Trojaner-Board - Festplatte beschädigt durch Trojaner, Bildschirm schwarz

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Festplatte beschädigt durch Trojaner, Bildschirm schwarz (https://www.trojaner-board.de/100624-festplatte-beschaedigt-trojaner-bildschirm-schwarz.html)

Festplatte beschädigt durch Trojaner, Bildschirm schwarz

Hallo,

mein Problem scheint ein bekanntes zu sein, habe deshalb aus nem anderen Thema folgendes kopiert, weil es so bei mir zutrifft:

"Hallo,

AntiVir hat mich vorhin auf einen Trojaner hingewiesen. Ich hab dann dem AntiVir gesagt das er es löschen soll. Danach kam dann die Meldung "Beschädigte Festplatte-Cluster gefunden. Private Daten sind in Gefahr...."

Kurze Zeit später war der Hinter schwarz.

Naja anscheinend haben schon mehrere das Problem...
Eigentlich soll ich morgen ein Referat halten....das wird wohl nichts mehr

Danke für eure Hilfe!

Hier die Logs vom OTL.exe

da ich meinen beitrag nicht editieren kann hier noch ein paar infos:

-mein desktop wird schwarz angezeigt nur meine taskleiste ist zu sehen

-ich kann nicht auf meine daten zugreifen...alle ordner werden als leer dargestellt!"

Habe OTL gestartet und die OTL.Txt Auswertung als Datei beigefügt!

Bin in Sachen PC absolut ahnungslos und wäre für schnelle Hilfe sehr dankbar:daumenhoc

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKCU..\Run: [HVflVHqKyLnBdDx]  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.04.04 08:51:28 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{8b06ecd2-d463-11de-bf35-00140b0542aa}\Shell - "" = AutoRun

O33 - MountPoints2\{8b06ecd2-d463-11de-bf35-00140b0542aa}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8b06ecd2-d463-11de-bf35-00140b0542aa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{b3dee124-4075-11dd-bc6d-00140b053a90}\Shell - "" = AutoRun

O33 - MountPoints2\{b3dee124-4075-11dd-bc6d-00140b053a90}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b3dee124-4075-11dd-bc6d-00140b053a90}\Shell\AutoRun\command - "" = E:\pushinst.exe

[2011.06.20 15:47:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Dennis\Startmenü\Programme\Windows XP Repair

[2011.06.20 15:50:02 | 000,000,392 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19390244

[2011.06.20 15:47:36 | 000,000,240 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19390244

[2011.06.20 15:47:36 | 000,000,168 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19390244r

[2011.06.20 15:47:35 | 000,000,825 | -H-- | M] () -- C:\Dokumente und Einstellungen\Dennis\Desktop\Windows XP Repair.lnk

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hi,

habs durchgeführt, hier das gewünschte Logfile:

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HVflVHqKyLnBdDx deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b06ecd2-d463-11de-bf35-00140b0542aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b06ecd2-d463-11de-bf35-00140b0542aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b06ecd2-d463-11de-bf35-00140b0542aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b06ecd2-d463-11de-bf35-00140b0542aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b06ecd2-d463-11de-bf35-00140b0542aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b06ecd2-d463-11de-bf35-00140b0542aa}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3dee124-4075-11dd-bc6d-00140b053a90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3dee124-4075-11dd-bc6d-00140b053a90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3dee124-4075-11dd-bc6d-00140b053a90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3dee124-4075-11dd-bc6d-00140b053a90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3dee124-4075-11dd-bc6d-00140b053a90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3dee124-4075-11dd-bc6d-00140b053a90}\ not found.
File E:\pushinst.exe not found.
C:\Dokumente und Einstellungen\Dennis\Startmenü\Programme\Windows XP Repair folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19390244 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19390244 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19390244r moved successfully.
C:\Dokumente und Einstellungen\Dennis\Desktop\Windows XP Repair.lnk moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.1 log created on 06222011_160240

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hey,

hier wieder der geünschte logfile:

2011/06/22 18:27:28.0984 1924 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/22 18:27:29.0281 1924 ================================================================================
2011/06/22 18:27:29.0281 1924 SystemInfo:
2011/06/22 18:27:29.0281 1924
2011/06/22 18:27:29.0281 1924 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/22 18:27:29.0281 1924 Product type: Workstation
2011/06/22 18:27:29.0281 1924 ComputerName: USER-0615DF80C3
2011/06/22 18:27:29.0281 1924 UserName: Dennis
2011/06/22 18:27:29.0281 1924 Windows directory: C:\WINDOWS
2011/06/22 18:27:29.0281 1924 System windows directory: C:\WINDOWS
2011/06/22 18:27:29.0281 1924 Processor architecture: Intel x86
2011/06/22 18:27:29.0281 1924 Number of processors: 2
2011/06/22 18:27:29.0281 1924 Page size: 0x1000
2011/06/22 18:27:29.0281 1924 Boot type: Normal boot
2011/06/22 18:27:29.0281 1924 ================================================================================
2011/06/22 18:27:30.0812 1924 Initialize success
2011/06/22 18:27:35.0109 3456 ================================================================================
2011/06/22 18:27:35.0109 3456 Scan started
2011/06/22 18:27:35.0109 3456 Mode: Manual;
2011/06/22 18:27:35.0109 3456 ================================================================================
2011/06/22 18:27:36.0765 3456 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/22 18:27:36.0843 3456 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/22 18:27:36.0937 3456 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/22 18:27:37.0015 3456 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/22 18:27:37.0218 3456 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/06/22 18:27:37.0359 3456 AR5211 (9108f38c07f4953ea4ee89243e787cad) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/06/22 18:27:37.0421 3456 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/22 18:27:37.0578 3456 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/22 18:27:37.0640 3456 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/22 18:27:37.0718 3456 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/22 18:27:37.0828 3456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/22 18:27:37.0953 3456 avgio (87828ecd657f81503465ac705e845076) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys
2011/06/22 18:27:38.0015 3456 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2011/06/22 18:27:38.0062 3456 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/22 18:27:38.0140 3456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/22 18:27:38.0234 3456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/22 18:27:38.0328 3456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/22 18:27:38.0406 3456 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/22 18:27:38.0500 3456 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/22 18:27:38.0625 3456 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/22 18:27:38.0703 3456 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/22 18:27:38.0828 3456 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/06/22 18:27:38.0921 3456 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/06/22 18:27:39.0078 3456 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/22 18:27:39.0156 3456 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/22 18:27:39.0265 3456 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/22 18:27:39.0328 3456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/22 18:27:39.0406 3456 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/22 18:27:39.0484 3456 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/06/22 18:27:39.0562 3456 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/22 18:27:39.0656 3456 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/22 18:27:39.0718 3456 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/22 18:27:39.0796 3456 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/22 18:27:39.0828 3456 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/22 18:27:39.0890 3456 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/22 18:27:39.0937 3456 fspad (1fea7d93c659d7efee6e788c1c7541ba) C:\WINDOWS\system32\DRIVERS\fspad.sys
2011/06/22 18:27:39.0984 3456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/22 18:27:40.0031 3456 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/22 18:27:40.0109 3456 FWLANUSB (b45f1df1cce34e2af422f0ed78cd70ef) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
2011/06/22 18:27:40.0218 3456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/22 18:27:40.0296 3456 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/22 18:27:40.0375 3456 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/22 18:27:40.0453 3456 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/22 18:27:40.0593 3456 HSF_DPV (068734475cedd18ca52dd99c8fefe43b) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/06/22 18:27:40.0703 3456 HSXHWAZL (ae5e2bbb2b9373b72aad801a749de1f0) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/06/22 18:27:40.0796 3456 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/22 18:27:40.0937 3456 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/22 18:27:41.0000 3456 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/22 18:27:41.0296 3456 IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/22 18:27:41.0437 3456 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/22 18:27:41.0484 3456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/22 18:27:41.0531 3456 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/22 18:27:41.0609 3456 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/22 18:27:41.0968 3456 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/22 18:27:42.0156 3456 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/22 18:27:42.0312 3456 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/22 18:27:42.0500 3456 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/22 18:27:42.0562 3456 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/22 18:27:42.0609 3456 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/22 18:27:42.0750 3456 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/22 18:27:42.0828 3456 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/22 18:27:42.0890 3456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/22 18:27:42.0968 3456 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/22 18:27:43.0031 3456 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/22 18:27:43.0109 3456 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/22 18:27:43.0218 3456 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/22 18:27:43.0296 3456 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/22 18:27:43.0375 3456 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/22 18:27:43.0421 3456 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/22 18:27:43.0484 3456 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/22 18:27:43.0546 3456 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/22 18:27:43.0578 3456 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/22 18:27:43.0656 3456 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/22 18:27:43.0687 3456 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/22 18:27:43.0734 3456 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/22 18:27:43.0812 3456 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/22 18:27:43.0890 3456 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/22 18:27:43.0937 3456 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/22 18:27:43.0984 3456 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/22 18:27:44.0015 3456 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/22 18:27:44.0093 3456 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/22 18:27:44.0218 3456 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/22 18:27:44.0265 3456 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/06/22 18:27:44.0312 3456 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/22 18:27:44.0390 3456 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/22 18:27:44.0437 3456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/22 18:27:44.0656 3456 nv (cb5aaab10c8392cd49733d92a9930441) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/22 18:27:44.0953 3456 NVENETFD (447cf6e09ceca96eaf5772d465cca344) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/22 18:27:44.0984 3456 nvnetbus (ef04d5a268f5d44422795f9c013fbc8a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/22 18:27:45.0046 3456 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/06/22 18:27:45.0125 3456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/22 18:27:45.0156 3456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/22 18:27:45.0234 3456 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/22 18:27:45.0312 3456 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/22 18:27:45.0375 3456 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/22 18:27:45.0437 3456 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/22 18:27:45.0453 3456 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/22 18:27:45.0546 3456 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/22 18:27:45.0593 3456 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/22 18:27:45.0875 3456 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/22 18:27:45.0953 3456 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/22 18:27:46.0000 3456 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/22 18:27:46.0046 3456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/22 18:27:46.0109 3456 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/22 18:27:46.0296 3456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/22 18:27:46.0359 3456 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/22 18:27:46.0406 3456 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/22 18:27:46.0453 3456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/22 18:27:46.0531 3456 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/22 18:27:46.0562 3456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/22 18:27:46.0625 3456 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/22 18:27:46.0703 3456 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/22 18:27:46.0796 3456 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/22 18:27:46.0937 3456 s816bus (8c156e6b568aa927eb5deadeb870bdd2) C:\WINDOWS\system32\DRIVERS\s816bus.sys
2011/06/22 18:27:46.0984 3456 s816mdfl (d4ed429953a2b8b09c702805813a26c8) C:\WINDOWS\system32\DRIVERS\s816mdfl.sys
2011/06/22 18:27:47.0046 3456 s816mdm (94306f371a6ff8b690bea81157111b3b) C:\WINDOWS\system32\DRIVERS\s816mdm.sys
2011/06/22 18:27:47.0109 3456 s816mgmt (fafdd00abad1b6029bf7f4067764ab41) C:\WINDOWS\system32\DRIVERS\s816mgmt.sys
2011/06/22 18:27:47.0156 3456 s816nd5 (fd0d1e39cb22558d79bff59b66a5874a) C:\WINDOWS\system32\DRIVERS\s816nd5.sys
2011/06/22 18:27:47.0218 3456 s816obex (8eacd5e46764463e75f171d9bf305348) C:\WINDOWS\system32\DRIVERS\s816obex.sys
2011/06/22 18:27:47.0281 3456 s816unic (e2090b041b935430abc8e184b7d6cd75) C:\WINDOWS\system32\DRIVERS\s816unic.sys
2011/06/22 18:27:47.0390 3456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/22 18:27:47.0484 3456 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/22 18:27:47.0531 3456 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/22 18:27:47.0687 3456 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/22 18:27:47.0765 3456 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/22 18:27:47.0859 3456 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/22 18:27:47.0921 3456 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/22 18:27:47.0984 3456 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/22 18:27:48.0062 3456 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/22 18:27:48.0265 3456 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/22 18:27:48.0375 3456 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/22 18:27:48.0453 3456 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/22 18:27:48.0484 3456 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/22 18:27:48.0562 3456 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/22 18:27:48.0718 3456 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/22 18:27:48.0859 3456 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/22 18:27:48.0921 3456 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/22 18:27:49.0000 3456 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/22 18:27:49.0062 3456 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/22 18:27:49.0125 3456 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/22 18:27:49.0171 3456 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/22 18:27:49.0234 3456 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/22 18:27:49.0312 3456 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/22 18:27:49.0390 3456 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/22 18:27:49.0500 3456 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/22 18:27:49.0578 3456 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/22 18:27:49.0703 3456 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/22 18:27:49.0796 3456 winachsf (1b2696e94900f4e236e6a585ff534309) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/06/22 18:27:49.0859 3456 WINIO (6943c8f5cba301e07a1f69df69b09257) C:\WINDOWS\system32\WinIo.sys
2011/06/22 18:27:50.0140 3456 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2011/06/22 18:27:50.0281 3456 ================================================================================
2011/06/22 18:27:50.0281 3456 Scan finished
2011/06/22 18:27:50.0281 3456 ================================================================================
2011/06/22 18:27:50.0312 0368 Detected object count: 0
2011/06/22 18:27:50.0312 0368 Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hi,

