Virtumonde

[Pickeldie5155]

Ich weis das Thema Virtumonde ist schon öfter behandelt worden.Vieles auf
Englisch was ich leider nicht behersche.
Spybot zeigt mir leider den Vitumonde an.
Habe Windows XP Home SP3
Ich werde das Teil einfach nicht los.Wäre sehr dankbar für eure Hilfe
LG Pickeldie5155

Hier der Bericht den mir Spybot anzeigt.

--- Report generated: 2008-11-21 23:20 ---

Tipp des Tages: Klicken Sie auf den Balken rechts, um mehr Informationen zu sehen! ()


Virtumonde: [SBI $1F8EC695] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-08-01 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-11-18 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-11-18 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-18 Includes\KeyloggersC.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-11-18 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-11-11 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-10-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-11-11 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-04 Includes\Trojans.sbi (*)
2008-11-18 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

 

[raman]

HAllo Pickeldie5155,

Nutze bitte einmal rsit
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.
Lade Random's System Information Tool (RSIT) herunter (http://images.malwareremoval.com/random/RSIT.exe)
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Wenn Du HiJackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

und Gmer:
http://forum.hijackthis.de/showthread.php?t=16868

 

[Pickeldie5155]

Hallo Raman

Anbei die die Log und Info file.

log.txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Hermann at 2008-11-22 11:27:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 221 GB (93%) free of 238 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:11, on 22.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programme\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\system32\netdde.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programme\Brother\Brmfcmon\BrMfcmon.exe
C:\Programme\T-Online\T-Online_Software_6\Browser\Browser.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\kernel.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\profilemgr.exe
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\Dokumente und Einstellungen\Hermann\Desktop\RSIT.exe
C:\Programme\trend micro\Hermann.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.avira.de/de/support/support_downloads.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\Programme\bxNewFolder\bxNewFolder.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Übersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT78\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Übersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT78\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Übersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT78\PRMTIE\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188418387062
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {C604ABC1-242A-46EC-BEB0-9DF8E9DBB20B} -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 11346 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51C8BCA8-2524-4523-BF09-738C4EEBFC58}]
bxNewFolder - C:\Programme\bxNewFolder\bxNewFolder.dll [2004-03-11 191488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{FF284F5C-7CF9-4682-8701-D467C1DBB99F} - Übersetzer - C:\Programme\PRMT78\PRMTIE\prmtie.dll [2007-06-15 454656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter2.0"=C:\Programme\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"SetDefPrt"=C:\Programme\Brother\Brmfl04a\BrStDvPt.exe [2004-05-25 49152]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-03-04 19968]
"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"avgnt"=C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech Desktop Messenger.lnk - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Status Monitor.lnk - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzdn32]
winzdn32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MaxRecentDocs"=7
"NoDriveAutoRun"=3
"HideClock"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe"="C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE"="C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE:*:Enabled:GMX MultiMessenger"
"C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe"="C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-11-22 11:27:02 ----D---- C:\Programme\trend micro
2008-11-22 11:27:01 ----D---- C:\rsit
2008-11-22 01:04:06 ----D---- C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\Avira
2008-11-22 00:56:13 ----A---- C:\WINDOWS\system32\avsda.dll
2008-11-22 00:56:12 ----D---- C:\Programme\Avira
2008-11-22 00:56:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-11-22 00:50:26 ----SHD---- C:\Config.Msi
2008-11-22 00:24:33 ----D---- C:\Programme\Sophos
2008-11-21 20:21:47 ----A---- C:\WINDOWS\WISO.INI
2008-11-21 20:21:41 ----D---- C:\WINDOWS\system32\ID Device ActiveX_reg
2008-11-21 17:22:56 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-21 07:27:05 ----D---- C:\Programme\Enigma Software Group
2008-11-19 18:01:30 ----D---- C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\AVS4YOU
2008-11-19 18:00:58 ----D---- C:\Programme\Gemeinsame Dateien\AVSMedia
2008-11-19 18:00:56 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-11-19 18:00:56 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-11-19 18:00:55 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2008-11-19 00:15:13 ----D---- C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\NeroDigital™
2008-11-19 00:01:02 ----D---- C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\Nero
2008-11-18 23:59:13 ----D---- C:\Programme\Nero
2008-11-18 23:59:13 ----D---- C:\Programme\Gemeinsame Dateien\Nero
2008-11-18 08:47:59 ----D---- C:\Programme\Microsoft Baseline Security Analyzer 2
2008-11-15 09:47:24 ----D---- C:\Programme\Gemeinsame Dateien\xing shared
2008-11-15 09:47:20 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-13 20:07:22 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-11-13 20:07:22 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-11-13 20:07:21 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-12 15:20:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 15:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 15:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 09:49:44 ----D---- C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\NeroDigital(TM)
2008-11-06 11:12:15 ----D---- C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\GMX
2008-11-06 11:12:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX
2008-11-06 11:12:04 ----D---- C:\Programme\GMX
2008-11-05 20:43:03 ----D---- C:\Programme\Windows Sidebar
2008-11-05 18:44:14 ----D---- C:\Programme\Misc. Support Library (Spybot - Search & Destroy)
2008-11-05 18:44:14 ----D---- C:\Programme\File Scanner Library (Spybot - Search & Destroy)
2008-11-02 00:18:21 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-29 13:02:35 ----D---- C:\Programme\OXXOGames
2008-10-27 14:58:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium
2008-10-27 13:30:25 ----D---- C:\Programme\Paint.NET

