C:\WINDOWS\system32\drivers\9b327D9.DAT
2008-05-12 01:07 . 2008-05-12 01:07 324 --ahs---- C:\WINDOWS\system32\drivers\25927DA.DAT
2008-05-12 01:07 . 2008-05-12 01:07 324 --ahs---- C:\WINDOWS\system32\drivers\02627D8.DAT
2008-05-12 01:06 . 2007-08-14 08:12 18,816 --------- C:\WINDOWS\system32\SAVRKBootTasks.sys
2008-05-12 01:01 . 2008-05-12 01:01 324 --ahs---- C:\WINDOWS\system32\drivers\b5927D3.DAT
2008-05-12 01:01 . 2008-05-12 01:01 324 --ahs---- C:\WINDOWS\system32\drivers\13527D4.DAT
2008-05-12 01:01 . 2008-05-12 01:01 324 --ahs---- C:\WINDOWS\system32\drivers\02627D2.DAT
2008-05-12 00:55 . 2008-05-12 01:08 <DIR> d-------- C:\Programme\Avira RootKit Detection
2008-05-11 23:15 . 2008-05-11 23:15 <DIR> d-------- C:\Deckard
2008-05-11 22:41 . 2008-05-11 22:44 <DIR> d-------- C:\Programme\Mozilla Thunderbird
2008-05-11 22:41 . 2008-05-11 22:41 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Thunderbird
2008-05-11 22:41 . 2008-05-11 22:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 22:26 . 2008-05-12 09:57 <DIR> d-------- C:\Programme\WinPatrol
2008-05-11 22:26 . 2008-05-11 22:26 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\WinPatrol
2008-05-11 19:38 . 2008-05-11 19:38 2,335,270 --a------ C:\WINDOWS\system32\284D.mht
2008-05-11 19:24 . 2008-05-12 09:47 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Pavark
2008-05-11 18:38 . 2008-05-11 18:38 <DIR> d-------- C:\Programme\Sophos
2008-05-11 18:27 . 2008-05-11 23:58 <DIR> d-------- C:\Programme\AVG Anti-Rootkit Free
2008-05-11 18:27 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-05-11 17:38 . 2008-05-11 17:38 100 --a------ C:\index.ini
2008-05-07 00:53 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-07 00:47 . 2008-05-07 00:47 <DIR> d-------- C:\WINDOWS\system32\de
2008-05-07 00:47 . 2008-05-07 00:47 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-07 00:47 . 2008-05-07 00:47 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-07 00:45 . 2008-05-07 00:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 00:38 . 2008-05-07 00:38 <DIR> d-------- C:\WINDOWS\EHome
2008-04-29 13:52 . 2008-04-29 13:52 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Creative
2008-04-28 16:57 . 2008-04-28 16:57 <DIR> d-------- C:\Programme\EA GAMES
2008-04-28 16:57 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-28 13:50 . 2008-04-28 13:50 <DIR> d-------- C:\Games
2008-04-28 11:47 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-28 11:47 . 2008-04-28 11:47 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-28 11:47 . 2008-04-28 11:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-27 19:45 . 2008-04-27 19:45 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\CyberLink
2008-04-27 19:38 . 2008-04-27 19:44 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink
2008-04-27 19:36 . 2008-04-27 19:36 <DIR> d-------- C:\Programme\Cyberlink
2008-04-27 19:34 . 2008-04-27 19:37 <DIR> d-------- C:\Programme\PowerDVD
2008-04-27 18:41 . 2008-04-27 18:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles
2008-04-27 18:37 . 2008-04-27 18:37 <DIR> d-------- C:\WINDOWS\Sun
2008-04-27 18:37 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-27 18:36 . 2008-04-27 18:37 <DIR> d-------- C:\Programme\Java
2008-04-27 18:35 . 2008-04-27 18:35 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-04-27 16:46 . 2008-04-27 16:46 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\UpdateStar
2008-04-27 16:43 . 2008-04-27 16:43 <DIR> d-------- C:\Programme\Eusing Free Registry Cleaner
2008-04-27 16:43 . 2008-05-12 01:28 <DIR> d-------- C:\Programme\a-squared Free
2008-04-27 16:42 . 2008-04-27 16:42 <DIR> d-------- C:\Programme\CCleaner
2008-04-27 16:41 . 2008-04-27 16:41 <DIR> d-------- C:\Programme\a-squared HiJackFree
2008-04-27 16:40 . 2008-04-27 16:40 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-27 16:40 . 2008-04-27 16:47 <DIR> d-------- C:\Programme\Ad-Aware 2007
2008-04-27 16:40 . 2008-04-27 16:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-04-27 16:34 . 2008-04-28 11:47 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\PC Suite
2008-04-27 16:34 . 2008-04-28 11:46 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\Nokia
2008-04-27 16:34 . 2008-04-28 11:47 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
2008-04-27 16:33 . 2008-04-27 16:33 <DIR> d-------- C:\Programme\PC Connectivity Solution
2008-04-27 16:33 . 2008-04-27 16:33 <DIR> d-------- C:\Programme\Nokia
2008-04-27 16:33 . 2008-04-27 16:33 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2008-04-27 16:33 . 2008-04-27 16:33 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia
2008-04-27 16:33 . 2008-04-27 16:33 <DIR> d-------- C:\Programme\DIFX
2008-04-27 16:33 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-27 16:33 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-27 16:33 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-27 16:33 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-27 16:33 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-27 16:33 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-27 16:33 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-27 16:33 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-27 16:32 . 2008-04-27 16:32 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
2008-04-27 13:32 . 2008-04-27 13:32 <DIR> d-------- C:\Dokumente und Einstellungen\Dan\Anwendungsdaten\HP
2008-04-27 13:32 . 2008-04-27 13:32 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP
2008-04-27 13:31 . 2008-04-27 13:31 <DIR> d-------- C:\bin
2008-04-27 13:29 . 2008-04-27 13:29 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Sonic Shared
2008-04-27 13:29 . 2008-04-27 13:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sonic
2008-04-27 13:28 . 2008-04-27 13:28 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-27 13:27 . 2008-04-27 13:29 <DIR> d-------- C:\Programme\Gemeinsame Dateien\HP
2008-04-27 13:23 . 2008-04-27 13:23 325 --a------ C:\WINDOWS\KillProcess.INI
2008-04-27 13:16 . 2008-04-27 13:05 121,157 --------- C:\WINDOWS\hpoins11.dat.temp
2008-04-27 13:16 . 2006-05-06 08:05 6,947 --------- C:\WINDOWS\hpomdl11.dat.temp
2008-04-27 13:10 . 2006-05-06 00:21 11,634 --a------ C:\WINDOWS\hpomdl11.dat
2008-04-27 13:05 . 2008-04-27 13:26 <DIR> d-------- C:\Programme\Hewlett-Packard
2008-04-27 13:04 . 2008-04-27 13:04 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Hewlett-Packard
2008-04-27 13:04 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.1
2008-04-27 13:03 . 2008-04-27 13:32 127,781 --a------ C:\WINDOWS\hpoins11.dat