habe unhide.exe ausgeführt, meine dateien sind nun wieder alle da :-)

hier der logfile von combofix:

Combofix Logfile:

Code:

ComboFix 11-06-22.03 - Dennis 23.06.2011  14:25:31.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.2047.1536 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Dennis\Desktop\cofi.exe

AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

C:\smp.bat

c:\windows\Update.bat

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-23 bis 2011-06-23  ))))))))))))))))))))))))))))))

.

.

2011-06-22 14:02 . 2011-06-22 14:02        --------        d-----w-        C:\_OTL

2011-06-21 13:43 . 2011-06-21 13:43        --------        d-----w-        c:\dokumente und einstellungen\Dennis\Anwendungsdaten\Malwarebytes

2011-06-21 13:29 . 2011-06-21 13:29        --------        d-----w-        c:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes

2011-06-21 13:29 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-21 13:29 . 2011-06-21 13:29        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-06-21 13:29 . 2011-06-21 13:29        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-06-21 13:29 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-06-20 14:52 . 2011-06-20 14:52        --------        d-----w-        c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google

2011-06-20 14:51 . 2011-06-20 14:51        --------        d-----w-        c:\dokumente und einstellungen\User\Anwendungsdaten\Apple Computer

2011-06-20 14:51 . 2011-06-20 14:51        --------        d-----w-        c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Apple Computer

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\atapi.sys

[-] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\asyncmac.sys

[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\kbdclass.sys

[-] 2004-08-03 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ndis.sys

[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys

[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\browser.dll

[-] 2004-08-10 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2004-08-10 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

.

[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\lsass.exe

[-] 2004-08-10 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2004-08-10 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

.

[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\comres.dll

[-] 2004-08-10 19:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll

[-] 2004-08-10 19:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll

.

[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\qmgr.dll

[-] 2004-08-10 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2004-08-10 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

.

[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\winlogon.exe

[-] 2004-08-10 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-10 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

.

[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\cryptsvc.dll

[-] 2004-08-10 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-10 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

.

[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\imm32.dll

[-] 2004-08-10 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2004-08-10 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

.

[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\lpk.dll

[-] 2004-08-10 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2004-08-10 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

.

[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\msvcrt.dll

[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2004-08-10 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-10 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2004-08-10 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

.

[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\powrprof.dll

[-] 2004-08-10 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2004-08-10 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

.

[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\scecli.dll

[-] 2004-08-10 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2004-08-10 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

.

[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\sfc.dll

[-] 2004-08-10 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2004-08-10 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

.

[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\svchost.exe

[-] 2004-08-10 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2004-08-10 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

.

[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\userinit.exe

[-] 2004-08-10 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2004-08-10 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

.

[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ws2_32.dll

[-] 2004-08-10 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2004-08-10 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

.

[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ws2help.dll

[-] 2004-08-10 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll

[-] 2004-08-10 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll

.

[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\regedit.exe

[-] 2004-08-10 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\regedit.exe

[-] 2004-08-10 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe

.

[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\usp10.dll

[-] 2004-08-10 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll

[-] 2004-08-10 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll

.

[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\srsvc.dll

[-] 2004-08-10 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2004-08-10 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\wscntfy.exe

[-] 2004-08-10 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-10 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

.

[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\xmlprov.dll

[-] 2004-08-10 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-10 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

.

[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\eventlog.dll

[-] 2004-08-10 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2004-08-10 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

.

[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\sfcfiles.dll

[-] 2004-08-10 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-10 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

.

[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ctfmon.exe

[-] 2004-08-10 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-10 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

.

[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\regsvc.dll

[-] 2004-08-10 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2004-08-10 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

.

[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\schedsvc.dll

[-] 2004-08-10 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-10 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

.

[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ssdpsrv.dll

[-] 2004-08-10 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-10 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

.

[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\hnetcfg.dll

[-] 2004-08-10 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll

[-] 2004-08-10 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll

.

[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\appmgmts.dll

[-] 2004-08-10 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-10 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

.

[-] 2004-08-10 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ip6fw.sys

[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\msgsvc.dll

[-] 2004-08-10 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2004-08-10 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

.