======List of files/folders modified in the last 1 months======

2008-11-22 11:27:02 ----D---- C:\Programme
2008-11-22 11:22:38 ----D---- C:\WINDOWS\system32
2008-11-22 11:22:38 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-22 11:18:25 ----D---- C:\WINDOWS\Temp
2008-11-22 11:18:25 ----D---- C:\WINDOWS\system32\ias
2008-11-22 11:15:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-22 00:56:13 ----D---- C:\WINDOWS\system32\drivers
2008-11-22 00:50:55 ----SHD---- C:\WINDOWS\Installer
2008-11-22 00:50:49 ----D---- C:\Programme\Symantec
2008-11-22 00:50:49 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-11-22 00:34:31 ----D---- C:\Programme\StarMoney 6.0 S-Edition
2008-11-21 22:57:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-21 22:47:59 ----SHD---- C:\System Volume Information
2008-11-21 22:47:59 ----D---- C:\WINDOWS\system32\Restore
2008-11-21 20:22:52 ----ASH---- C:\boot.ini
2008-11-21 20:21:47 ----D---- C:\WINDOWS
2008-11-21 20:21:41 ----D---- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2008-11-21 20:21:18 ----D---- C:\Programme\Buhl
2008-11-21 08:06:01 ----D---- C:\WINDOWS\Debug
2008-11-20 19:47:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-20 19:41:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-19 18:00:58 ----D---- C:\Programme\Gemeinsame Dateien
2008-11-19 08:49:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-11-19 00:00:35 ----AC---- C:\WINDOWS\system32\MsiExec.exe.log
2008-11-18 22:41:37 ----D---- C:\Programme\TuneUp Utilities 2008
2008-11-18 22:40:47 ----SD---- C:\WINDOWS\Tasks
2008-11-18 22:27:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-11-18 11:26:32 ----D---- C:\Programme\Kodak
2008-11-18 11:23:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kodak
2008-11-18 11:23:00 ----D---- C:\WINDOWS\Help
2008-11-18 11:22:59 ----HD---- C:\WINDOWS\inf
2008-11-18 11:22:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-18 11:22:14 ----RSD---- C:\WINDOWS\assembly
2008-11-16 10:40:51 ----D---- C:\Programme\nLite
2008-11-15 14:08:12 ----D---- C:\Programme\VS Revo Group
2008-11-15 10:13:00 ----D---- C:\Program Files
2008-11-15 09:47:36 ----D---- C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\Real
2008-11-15 09:47:22 ----D---- C:\Programme\Gemeinsame Dateien\Real
2008-11-14 18:23:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-11-13 20:07:22 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-11-13 15:38:25 ----D---- C:\WINDOWS\system32\config
2008-11-12 15:20:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 15:19:39 ----D---- C:\WINDOWS\WinSxS
2008-11-08 09:22:54 ----D---- C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\Media Player Classic
2008-11-05 20:45:51 ----AC---- C:\WINDOWS\Irremote.ini
2008-11-04 01:10:25 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-11-02 10:02:38 ----D---- C:\Dokumente und Einstellungen
2008-11-01 15:17:44 ----AC---- C:\WINDOWS\system32\regsvr32.exe.log
2008-11-01 11:38:46 ----D---- C:\WINDOWS\Prefetch
2008-10-31 00:40:51 ----D---- C:\WINDOWS\Lhsp
2008-10-30 14:13:40 ----D---- C:\Programme\DEUTSCHLAND SPIELT
2008-10-30 01:29:03 ----A---- C:\WINDOWS\system32\oeminfo.ini
2008-10-29 23:03:56 ----D---- C:\WINDOWS\system32\Macromed
2008-10-29 11:45:35 ----AC---- C:\WINDOWS\system.ini
2008-10-29 03:23:22 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-10-29 03:22:02 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-29 03:11:35 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-10-29 03:11:21 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-10-29 03:11:12 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-10-29 03:11:03 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-10-29 03:10:59 ----A---- C:\WINDOWS\system32\atioglxx.dll
2008-10-29 03:10:45 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2008-10-29 03:09:10 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-10-29 03:07:44 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-10-29 02:57:58 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-10-29 02:49:31 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-10-29 02:41:13 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-29 02:25:31 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2008-10-29 02:21:21 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-10-29 02:19:50 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2008-10-29 02:19:40 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-10-29 02:18:30 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2008-10-29 02:12:51 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-28 21:05:00 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-10-28 13:56:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS
2008-10-28 13:55:59 ----D---- C:\Programme\NOS
2008-10-24 14:40:39 ----D---- C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\Buhl Data Service GmbH

