Hi Leute
Hab auf meinem Vista PC mir wohl ne art Spyware namens File Secure eingefangen.Kann mir jemand sagen wie ich diesen Plagegeist wieder los werden kann.Hab euch noch die Log Datei von HijackThis unten mit angehängt.Spybot-Search & Destroy & Ad-Aware,hab ich auch versucht zu benutzten,aber hat leider nichts gebracht.Das Programm möchte das ich mir ne setup2.exe von der IP 89.149.227.195 runterlade,wo angeblich das Removetool drin sein soll.Danach soll man sich Registrieren und 49,99€ bezahlen.Was ich natürlich nicht gemacht habeHat wer vlt. das gleiche Problem gehabt und kann mir helfen?

Files Secure - Protect Your PC Now!

Logfile of HijackThis v1.99.1
Scan saved at 22:20:16, on 21.03.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\Program Files\Sceneo\VistaTV\Services\ODSBC\ODSBCApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Windows\system32\taskeng.exe
C:\hp\kbd\kbd.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Users\user\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - C:\Windows\ausctv32a.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\VistaTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dmemd.exe] C:\Windows\system32\dmemd.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [BirthdayRemember6] "C:\Program Files\BirthdayRemember\BirthdayRemember.exe" "autostart"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{54CFB30A-4492-4BE3-8A8A-53C9D2F7EDBC}: NameServer = 89.27.130.34 89.27.130.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{86CD1880-FF72-46F6-9569-E5AD99EEF5F5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\VistaTV\Services\PVR\PVRService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Hallo,

Hinweis: deaktiviere kurzzeitig den Search & Destroy\TeaTimer.exe

Frage:
du bist bei einem Provider in Kiel angemeldet.
es gibt jedoch auch eine Verbindung zu:

Zitat:

Tcpip\Parameters: NameServer = 208.67.220.220

Registrant:
OpenDNS
OpenDNS Hostmaster
199 Fremont St.
12th Floor
San Francisco
California,94105

bewusst so eingestellt ??? Falls nicht, fixe die angegebenen 017-Einträge mit HijackThis

-------------------------------------------------------------------------------------

1.
wende CCleaner an
CCleaner

2.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat:

O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - C:\Windows\ausctv32a.dll

O4 - HKLM\..\Run: [dmemd.exe] C:\Windows\system32\dmemd.exe

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

3.
wende Combofix an + poste hier den report
combofix

Hallo Rul3r,

hast du eine Lösung für dein Problem gefunden? Bei mir ging heute das gleiche los. Falls du eine Lösung finden solltest gibt bitte bescheid. Mach ich natürlich auch.

Ich hatte das gleiche Problem, Kaspersky Internet Security hat da sofort geholfen.
Installiert Euch einfach die Testversion...

So bisschen später aber der Report kommt jetzt von Combofix.Hat jemand denn schon den Plagegeist wegbekommen?

ComboFix 08-03-27.1 - user 2008-03-28 19:54:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.2162 [GMT 1:00]
ausgeführt von:: C:\Users\user\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jusched.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-28 ))))))))))))))))))))))))))))))
.