[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ntmssvc.dll

[-] 2004-08-10 19:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2004-08-10 19:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

.

[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\dsound.dll

[-] 2004-08-10 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll

[-] 2004-08-10 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll

.

[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\d3d9.dll

[-] 2004-08-10 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll

[-] 2004-08-10 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll

.

[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ddraw.dll

[-] 2004-08-10 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll

[-] 2004-08-10 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll

.

[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\olepro32.dll

[-] 2004-08-10 19:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll

[-] 2004-08-10 19:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll

.

[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\perfctrs.dll

[-] 2004-08-10 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll

[-] 2004-08-10 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll

.

[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\version.dll

[-] 2004-08-10 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll

[-] 2004-08-10 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll

.

[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\srsvc.dll

[-] 2004-08-10 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2004-08-10 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\w32time.dll

[-] 2004-08-10 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll

[-] 2004-08-10 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll

.

[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\midimap.dll

[-] 2004-08-10 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll

[-] 2004-08-10 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeUpdater"="c:\programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe" [2008-11-23 2356088]

"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-06 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"PowerManager"="c:\programme\Power Manager\PM.exe" [2006-09-06 151552]

"FuncKey"="c:\programme\Hotkey Management\FuncKey.exe" [2006-09-05 139264]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7585792]

"nwiz"="nwiz.exe" [2006-08-16 1617920]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"fscp"="c:\programme\AVC Finger-sensing Pad Driver\fscp.exe" [2006-09-18 995328]

"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-06-05 185896]

"AVMWlanClient"="c:\programme\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]

"PDFPrint"="c:\programme\pdf24\PDFBackend.exe" [2008-01-31 134144]

"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-01 421160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

"c:\\Programme\\ICQ7.4\\ICQ.exe"=

.

R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [13.03.2009 18:58 247096]

R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;c:\windows\system32\drivers\fspad.sys [04.04.2008 09:25 22912]

S2 FspadSvc;FspadSvc;c:\program files\AVC Finger-sensing Pad Driver\FspadSvr.exe [04.04.2008 09:25 520704]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [07.04.2010 11:17 135664]

S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [22.06.2008 18:10 264704]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [07.04.2010 11:17 135664]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [10.09.2008 14:26 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [10.09.2008 14:26 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [10.09.2008 14:26 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [10.09.2008 14:26 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [10.09.2008 14:27 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [10.09.2008 14:26 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [10.09.2008 14:26 97704]

.

Inhalt des "geplante Tasks" Ordners

.

2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-07 09:17]

.

2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-07 09:17]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme\ICQ7.4\ICQ.exe

TCP: DhcpNameServer = 192.132.203.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-ICQ - c:\programme\ICQ6\ICQ.exe

HKLM-Run-UDC Integration - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-06-23 14:32

Windows 5.1.2600 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

Zeit der Fertigstellung: 2011-06-23  14:34:40

ComboFix-quarantined-files.txt  2011-06-23 12:34

.

Vor Suchlauf: 15 Verzeichnis(se), 234.298.048.512 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 236.140.548.096 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - A275DCAA3B1E80154AE8EEDA23C8F9F5

--- --- ---

Zitat:

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

Warum nur?
Wir sind beim SP3 und IE8! Kümmern wir uns später drum.

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hey,

hab GMER drüberlaufen lassen aber am ende ging kein logfile auf :-( wo finde ich das denn?

Und bei OSAM habe ich auch ein Problem: habe die datei mit winzip geöffnet, aber wenn ich die datei osam.exe öffnen will kommt immer eine meldung, dass die Anwendung nicht gestartet werden konnte, weil die Anwendungskonfiguration nicht korrekt sei :-(

Was mach ich falsch?

Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden!
GMER einfach nochmal probieren!

GMER ging leider nicht...

hier die log von OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 16:44:07 on 25.06.2011
 

OS: Windows XP Professional Service Pack 2 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17055
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "Microsoft Corporation" - C:\WINDOWS\system32\autochk.exe
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----

"CScript" - "Microsoft Corporation" - C:\WINDOWS\System32\cscript.exe

"WScript" - "Microsoft Corporation" - C:\WINDOWS\System32\wscript.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"access.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\access.cpl

"ALSNDMGR.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSNDMGR.CPL

"appwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl

"bthprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\bthprops.cpl

"desk.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\desk.cpl

"firewall.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\firewall.cpl

"hdwwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\hdwwiz.cpl

"intl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\intl.cpl

"irprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\irprops.cpl

"joy.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\joy.cpl

"jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl

"main.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\main.cpl

"mmsys.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl

"ncpa.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\ncpa.cpl

"netsetup.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\netsetup.cpl

"nusrmgr.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nusrmgr.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

"nwc.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nwc.cpl

"odbccp32.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\odbccp32.cpl

"powercfg.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\powercfg.cpl

"RTSndMgr.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\RTSndMgr.CPL

"sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl

"telephon.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\telephon.cpl

"timedate.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\timedate.cpl

"wscui.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wscui.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl

"Internet Connection Firewall" - "Microsoft Corporation" - C:\WINDOWS\system32\Firewall.cpl

"NetSetupWizard" - "Microsoft Corporation" - C:\WINDOWS\system32\NetSetup.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

"Speech" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"1394-ARP-Clientprotokoll" (Arp1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\arp1394.sys

"1394-Netzwerktreiber" (NIC1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nic1394.sys

"AMD-Prozessortreiber" (AmdK8) - "Advanced Micro Devices" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys

"Asynchroner RAS -Medientreiber" (AsyncMac) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\asyncmac.sys

"Atheros Wireless Network Adapter Service" (AR5211) - "Atheros Communications, Inc." - C:\WINDOWS\System32\DRIVERS\ar5211.sys

"Audiostubtreiber" (audstub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\audstub.sys