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Programme\Avira\Avira Premium Security Suite\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-22 75072]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2008-08-28 71184]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\Avira Premium Security Suite\avgntflt.sys []
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2007-07-31 15664]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-03-04 25214]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-03-04 37804]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-03-04 73134]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MRVW225;USB54M Wireless LAN Dirver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2005-12-21 299776]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys []
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-03 105984]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmudau;C-Media USB Sound Interface; C:\WINDOWS\system32\drivers\cmudau.sys []
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-03-04 53870]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\3E.tmp []
S3 MIINPazX;MIINPazX NDIS Protocol Driver; \??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS []
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-03 13824]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
S3 PCANDIS5;PCANDIS5; C:\WINDOWS\system32\drivers\PCANDIS5.sys []
S3 sermouse;Serieller Maustreiber; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-18 18176]
S3 SipIMNDI;T-Online Dialerschutz VoIP Service; C:\WINDOWS\system32\DRIVERS\SipIMNDI.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TSMPacket;DSL-Manager Service; C:\WINDOWS\system32\drivers\TSMPacket.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-13 96512]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2008-07-08 611664]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard; C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-11 164097]
R2 AntiVirScheduler;Avira Premium Security Suite Planer; C:\Programme\Avira\Avira Premium Security Suite\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira Premium Security Suite Guard; C:\Programme\Avira\Avira Premium Security Suite\avguard.exe [2008-10-15 151297]
R2 antivirwebservice;Avira Premium Security Suite WebGuard; C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-06-12 258305]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-29 585728]
R2 AVEService;Avira Premium Security Suite MailGuard Hilfsdienst; C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 41217]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
R2 PD91Agent;PD91Agent; C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-25 693512]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Programme\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\Programme\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-25 910600]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-05-08 1251720]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-28 361728]
S3 UPnPService;UPnPService; C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
info.txt.
info.txt logfile of random's system information tool 1.04 2008-11-22 11:27:13