2008-04-27 12:22 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-27 12:22 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-04-27 12:22 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-04-27 12:22 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-27 12:22 . 2007-08-09 09:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-04-27 12:22 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-27 12:22 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-27 12:22 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2008-04-27 12:22 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-27 12:21 . 2008-04-27 13:32 <DIR> d-------- C:\Programme\HP
2008-04-27 12:21 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-27 12:20 . 2005-10-21 19:58 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-04-27 12:20 . 2005-10-21 19:52 21,568 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-04-27 12:20 . 2005-10-21 19:58 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-04-27 12:19 . 2006-04-13 02:02 827,392 --a------ C:\WINDOWS\system32\hpotiop2.dll
2008-04-27 12:19 . 2006-04-13 02:02 659,456 --a------ C:\WINDOWS\system32\hpowiax2.dll
2008-04-27 12:19 . 2005-10-25 04:57 286,720 --a------ C:\WINDOWS\system32\HPZc3212.dll
2008-04-27 12:19 . 2006-04-13 02:02 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
2008-04-27 12:19 . 2005-07-19 03:38 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-04-27 12:19 . 2006-01-04 10:12 77,824 --a------ C:\WINDOWS\system32\HPZIDS01.dll
2008-04-27 11:58 . 2008-04-27 11:58 <DIR> d-------- C:\Programme\KillProcess
2008-04-27 11:44 . 2008-04-27 12:40 <DIR> d-------- C:\WINDOWS\NV39162708.TMP
2008-04-27 11:44 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-27 11:43 . 2008-04-27 11:43 <DIR> d-------- C:\NVIDIA
2008-04-27 11:33 . 2008-04-27 11:33 <DIR> d-------- C:\Programme\SystemRequirementsLab
2008-04-27 11:22 . 2008-05-11 23:37 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-27 10:50 . 2000-05-22 10:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-04-27 10:50 . 1999-10-10 19:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-04-27 10:47 . 2008-04-27 10:50 <DIR> d-------- C:\Programme\Creative
2008-04-27 09:52 . 2008-04-27 09:52 <DIR> d-------- C:\Programme\Google
2008-04-27 09:44 . 2008-04-27 11:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-27 09:43 . 2008-04-27 09:43 <DIR> d-------- C:\Programme\Reference Assemblies
2008-04-27 09:42 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-27 09:32 . 2008-04-27 09:32 <DIR> d-------- C:\Programme\Messenger Plus! Live
2008-04-27 09:32 . 2008-04-27 09:32 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
2008-04-27 09:32 . 2008-04-27 09:32 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
2008-04-27 09:31 . 2008-04-27 09:31 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2008-04-27 09:31 . 2008-05-07 00:55 1,024 --ah----- C:\Dokumente und Einstellungen\Default User\NtUser.dat.LOG
2008-04-27 09:26 . 2008-04-27 09:26 <DIR> d-------- C:\Programme\Nero
2008-04-27 09:26 . 2008-04-27 09:31 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 22:55 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-04-27 17:34 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-26 15:56 --------- d-----w C:\Programme\Intel Desktop Board
2008-04-26 15:54 --------- d-----w C:\Programme\Intel
2008-04-26 15:51 --------- d-----w C:\Programme\SigmaTel
2008-04-26 15:51 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-04-26 15:47 --------- d-----w C:\Programme\MSXML 4.0
2008-04-26 15:41 --------- d-----w C:\Programme\microsoft frontpage
2008-04-26 15:40 --------- d-----w C:\Programme\Online-Dienste
2008-04-26 15:39 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-04-14 05:53 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 05:52 989,696 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 05:52 425,472 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 02:36 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:25 333,312 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:22 99,840 ----a-w C:\WINDOWS\system32\scardsvr.exe
2008-04-14 02:21 762,368 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:21 731,648 ----a-w C:\WINDOWS\system32\ntdll.dll
2008-04-14 02:21 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:21 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:02 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 02:02 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 02:02 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 02:02 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 02:02 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 02:00 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 01:59 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 01:59 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 01:58 800,384 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 01:58 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 01:58 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 01:58 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 01:58 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 01:57 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 01:56 51,712 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 01:56 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 01:55 572,928 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:55 52,992 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 01:54 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 01:54 10,752 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:53 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:52 68,096 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 01:52 53,760 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 01:52 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 01:51 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 01:50 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 01:50 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 01:50 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 01:49 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 01:49 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 01:49 188,800 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:22 15360]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2007-04-05 07:47 303104 C:\WINDOWS\sttray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SpywareTerminator"="C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 10:32 1817600]
"mxomssmenu"="C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Programme\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Programme\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"WinPatrol"="C:\Programme\WinPatrol\winpatrol.exe" [2008-04-25 19:31 333120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programme\\PowerDVD\\PowerDVD.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=