2008-03-28 19:47 . 2008-03-28 19:47 <DIR> d-------- C:\Program Files\CCleaner
2008-03-21 21:24 . 2008-03-21 21:24 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-21 21:24 . 2008-03-21 21:24 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-21 21:24 . 2008-03-21 21:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-21 21:24 . 2008-03-21 21:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-21 20:09 . 2008-03-21 20:23 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-21 20:09 . 2008-03-21 20:23 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-21 20:09 . 2008-03-21 20:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-21 20:08 . 2008-03-21 20:08 9,722,720 --a------ C:\Users\user\spybotsd152.exe
2008-03-20 06:34 . 2008-03-21 11:43 <DIR> d-------- C:\Program Files\Files-Secure
2008-03-18 22:50 . 2008-03-20 01:23 222,208 --a------ C:\Windows\ausctv32a.dll
2008-03-18 22:50 . 2008-03-20 01:23 51 --a------ C:\xmp.bat
2008-03-15 21:17 . 2008-03-28 19:12 <DIR> d-------- C:\Users\user\AppData\Roaming\OpenOffice.org2
2008-03-15 20:51 . 2008-03-15 20:51 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-03-13 21:35 . 2008-03-13 21:35 <DIR> d-------- C:\Users\All Users\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2008-03-13 21:35 . 2008-03-13 21:35 <DIR> d-------- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2008-03-13 21:35 . 2008-03-13 21:35 <DIR> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-03-13 21:34 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-03-13 21:33 . 2008-03-13 21:33 <DIR> d-------- C:\Windows\PCHEALTH
2008-03-13 21:33 . 2008-03-13 21:33 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-13 21:32 . 2008-03-14 17:06 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-03-13 21:32 . 2008-03-14 17:06 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-03-13 21:32 . 2008-03-13 21:32 <DIR> dr-h----- C:\MSOCache
2008-03-13 06:37 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-13 06:37 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-05 17:26 . 2008-03-05 17:26 <DIR> d-------- C:\Users\user\AppData\Roaming\WinBatch
2008-03-02 12:49 . 2008-03-02 12:49 <DIR> d-------- C:\Users\user\AppData\Roaming\iWin
2008-03-02 12:42 . 2008-03-02 12:53 <DIR> d-------- C:\Program Files\WildGames
2008-03-01 06:10 . 2008-03-01 06:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-01 06:09 . 2008-03-01 06:09 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-29 21:55 . 2008-02-29 21:55 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-02-29 21:55 . 2008-02-29 21:55 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-02-29 21:55 . 2008-02-29 21:55 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-02-29 21:55 . 2008-02-29 21:55 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-02-29 21:55 . 2008-02-29 21:55 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-02-29 21:55 . 2008-02-29 21:55 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-02-29 21:55 . 2008-02-29 21:55 43,352 --a------ C:\Windows\System32\wups2.dll
2008-02-29 21:55 . 2008-02-29 21:55 33,624 --a------ C:\Windows\System32\wups.dll
2008-02-29 21:55 . 2008-02-29 21:55 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-02-29 20:36 . 2008-02-29 21:01 <DIR> d-------- C:\Program Files\EasyBits For Kids
2008-02-29 20:30 . 2008-02-29 20:33 <DIR> d-------- C:\Users\user\AppData\Roaming\VMedia
2008-02-29 17:01 . 2008-02-29 17:01 2,923,520 --a------ C:\Windows\explorer.exe
2008-02-29 17:00 . 2008-02-29 17:00 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-02-29 16:58 . 2008-02-29 16:58 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-29 16:57 . 2008-02-29 16:57 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-02-29 16:57 . 2008-02-29 16:57 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-02-29 16:57 . 2008-02-29 16:57 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-02-29 16:57 . 2008-02-29 16:57 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-02-29 16:57 . 2008-02-29 16:57 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-02-29 16:56 . 2008-02-29 16:56 2,048 --a------ C:\Windows\System32\tzres.dll