======Uninstall list======

@promt Personal 7.8 German Giant-->MsiExec.exe /I{1B3ACAE7-C333-4DB6-AC8F-82D0381C2E27}
-->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE C:\WINDOWS\system32\Adobe\Shockwave 11\Install.log
Ashampoo WinOptimizer 5.10-->"C:\Programme\Ashampoo\Ashampoo WinOptimizer 5\unins000.exe"
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Avira Premium Security Suite-->C:\Programme\Avira\Avira Premium Security Suite\SETUP.EXE /REMOVE
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x7 Brunin03.dllBrunin03.dll
bxNewFolder 1.0-->C:\Programme\bxNewFolder\uninstall.exe
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
DEUTSCHLAND SPIELT GAME CENTER-->"C:\Programme\OXXOGames\GPlayer\\MyInstall.exe" UInstAllGPAndDS
Firebird SQL Server - MAGIX Edition-->C:\Programme\MAGIX\Common\Database\instslct.exe /p
FotoQuelle Fotobuch-->C:\Programme\FotoQuelle Fotobuch\uninst.exe
getPlus(R) for Adobe-->"C:\Programme\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
GMX MultiMessenger-->C:\Programme\GMX\GMX MultiMessenger\uninst.exe
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hoffmann's Lotto-->C:\WINDOWS\unin0407.exe -fC:\Programme\Hoffmann\Lotto\DeIsL1.isu -cC:\Programme\Hoffmann\Lotto\_ISREG32.DLL
Hoffmans Lotto-Experte V2.05-->"C:\Programme\Hoffmann\Lotto\unins000.exe"
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP Flat Panel Monitor INF Software 4.00-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EBA0C587-D976-4D71-8976-0743EDE14F10}\Setup.exe" -l0x7
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
IPS -->C:\Programme\Foto Quelle\IPS\uninst.exe
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
L&H TTS3000 Deutsch-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSGED.inf, Uninstall
L&H TTS3000 Español-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
L&H TTS3000 Russian-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSRUR.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Letstrade-->MsiExec.exe /X{E0091C29-DEE8-4B24-BF65-8C35B5940D77}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x7 UNINSTALL
Logitech MouseWare 9.76 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x7 -l0007 UNINSTALL
MAGIX Foto Clinic 6 6.0.12.0 (D)-->C:\Programme\MAGIX\Foto_Clinic_6\instslct.exe /p
MAGIX Foto Manager 2007 4.1.1.186 (D)-->C:\Programme\MAGIX\DigitalFotoMaker2007_e-version\instslct.exe /p
MAGIX Fotos & Videos easy 2 2.0.0.14 (D)-->C:\Programme\MAGIX\Fotos_Videos_easy_2\instslct.exe /p
MAGIX Music Manager 2007 8.1.1.185 (D)-->C:\Programme\MAGIX\MP3_Maker_12_e-version\instslct.exe /p
MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Programme\MAGIX\Online_Druck_Service\instslct.exe /p
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme-->MsiExec.exe /X{90120000-00B2-0407-0000-0000000FF1CE}
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Tool Web Package : EXTRACT.EXE-->MsiExec.exe /X{D52A721B-E44C-4AD7-AD4F-29D83144384B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
nLite 1.4.9.1-->"C:\Programme\nLite\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OpenAL-->"C:\Programme\OpenAL\oalinst.exe" /U
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
PrintProfi CD-Label-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F336E5BC-6281-4ECD-8CA8-38D158D0AEAE}\setup.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly
Revo Uninstaller 1.75-->C:\Programme\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
SpeedLink USB Game Controller-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4747A540-13CC-4956-9822-B9596601D7EB}\setup.exe" -l0x9
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
StarMoney 6.0 S-Edition-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{89BA3E7B-22BA-4B31-BF59-D764D3BDA972}\setup.exe" -l0x7 -removeonly
Systerac XP Tools 5-->MsiExec.exe /I{52349C80-BB45-4774-8378-F045A9155240}
ThumbView_Lite 1.0-->"C:\Programme\ThumbView_Lite 1.0\uninstall.exe"
T-Online 6.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unlocker 1.8.7-->C:\Programme\Unlocker\uninst.exe
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {535AFBFD-FBD1-4C17-8723-CFB7FDFB7928}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {40EDB4D3-A95E-413F-9578-F2E01A3D209B}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Essentials Media Codec Pack 1.0-->C:\Programme\Essentials Codec Pack\uninst.exe
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows-Sicherungsprogramm-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WISO Haushaltsbuch 2009-->MsiExec.exe /I{C05DB3EA-72D9-4EF0-9D19-B0864AF582A5}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira Premium Security Suite

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\;C:\Programme\Haufe\iDesk\iDeskService\;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_07\lib\ext\QTJava.zip
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"DEVMGR_SHOW_DETAILS"=1