"AVC Finger-sensing Pad Driver for Windows 2000/XP" (fspad) - "Asia Vital Components Co.,Ltd." - C:\WINDOWS\System32\DRIVERS\fspad.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"Beep" (Beep) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Beep.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Dennis\LOKALE~1\Temp\catchme.sys  (File not found)

"CD-ROM-Laufwerktreiber" (Cdrom) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\cdrom.sys

"Cdaudio" (Cdaudio) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdaudio.sys

"Cdfs" (Cdfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdfs.sys

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

"Cisco Systems VPN Adapter" (CVirtA) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\CVirtA.sys

"Deterministic Network Enhancer Miniport" (DNE) - "Deterministic Networks, Inc." - C:\WINDOWS\System32\DRIVERS\dne2000.sys

"dmload" (dmload) - "Microsoft Corp., Veritas Software." - C:\WINDOWS\System32\drivers\dmload.sys

"Fdc" (Fdc) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fdc.sys

"Filtertreiber für CD-Brennen" (Imapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\imapi.sys

"Filtertreiber für digitale CD-Audiowiedergabe" (redbook) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\redbook.sys

"Filtertreiber für IP-Verkehr" (IpFilterDriver) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys

"Filtertreiber für IPX-Verkehr" (NwlnkFlt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys

"Filtertreiber für Systemwiederherstellung" (sr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sr.sys

"Fips" (Fips) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fips.sys

"Flpydisk" (Flpydisk) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Flpydisk.sys

"Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fs_Rec.sys

"HSF_DPV" (HSF_DPV) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys

"HSXHWAZL" (HSXHWAZL) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\i8042prt.sys

"IP/IP-Tunneltreiber" (IpInIp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipinip.sys

"IPSEC-Treiber" (IPSec) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipsec.sys

"IPv6-Windows-Firewalltreiber" (Ip6Fw) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys

"IR-Enumeratordienst" (IRENUM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\irenum.sys

"Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\disk.sys

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouhid.sys

"Mausklassentreiber" (Mouclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouclass.sys

"mdmxsdk" (mdmxsdk) - "Conexant" - C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys

"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys

"Microcode Updatetreiber" (Update) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\update.sys

"Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ACPI.sys

"Microsoft Composite Battery-Treiber" (Compbatt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\compbatt.sys

"Microsoft HID Class-Treiber" (HidUsb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\hidusb.sys

"Microsoft Kernel GS Wavetablesynthesizer" (swmidi) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\swmidi.sys

"Microsoft Kernel-DLS-Synthesizer" (DMusic) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\DMusic.sys

"Microsoft Kernel-DRM-Audioentschlüsselung" (drmkaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\drmkaud.sys

"Microsoft Kernel-Systemaudiogerät" (sysaudio) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\sysaudio.sys

"Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPCLOCK.sys

"Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPQM.sys

"Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbccgp.sys

"Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSKSSRV.sys

"Microsoft UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys

"Microsoft USB-Druckerklasse" (usbprint) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbprint.sys

"Microsoft-Netzteiltreiber" (CmBatt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\CmBatt.sys

"Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mssmbios.sys

"Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbehci.sys

"Miniporttreiber für Microsoft USB Open Host-Controller" (usbohci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbohci.sys

"mnmdd" (mnmdd) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\mnmdd.sys

"Modem" (Modem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Modem.sys

"MountMgr" (MountMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\MountMgr.sys

"Msfs" (Msfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Msfs.sys

"Mup" (Mup) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Mup.sys

"NDIS-Systemtreiber" (NDIS) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDIS.sys

"NDProxy" (NDProxy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDProxy.sys

"NetBios über TCP/IP" (NetBT) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbt.sys

"NetBIOS-Schnittstelle" (NetBIOS) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbios.sys

"Netzwerkmonitortreiber" (nm) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NMnt.sys

"Npfs" (Npfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Npfs.sys

"Null" (Null) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Null.sys

"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys

"NVIDIA Network Bus Enumerator" (nvnetbus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvnetbus.sys

"NVIDIA nForce Networking Controller Driver" (NVENETFD) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\NVENETFD.sys

"nvsmu" (nvsmu) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvsmu.sys

"Parallelanschluss (direkt)" (Raspti) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspti.sys

"Parport" (Parport) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Parport.sys

"PartMgr" (PartMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\PartMgr.sys

"ParVdm" (ParVdm) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ParVdm.sys

"PCI-Bus-Treiber" (PCI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pci.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PCIIde" (PCIIde) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pciide.sys

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PnP-ISA/EISA-Bus-Treiber" (isapnp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\isapnp.sys

"Protokoll für ATM ARP-Client" (Atmarpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atmarpc.sys

"Prozessortreiber" (Processor) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\processr.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"QoS-Paketplaner" (PSched) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\psched.sys

"RAS-IP-ARP-Treiber" (Wanarp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wanarp.sys

"RAS-NDIS-TAPI-Treiber" (NdisTapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndistapi.sys

"RAS-NDIS-WAN-Treiber" (NdisWan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndiswan.sys

"RDPCDD" (RDPCDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

"Remotezugriff-PPPOE-Treiber" (RasPppoe) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspppoe.sys

"Serial" (Serial) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Serial.sys

"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\RtkHDAud.sys

"Sfloppy" (Sfloppy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Sfloppy.sys

"Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\swenum.sys

"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"Standard-IDE/ESDI-Festplattencontroller" (atapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atapi.sys

"Standardpaketklassifizierung" (Gpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\msgpc.sys

"Tastaturklassentreiber" (Kbdclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdclass.sys

"TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDPIPE.sys

"TDTCP" (TDTCP) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDTCP.sys

"Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\termdd.sys

"Treiber für automatische RAS-Verbindung" (RasAcd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasacd.sys

"Treiber für die Verwaltung logischer Datenträger" (dmio) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\drivers\dmio.sys