R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\system32\SAVRKBootTasks.sys [2007-08-14 08:12]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-05 10:32]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programme\PowerDVD\000.fcl [2006-11-02 16:51]
R2 Maxtor Sync Service;Maxtor Service;C:\Programme\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S0 02627D2;02627D2;C:\WINDOWS\system32\drivers\02627D2.SYS []
S0 02627D8;02627D8;C:\WINDOWS\system32\drivers\02627D8.SYS []
S1 9b327D9;9b327D9;C:\WINDOWS\system32\drivers\9b327D9.SYS []
S1 b5927D3;b5927D3;C:\WINDOWS\system32\drivers\b5927D3.SYS []
S2 13527D4;13527D4;C:\WINDOWS\system32\drivers\13527D4.SYS []
S2 25927DA;25927DA;C:\WINDOWS\system32\drivers\25927DA.SYS []
S3 FXDrv32;FXDrv32;D:\FXDrv32.sys []
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\69.tmp []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

*Newly Created Service* - CATCHME
*Newly Created Service* - GUGQTVXLCGNG
*Newly Created Service* - SAVRKBOOTTASKS
*Newly Created Service* - TVICHW32
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 10:20:35
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\69.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Programme\PowerDVD\000.fcl"
.
Zeit der Fertigstellung: 2008-05-12 10:22:50
ComboFix-quarantined-files.txt 2008-05-12 08:22:32

11 Verzeichnis(se), 479,731,728,384 Bytes frei
15 Verzeichnis(se), 479,859,269,632 Bytes frei

341 --- E O F --- 2008-04-26 17:10:47

#13 ««
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

GUGQTVXLCGNG

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

sp_rsdrv2

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit

#14 also ich glaube ich lasse das mal, scheint mir zu kompliziert zu sein

werde den PC jetzt neu ausetzten, mir eine neue E-Mail Addi zulegen und das Problem scheint für immer aus der welt zu sein