-----------------EOF-----------------
LG Pickeldie5155

 

[Pickeldie5155]

Hallo Raman
Hier noch die File von Gmer

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-22 11:48:28
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 9F721564 ZwCreateThread
SSDT 9F721550 ZwOpenProcess
SSDT 9F721555 ZwOpenThread
SSDT 9F72155F ZwTerminateProcess
SSDT 9F72155A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2566 80501D9E 2 Bytes [ 72, 9F ]

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODLED02.00.00.02WSSV C8E5676E38F30DD711CF7B071AE06DB1BC101350BCD07A34794DAAFB2A603A330D78BAD07799C1703F86F86FF5D7724B5781A5EAFA075938A26DE9A6ACA6139291F64814E827BCB563F197ACB50D82EA5D2C134E426EB1A4960DFC5CFCB7DF0D55834535B4C5A2DFF24DCD76484FD1185F0036916D9C66EDA16E3D2F008C58A2FA56ABE5E5F418190CE2D63D83C218C9927CA902B878E0F7B0E7C7E9F8F234C3C9393C0D6C84C9036D13B2239E5C11EECFB64D9DC63D8D1FD4E37D09958A32DBAC0D75C21B9BE431FAD2A4FEB667FCE51458C6989CFC5C2F4561843B62499341B2C3A0552AB39C2C3D2AB2594D831E06FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D67949DB7CE019D40AA5C46EB7CC99A2E2802273BCDDF5DD8A6F8985F9CDED56ECD871F787A37465FAB6DBCC27764A11B9C8ED85367B4BB7A931DBC2DA9D68EF57096201C0EC20A33E3923DE83DEBFA56E75B0258BC4AF532C55F4A7E7827E239AEE823D9E44988CCDDACAC4AACE5B2D0532984CAECE16316184CB70809EE94149376DA3D01E88CEEF64498666789BF502E2AE03EDDF34193E864A4939F034937312E1FE226EFC42E1153AECF54C677EFCA88C05B332B30669C1ED0FCC4E90B261B72E67E5F65C2F291C
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@FindFlags 14
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@LastKey Computer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@ LastKey
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites

---- EOF - GMER 1.0.14 ----

 

[raman]

Das sieht mir nicht so sehr nach Vundo aus.

Nutze bitte sdfix:

Download SDFix zum Desktop

Starte dein Recher in
abgesicherten Modus

SDFix.zip entpacken
unter C:\ findet man nun den SDFix-Ordner

Doppelklick RunThis.bat
Schreibe: Y folge allen Anweisungen
Dann wird der Rechner neustarten
SDFix entfernt jetzt die gefundene Objekte
Kopiere den Inhalt des Berichts der jetzt auf dein Desktop steht in diesen Thread

 

[Pickeldie5155]