"Treiber für direkte Parallelverbindung" (Ptilink) - "Parallel Technologies, Inc." - C:\WINDOWS\System32\DRIVERS\ptilink.sys

"Treiber für IPX-Verkehrsweiterleitung" (NwlnkFwd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys

"Treiber für Terminalserver-Geräteumleitung" (rdpdr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdpdr.sys

"Treiber für Volume-Manager" (Ftdisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ftdisk.sys

"USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

"USB-Scannertreiber" (usbscan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbscan.sys

"USB2-aktivierter Hub" (usbhub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbhub.sys

"VgaSave" (VgaSave) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\vga.sys

"VIA OHCI-konformer IEEE 1394-Hostcontroller" (ohci1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ohci1394.sys

"VolSnap" (VolSnap) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\VolSnap.sys

"WAN-Miniport (L2TP)" (Rasl2tp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys

"WAN-Miniport (PPTP)" (PptpMiniport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspptp.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"winachsf" (winachsf) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys

"WINIO" (WINIO) - "hxxp://www.internals.com" - C:\WINDOWS\system32\WinIo.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

{407408d4-94ed-4d86-ab69-a7f649d112ee} "Media Center" - "Microsoft Corporation" - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} "Outlook Express" - "Microsoft Corporation" - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll

{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll

{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wiascr.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - "Microsoft Corporation" - C:\Programme\Outlook Express\wabfind.dll

{85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - C:\WINDOWS\system32\syncui.dll

{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll

{7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll

{add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll

{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll

{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll

{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - C:\WINDOWS\system32\deskmon.dll

{42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - C:\WINDOWS\system32\deskadp.dll

{7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll

{7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll

{CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" - "Microsoft Corporation" - C:\WINDOWS\system32\dfsshlex.dll

{62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll

{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll

{0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll

{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll

{F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll

{f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\deskperf.dll

{60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\photowiz.dll

{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl

{596AB062-B4D2-4215-9F74-E9109B0A8153} "Eigenschaftenseite für vorherige Versionen" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll

{1F2E5C40-9550-11CE-99D2-00AA006E086C} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll

{4E40F770-369C-11d0-8922-00A024AB2DBB} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\dssec.dll

{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll

{59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - C:\WINDOWS\system32\diskcopy.dll

{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - C:\WINDOWS\System32\mmcshext.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll

{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll

{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll

{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - C:\WINDOWS\system32\hticons.dll

{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll

{675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll

{5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - C:\WINDOWS\System32\icmui.dll

{176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll

{0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Kompatibilitätsseite" - "Microsoft Corporation" - C:\WINDOWS\system32\SlayerXP.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" - "Microsoft Corporation" - C:\WINDOWS\msagent\agentpsh.dll

{7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquoui.dll

{6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll

{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll

{A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll

{8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll

{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll

{883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll

{63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\msieftp.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll

{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll

{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll

{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll

{750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll

{3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE-Eigenschaftenseite für Dokumente" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop.dll

{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll

{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll

{cc86590a-b60a-48e6-996b-41d25ed39a1e} "Portable Media Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll

{F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\remotepg.dll

{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll

{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll

{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll

{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll

{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll

{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll

{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll

{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\fontext.dll

{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll

{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll

{352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll

{60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" - "Microsoft Corporation" - C:\WINDOWS\system32\wshext.dll

{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll

{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll

{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll

{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll

{56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - C:\WINDOWS\system32\shscrap.dll

{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - C:\WINDOWS\system32\printui.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll

{59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - C:\WINDOWS\system32\ntlanui2.dll

{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll

{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll

{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll

{9DB7A13C-F208-4981-8353-73CC61AE2783} "Vorherige Versionen" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----

{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

<binary data> "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\1104071707\ICQToolBar.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\1104071707\ICQToolBar.dll

 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll

"ICQ7.4" - "ICQ, LLC." - C:\Programme\ICQ7.4\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----

"Location" - "Intertrust Technologies, Inc." - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\1104071707\ICQToolBar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
 

[Known DLLs]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----

"comdlg32" - "Microsoft Corporation" - C:\WINDOWS\system32\comdlg32.dll

"imagehlp" - "Microsoft Corporation" - C:\WINDOWS\system32\imagehlp.dll

"lz32" - "Microsoft Corporation" - C:\WINDOWS\system32\lz32.dll

"olesvr32" - "Microsoft Corporation" - C:\WINDOWS\system32\olesvr32.dll

"olethk32" - "Microsoft Corporation" - C:\WINDOWS\system32\olethk32.dll

"version" - "Microsoft Corporation" - C:\WINDOWS\system32\version.dll

"wldap32" - "Microsoft Corporation" - C:\WINDOWS\system32\wldap32.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Notification packages" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll

-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----

"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msapsspc.dll

"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\digest.dll

"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msnsspc.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Programme\WinZip\WZQKPICK.EXE  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Dennis\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"AdobeUpdater" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe"

"ctfmon.exe" - "Microsoft Corporation" - C:\WINDOWS\system32\ctfmon.exe

"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----

"Userinit" - "Microsoft Corporation" - C:\WINDOWS\system32\userinit.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - "Microsoft Corporation" - C:\WINDOWS\system32\rdpclip.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

"AVMWlanClient" - "AVM Berlin GmbH" - C:\Programme\avmwlanstick\FRITZWLANMini.exe

"ehTray" - "Microsoft Corporation" - C:\WINDOWS\ehome\ehtray.exe

"fscp" - ? - C:\Programme\AVC Finger-sensing Pad Driver\fscp.exe  (File found, but it contains no detailed information)

"FuncKey" - ? - "C:\Programme\Hotkey Management\FuncKey.exe"

"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"PDFPrint" - ? - "C:\Programme\pdf24\PDFBackend.exe"  (File found, but it contains no detailed information)