2008-02-28 23:05 . 2008-02-28 23:05 <DIR> d-------- C:\Users\user\AppData\Roaming\WildTangent
2008-02-28 22:57 . 2008-02-28 22:57 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2008-02-28 22:57 . 2008-02-28 22:57 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-02-28 22:57 . 2008-02-28 22:57 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-02-28 22:56 . 2008-02-28 22:56 <DIR> d--h----- C:\Program Files\CanonBJ
2008-02-28 22:56 . 2006-07-20 06:51 1,298,432 --a------ C:\Windows\System32\CNCC160.DLL
2008-02-28 22:56 . 2006-09-12 20:00 197,632 --a------ C:\Windows\System32\CNMLM83.DLL
2008-02-28 22:56 . 2006-05-26 01:54 135,168 --a------ C:\Windows\System32\CNCL160.DLL
2008-02-28 22:56 . 2006-06-29 05:29 106,496 --a------ C:\Windows\System32\cnco160.dll
2008-02-28 22:56 . 2006-07-20 06:51 57,344 --a------ C:\Windows\System32\CNCI160.DLL
2008-02-28 22:41 . 2008-02-28 22:41 <DIR> d-------- C:\Users\user\AppData\Roaming\Logitech
2008-02-28 22:41 . 2008-02-28 22:41 <DIR> d-------- C:\Users\All Users\LogiShrd
2008-02-28 22:41 . 2008-02-28 22:41 <DIR> d-------- C:\ProgramData\LogiShrd
2008-02-28 22:39 . 2008-02-28 22:39 <DIR> d-------- C:\Users\user\AppData\Roaming\InstallShield
2008-02-28 22:39 . 2008-02-28 22:39 <DIR> d-------- C:\Users\All Users\Logitech
2008-02-28 22:39 . 2008-02-28 22:39 <DIR> d-------- C:\ProgramData\Logitech
2008-02-28 22:39 . 2008-02-28 22:39 <DIR> d-------- C:\Program Files\Logitech
2008-02-28 22:39 . 2008-02-28 22:39 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-02-28 22:39 . 2008-01-09 12:26 301,656 --a------ C:\Windows\System32\BtCoreIf.dll
2008-02-28 22:39 . 2008-01-09 12:27 170,512 --a------ C:\Windows\System32\kemutb.dll
2008-02-28 22:39 . 2008-01-09 12:28 141,840 --a------ C:\Windows\System32\KemUtil.dll
2008-02-28 22:39 . 2008-01-09 12:28 117,264 --a------ C:\Windows\System32\KemWnd.dll
2008-02-28 22:39 . 2008-01-09 12:28 76,304 --a------ C:\Windows\System32\KemXML.dll
2008-02-28 22:27 . 2008-02-28 22:27 <DIR> d-------- C:\Users\user\AppData\Roaming\TVcentral-Core
2008-02-28 22:24 . 2008-02-28 22:24 96 --a------ C:\Windows\buhl.ini
2008-02-28 22:17 . 2008-02-28 22:17 <DIR> d-------- C:\Users\All Users\IncrediMail
2008-02-28 22:17 . 2008-02-28 22:19 <DIR> d-------- C:\Users\All Users\IM
2008-02-28 22:17 . 2008-02-28 22:17 <DIR> d-------- C:\ProgramData\IncrediMail
2008-02-28 22:17 . 2008-02-28 22:19 <DIR> d-------- C:\ProgramData\IM
2008-02-28 22:17 . 2008-03-21 21:00 <DIR> d-------- C:\Program Files\IncrediMail
2008-02-28 22:14 . 2008-02-28 22:14 <DIR> d-------- C:\Program Files\Sceneo
2008-02-28 22:14 . 2008-02-28 22:14 <DIR> d-------- C:\Program Files\Common Files\Sonavis
2008-02-28 22:14 . 2008-03-21 21:00 <DIR> d-------- C:\Program Files\Common Files\Buhl Data Service
2008-02-28 22:14 . 2004-04-23 15:01 299,008 --a------ C:\Windows\System32\midas.dll
2008-02-28 22:14 . 2004-06-11 09:46 120,320 --a------ C:\Windows\System32\UnzDll.dll
2008-02-28 22:14 . 2004-06-04 08:46 82,432 --a------ C:\Windows\System32\msxml4r.dll
2008-02-28 22:14 . 2004-06-04 08:46 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-02-28 22:01 . 2008-02-28 22:01 <DIR> d-------- C:\Program Files\ATEN
2008-02-28 22:01 . 2007-06-08 13:40 76,288 --a------ C:\Windows\System32\drivers\ser2at.sys
2008-02-28 21:55 . 2008-02-28 21:55 <DIR> d-------- C:\Program Files\GfK
2008-02-28 21:54 . 2008-02-28 21:55 <DIR> d-------- C:\Windows\uninstall\ScanIT Client
2008-02-28 21:54 . 2008-02-28 21:54 <DIR> d-------- C:\Windows\uninstall
2008-02-28 21:54 . 2008-02-28 21:54 <DIR> d-------- C:\Program Files\vtplus
2008-02-28 21:54 . 2008-02-28 21:54 <DIR> d-------- C:\Program Files\Common Files\IviSDK
2008-02-28 21:54 . 2007-07-19 14:44 2,179,072 --a------ C:\Windows\System32\mfc71d.dll
2008-02-28 21:54 . 2007-07-19 14:44 765,952 --a------ C:\Windows\System32\msvcp71d.dll
2008-02-28 21:54 . 2007-07-19 14:44 544,768 --a------ C:\Windows\System32\msvcr71d.dll
2008-02-28 21:54 . 1999-06-24 21:55 149,504 --a------ C:\Windows\System32\UNWISE.EXE
2008-02-28 21:54 . 2008-02-28 21:54 399 --a------ C:\Windows\vtplus32.ini
2008-02-28 21:54 . 2008-02-28 21:54 30 --a------ C:\Windows\System32\UNWISE.INI

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 16:42 --------- d-----w C:\ProgramData\Symantec
2008-03-21 20:00 --------- d-----w C:\Program Files\Windows Mail
2008-03-21 20:00 --------- d-----w C:\Program Files\Microsoft Works
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-03-02 11:48 --------- d-----w C:\ProgramData\WildTangent
2008-02-29 19:36 92,160 ----a-w C:\Windows\System32\ezUninst.exe
2008-02-29 19:36 85,504 ----a-w C:\Windows\System32\ezShellStart.exe
2008-02-29 19:36 49,152 ----a-w C:\Windows\System32\ezUPBHook.dll
2008-02-29 19:36 33,792 ----a-w C:\Windows\System32\ezntsvc.exe
2008-02-29 19:36 241,664 ----a-w C:\Windows\System32\ezSetup.exe
2008-02-29 19:36 15,360 ----a-w C:\Windows\System32\ezMAPIHelper.exe
2008-02-29 16:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-29 16:00 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-29 15:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-29 15:54 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-29 15:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-29 15:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-29 15:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-28 21:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 21:11 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-28 21:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-28 20:39 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-28 20:39 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-28 20:39 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-28 20:39 --------- d-----w C:\Program Files\Symantec
2008-02-25 09:03 --------- d-----w C:\Users\user\AppData\Roaming\Symantec
2008-02-25 09:03 --------- d-----w C:\Users\user\AppData\Roaming\Hewlett-Packard
2008-02-25 09:03 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-25 08:54 1,801 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_KB058AA-ABD a6325.de_YC_0Pavi_QCNH749_E81DEv3PrA1_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.11_T071205_WUH0_L407_M3071_J500_7Intel_8Core2 Duo E4500_92.2_#080225_N10EC8168_Z_G10DE0421.MRK
2008-02-25 08:50 --------- d-sh--w C:\ProgramData\Vorlagen
2008-02-25 08:50 --------- d-sh--w C:\ProgramData\Startmenü
2008-02-25 08:50 --------- d-sh--w C:\ProgramData\Favoriten
2008-02-25 08:50 --------- d-sh--w C:\ProgramData\Dokumente
2008-02-25 08:50 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-02-25 08:50 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
2008-01-29 14:50 1,218,619 ----a-w C:\Windows\Help\OEM\scripts\install.exe
2007-11-28 13:18 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 14:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-28 21:39 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE0487CA-8B02-431E-BA63-D38844E020B5}]
2008-03-20 01:23 222208 --a------ C:\Windows\ausctv32a.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 14:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-29 16:57 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-03 18:02 1783136]
"BirthdayRemember6"="C:\Program Files\BirthdayRemember\BirthdayRemember.exe" [2007-09-14 00:38 2324480]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 17:30 243072]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"dmmem.tmp"="C:\Windows\system32\dmmem.tmp" [ ]
"dmpdy.tmp"="C:\Windows\system32\dmpdy.tmp" [ ]
"dmbdw.tmp"="C:\Windows\system32\dmbdw.tmp" [ ]
"dmctn.tmp"="C:\Windows\system32\dmctn.tmp" [ ]
"dmlvo.tmp"="C:\Windows\system32\dmlvo.tmp" [ ]
"dmlpx.tmp"="C:\Windows\system32\dmlpx.tmp" [ ]
"dmnat.tmp"="C:\Windows\system32\dmnat.tmp" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-28 22:47 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 16:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 19:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 19:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 19:59 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 14:52 4702208 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"EPGServiceTool"="C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe" [2007-08-01 03:26 675840]
"TVBroadcast"="C:\Program Files\Sceneo\VistaTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-11-12 09:31 827392]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"dmemd.exe"="C:\Windows\system32\dmemd.exe" [2008-02-29 17:01 58368]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2008-02-28 21:53:52 110647]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-28 22:39:44 789008]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2008-02-29 20:36 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F85FC163-CE8F-4E22-93DD-175FCFE37894}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{20370E42-1266-412C-8CD6-1C9411472A80}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6932B7D8-0BE5-4F22-9C2D-DEFD62C84C8C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7D5CFD60-91B3-42AB-828C-3F680B3720E8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{C0EE1AF0-36AB-4BC1-ADA0-255118B6F484}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9F8E1410-1735-4058-A240-7764D93305B1}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{1F3FB426-422C-433E-93B3-B8CF76420BF4}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6ADA577E-2F2A-4037-8AE9-431170A31BBA}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{A2F10795-92B9-4CD4-97E2-72EDA2818B32}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080326.002\IDSvix86.sys [2008-02-13 17:18]
R2 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2007-11-05 17:21]
R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2008-02-29 20:36]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 RapiMgr;Windows Mobile-basierte Geräteverbindung;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 srvcPVR;Sceneo PVR Service;C:\Program Files\Sceneo\VistaTV\Services\PVR\PVRService.exe [2007-11-09 10:20]
R2 WcesComm;Windows Mobile 2003-basierte Geräteverbindung;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 Ser2at;ATEN USB to Serial port driver;C:\Windows\system32\DRIVERS\ser2at.sys [2007-06-08 13:40]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 11:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 07:50]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-01-29 18:09]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-11-07 10:28]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\system32\Drivers\hcw95bda.sys [2007-10-25 09:47]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-10-25 09:52]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 11:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - COMHOST
.
Inhalt des "geplante Tasks" Ordners
"2008-03-10 20:14:05 C:\Windows\Tasks\Norton Internet Security - Systemprüfung ausführen - user.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 19:56:44
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-28 19:57:11
ComboFix-quarantined-files.txt 2008-03-28 18:57:08
6 Verzeichnis(se), 412,593,598,464 Bytes frei
15 Verzeichnis(se), 412,619,804,672 Bytes frei
.
2008-03-27 20:52:12 --- E O F ---

kann mir denn da keiner helfen

Zitat:

Zitat von Rul3r

kann mir denn da keiner helfen

Sabina ist gesperrt worden, kann Dir also nicht mehr antworten. Ich schau mir gleich mal Deine Logs an, also bitte etwas Geduld!

C:\Windows\ausctv32a.dll
C:\Windows\system32\dmemd.exe

Diese Dateien sind mir auf aufgefallen. Werte die mal bei Virustotal aus und poste die Ergebnisse.