Hallo Ralf

Hier der Bericht von SDFix


SDFix: Version 1.240
Run by Hermann on 22.11.2008 at 13:08

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\aspr_keys.ini - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 13:11:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODLED02.00.00.02WSSV"="C8E5676E38F30DD711CF7B071AE06DB1BC101350BCD07A34794DAAFB2A603A330D78BAD07799C1703F86F86FF5D7724B5781A5EAFA075938A26DE9A6ACA6139291F64814E827BCB563F197ACB50D82EA5D2C134E426EB1A4960DFC5CFCB7DF0D55834535B4C5A2DFF24DCD76484FD1185F0036916D9C66EDA16E3D2F008C58A2FA56ABE5E5F418190CE2D63D83C218C9927CA902B878E0F7B0E7C7E9F8F234C3C9393C0D6C84C9036D13B2239E5C11EECFB64D9DC63D8D1FD4E37D09958A32DBAC0D75C21B9BE431FAD2A4FEB667FCE51458C6989CFC5C2F4561843B62499341B2C3A0552AB39C2C3D2AB2594D831E06FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D67949DB7CE019D40AA5C46EB7CC99A2E2802273BCDDF5DD8A6F8985F9CDED56ECD871F787A37465FAB6DBCC27764A11B9C8ED85367B4BB7A931DBC2DA9D68EF57096201C0EC20A33E3923DE83DEBFA56E75B0258BC4AF532C55F4A7E7827E239AEE823D9E44988CCDDACAC4AACE5B2D0532984CAECE16316184CB70809EE94149376DA3D01E88CEEF64498666789BF502E2AE03EDDF34193E864A4939F034937312E1FE226EFC42E1153AECF54C677EFCA88C05B332B30669C1ED0FCC4E90B261B72E67E5F65C2F291C8C02E1DBD949B0060715EDA63B2239CE09F37C4DF45386A98D2D5F87EFC796288473E30C5B896A83FDF18823233B0D18A1CC62FD2CA98BB6A224303AA4FD271E85DCCBF66E57523ABA2EC1DDBFDC82E6B72C5D8675148AF273DB4548AF5E52FB4C0BD415D8322529D7053E2DC427A24C973E05A76F09A6B002D2C056F9567922B540AEF9D5D5C1CFEA45A4EE215A9AADD14580D88A837969A1EC0F26532E79400203B49CA2233EBB140209E4F6F8BBED56D83945F589A5E91649C3EA738C633D9CD728FBF660EB009E65956B92DAB60D0BB4A53EEC61374F2F4FD4DA575B76FD32D60488AA1265C4DDFCEBE6D8EE891E4E02AF15C9CC50BC1E937C8851B454FFBB04EBE6B2D88E4BA975CDFE737F45A9AE1B4DB0567A95D71802D9D1FC1CADC57701600D74A99C6801EF10C5BB0D848EFE50E42F7188BA66E1BDCFC7F627AA5DA25A85FF99C0C0043A616D4AF68EC69D4BAF11879058AA795BF52DB66DB583BF22F87F2AFA96B121B895E907E2CE150AED2AA9600669925B818307448EF3C337D914B93895F158514C2F65B95B2391757C01C39B65A82681F73AC42CDC555274EF11FE04D8A3B632EF2A2957993C9571B3FB9C0FD62DE3D81C0148754672234AC1DC1BBF5E0E13B5C5CB4DF5FC9BF323AA98DB1E9E320F38F18C149EB43F67D537F06CB2F78E52088E814A3B1B718CA6B823552C0A70863E8B3A9D0592D7F27F0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"FindFlags"=dword:0000000e
"LastKey"="Computer"
@="LastKey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Programme\\Gemeinsame Dateien\\MAGIX Shared\\UPnPService\\UPnPService.exe"="C:\\Programme\\Gemeinsame Dateien\\MAGIX Shared\\UPnPService\\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Programme\\GMX\\GMX MultiMessenger\\MESSENGR.EXE"="C:\\Programme\\GMX\\GMX MultiMessenger\\MESSENGR.EXE:*:Enabled:GMX MultiMessenger"
"C:\\Programme\\Gemeinsame Dateien\\Nero\\Nero Web\\SetupX.exe"="C:\\Programme\\Gemeinsame Dateien\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 5 Feb 2001 34,331 ...H. --- "C:\swsetup\Monitors\hp_f1723\INSTALL.EXE"
Thu 15 Jan 2004 21,671 ...H. --- "C:\swsetup\Monitors\hp_f1723\SETMON.EXE"
Wed 7 May 2008 315,938 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Wed 19 Nov 2008 23,669 ...H. --- "C:\Dokumente und Einstellungen\Hermann\Anwendungsdaten\Microsoft\Templates\~WRL0003.tmp"

Finished!

MfG Hermann

 

[raman]

Nutze Hijackthis:

Download: http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.zip

Lade/entpacke HijackThis in einen extra Ordner, Benenne Hijackthis in HJT um, starte es, deaktiviere den Spybot Teatimer, hake folgenden Eintrag an und druecke fix checked

O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)


Starte den PC neu und kontrolliere mit Hijackthis, ob der Obige Eintrag wirklich verschwunden ist.

 

[Pickeldie5155]

Habe das HJT gemacht.Der Eintrag ist verschwunden.
Habe Spybot noch mal laufen lassen.Es erscheint nichts mehr.

Wenns das gewesen war möchte mich ganz herzlich für deine großartige
Hilfe bedanken.

MfG Hermann

 

[raman]

Also wenn Spybot nun zufrieden ist, bin ich es auch!