"PowerManager" - ? - C:\Programme\Power Manager\PM.exe

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"RTHDCPL" - "Realtek Semiconductor Corp." - RTHDCPL.EXE

"SkyTel" - "Realtek Semiconductor Corp." - SkyTel.EXE

"Sony Ericsson PC Suite" - ? - "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\jusched.exe

"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Microsoft Windows-Netzwerk" - "Microsoft Corporation" - C:\WINDOWS\System32\ntlanman.dll

"Microsoft-Terminaldienste" - "Microsoft Corporation" - C:\WINDOWS\System32\drprov.dll

"Web Client Network" - "Microsoft Corporation" - C:\WINDOWS\System32\davclnt.dll
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"BJ Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\cnbjmon.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

"PJL Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\pjlmon.dll

"Standard TCP/IP Port" - "Microsoft Corporation" - C:\WINDOWS\system32\tcpmon.dll

"UDC" - "fCoder Group, Inc." - C:\WINDOWS\system32\udcpm.dll

"USB Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\usbmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Ablagemappe" (ClipSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\clipsrv.exe

"Anmeldedienst" (Netlogon) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe

"Anwendungsverwaltung" (AppMgmt) - "Microsoft Corporation" - C:\WINDOWS\System32\appmgmts.dll

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Statusdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

"Automatic Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll

"Avira AntiVir Personal – Free Antivirus Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

"Avira AntiVir Personal – Free Antivirus Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

"COM+-Systemanwendung" (COMSysApp) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe

"Computerbrowser" (Browser) - "Microsoft Corporation" - C:\WINDOWS\System32\browser.dll

"CryptSvc" (CryptSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\cryptsvc.dll

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - C:\WINDOWS\system32\msdtc.exe

"Fehlerberichterstattungsdienst" (ERSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\ersvc.dll

"FspadSvc" (FspadSvc) - ? - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe  (File found, but it contains no detailed information)

"Gatewaydienst auf Anwendungsebene" (ALG) - "Microsoft Corporation" - C:\WINDOWS\System32\alg.exe

"Geschützter Speicher" (ProtectedStorage) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe

"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Hilfe und Support" (helpsvc) - "Microsoft Corporation" - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

"HTTP-SSL" (HTTPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\w3ssl.dll

"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe

"IMAPI-CD-Brenn-COM-Dienste" (ImapiService) - "Microsoft Corporation" - C:\WINDOWS\system32\imapi.exe

"Indexdienst" (CiSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\cisvc.exe

"Intelligenter Hintergrundübertragungsdienst" (BITS) - "Microsoft Corporation" - C:\WINDOWS\system32\qmgr.dll

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"IPSEC-Dienste" (PolicyAgent) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe

"Leistungsdatenprotokolle und Warnungen" (SysmonLog) - "Microsoft Corporation" - C:\WINDOWS\system32\smlogsvc.exe

"Media Center Extender Service" (McrdSvc) - "Microsoft Corporation" - C:\WINDOWS\ehome\mcrdsvc.exe

"Media Center Receiver Service" (ehRecvr) - "Microsoft Corporation" - C:\WINDOWS\eHome\ehRecvr.exe

"Media Center-Planerdienst" (ehSched) - "Microsoft Corporation" - C:\WINDOWS\eHome\ehSched.exe

"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll

"MS Software Shadow Copy Provider" (SwPrv) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe

"NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - C:\WINDOWS\system32\mnmsrvc.exe

"Netzwerkversorgungsdienst" (xmlprov) - "Microsoft Corporation" - C:\WINDOWS\System32\xmlprov.dll

"NT-LM-Sicherheitsdienst" (NtLmSsp) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe

"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"QoS-RSVP" (RSVP) - "Microsoft Corporation" - C:\WINDOWS\system32\rsvp.exe

"Remote-Registrierung" (RemoteRegistry) - "Microsoft Corporation" - C:\WINDOWS\system32\regsvc.dll

"RPC-Locator" (RpcLocator) - "Microsoft Corporation" - C:\WINDOWS\system32\locator.exe

"Secondary Logon" (seclogon) - "Microsoft Corporation" - C:\WINDOWS\System32\seclogon.dll

"Sicherheitscenter" (wscsvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wscsvc.dll

"Sicherheitskontenverwaltung" (SamSs) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe

"Sitzungs-Manager für Remotedesktophilfe" (RDSessMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\sessmgr.exe

"Smartcard" (SCardSvr) - "Microsoft Corporation" - C:\WINDOWS\System32\SCardSvr.exe

"SSDP Discovery Service" (SSDPSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\ssdpsrv.dll

"Systemereignisbenachrichtigung" (SENS) - "Microsoft Corporation" - C:\WINDOWS\system32\sens.dll

"Systemwiederherstellungsdienst" (srservice) - "Microsoft Corporation" - C:\WINDOWS\system32\srsvc.dll

"Taskplaner" (Schedule) - "Microsoft Corporation" - C:\WINDOWS\system32\schedsvc.dll

"TCP/IP-NetBIOS-Hilfsprogramm" (LmHosts) - "Microsoft Corporation" - C:\WINDOWS\System32\lmhsvc.dll

"Telnet" (TlntSvr) - "Microsoft Corporation" - C:\WINDOWS\system32\tlntsvr.exe

"Unterbrechungsfreie Stromversorgung" (UPS) - "Microsoft Corporation" - C:\WINDOWS\System32\ups.exe

"Verwaltung für automatische RAS-Verbindung" (RasAuto) - "Microsoft Corporation" - C:\WINDOWS\System32\rasauto.dll

"Verwaltung logischer Datenträger" (dmserver) - "Microsoft Corp." - C:\WINDOWS\System32\dmserver.dll

"Verwaltungsdienst für die Verwaltung logischer Datenträger" (dmadmin) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\dmadmin.exe

"Volumeschattenkopie" (VSS) - "Microsoft Corporation" - C:\WINDOWS\System32\vssvc.exe

"Wechselmedien" (NtmsSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\ntmssvc.dll

"Windows Audio" (AudioSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\audiosrv.dll

"Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe

"Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" (SharedAccess) - "Microsoft Corporation" - C:\WINDOWS\System32\ipnathlp.dll

"Windows-Verwaltungsinstrumentation" (winmgmt) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\WMIsvc.dll

"Windows-Zeitgeber" (W32Time) - "Microsoft Corporation" - C:\WINDOWS\system32\w32time.dll

"WMI-Leistungsadapter" (WmiApSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\wmiapsrv.exe

"Überwachung verteilter Verknüpfungen (Client)" (TrkWks) - "Microsoft Corporation" - C:\WINDOWS\system32\trkwks.dll
 

[Winlogon]

-----( HKCU\Control Panel\Desktop )-----

"SCRNSAVE.EXE" - "ScreenTime Media" - C:\WINDOWS\system32\TDK-SC~1.SCR

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----

"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe

"VmApplet" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Drahtlos" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll

{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll

{25537BA6-77A8-11D2-9B6C-0000F8080861} "Folder Redirection" - "Microsoft Corporation" - C:\WINDOWS\system32\fdeploy.dll

{e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll

{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll

{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll

{426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS-Paketplaner" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll

{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll

{42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Skripts" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - "Microsoft Corporation" - C:\WINDOWS\system32\appmgmts.dll

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll

"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll

"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll

"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll

"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll

"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll

"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll

"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll

"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

"NTDS" - "Microsoft Corporation" - C:\WINDOWS\System32\winrnr.dll

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"RSVP TCP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll

"RSVP UDP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und hier der MBR check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F22000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F0A000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEA000 fltMgr.sys
0xB9ED8000 sr.sys
0xBA338000 PxHelp20.sys
0xB9EC1000 KSecDD.sys
0xB9E34000 Ntfs.sys
0xB9E07000 NDIS.sys
0xB9DEC000 Mup.sys
0xBA268000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB9D08000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xB9983000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB996F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA278000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA418000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA420000 \SystemRoot\system32\DRIVERS\fspad.sys
0xBA428000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA584000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA588000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0xBA430000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9924000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA288000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA298000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9901000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA440000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB98DC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA590000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB9891000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB985A000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xB983C000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xBA732000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9825000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA448000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9814000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA458000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB97E3000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5D0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB97AF000 \SystemRoot\system32\DRIVERS\update.sys
0xB9DC0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA318000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xBA118000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA148000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB702F000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB700D000 \SystemRoot\system32\drivers\portcls.sys
0xBA158000 \SystemRoot\system32\drivers\drmk.sys
0xB6FD2000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xB6EDB000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xB6E24000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA5E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7FB000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E2000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA490000 \SystemRoot\System32\drivers\vga.sys
0xBA5E4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA498000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9797000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6D9C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6D44000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6D1C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6CFB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB6CD9000 \SystemRoot\System32\drivers\afd.sys
0xBA168000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA178000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA4A8000 \??\C:\WINDOWS\system32\WinIo.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB6CAE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA198000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB6C3F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6C2E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5EC000 \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys
0xBA1F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6BEE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA60A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB972E000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3A8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA779000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB5D31000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5211000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB5131000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xB4F38000 \SystemRoot\System32\Drivers\HTTP.sys
0xB4EFC000 \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
0xB51D1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB4DB5000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4940000 \SystemRoot\system32\drivers\wdmaud.sys
0xB49A5000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2E73000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
1136 C:\WINDOWS\system32\smss.exe
1276 csrss.exe
1308 C:\WINDOWS\system32\winlogon.exe
1352 C:\WINDOWS\system32\services.exe
1364 C:\WINDOWS\system32\lsass.exe
1528 C:\WINDOWS\system32\svchost.exe
1576 svchost.exe
1616 C:\WINDOWS\system32\svchost.exe
1760 svchost.exe
1784 svchost.exe
216 C:\WINDOWS\system32\spoolsv.exe
268 C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
348 svchost.exe
756 C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
760 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
780 C:\Programme\Bonjour\mDNSResponder.exe
804 C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
852 C:\WINDOWS\ehome\ehrecvr.exe
916 C:\WINDOWS\ehome\ehSched.exe
940 C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
1220 C:\Programme\ICQ6Toolbar\ICQ Service.exe
1768 C:\WINDOWS\system32\nvsvc32.exe
368 svchost.exe
420 C:\WINDOWS\system32\svchost.exe
660 mcrdsvc.exe
2000 C:\WINDOWS\system32\dllhost.exe
2136 alg.exe
3112 C:\WINDOWS\explorer.exe
3300 C:\WINDOWS\ehome\ehtray.exe
3316 C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
3380 C:\Programme\Power Manager\PM.exe
3388 C:\WINDOWS\ehome\ehmsas.exe
3452 C:\Programme\Hotkey Management\FuncKey.exe
3496 C:\WINDOWS\RTHDCPL.EXE
3516 C:\Programme\AVC Finger-sensing Pad Driver\fscp.exe
3528 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
3556 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
3636 C:\Programme\avmwlanstick\FRITZWLanMini.exe
3816 C:\Programme\pdf24\PDFBackend.exe
3840 C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
3856 C:\Programme\iTunes\iTunesHelper.exe
3900 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3912 C:\WINDOWS\system32\ctfmon.exe
1908 C:\Programme\WinZip\WZQKPICK.EXE
2284 C:\WINDOWS\system32\wuauclt.exe
928 C:\Programme\iPod\bin\iPodService.exe
652 C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
1820 C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
1240 C:\Programme\Java\jre1.5.0_06\bin\jucheck.exe
3028 C:\Programme\WinRAR\WinRAR.exe
2524 C:\Programme\Internet Explorer\iexplore.exe
2076 C:\Dokumente und Einstellungen\Dennis\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset