Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Der Trojaner TR/Spy.Browse.A ist bei mir auf dem Rechner (https://www.trojaner-board.de/88900-trojaner-tr-spy-browse-a-mir-rechner.html)

timi-nk 30.07.2010 12:42
Der Trojaner TR/Spy.Browse.A ist bei mir auf dem Rechner
 
Hallo liebe Helfer!

Ich habe den Trojaner TR/Spy.Browse.A bei mir an Bord!

Antivir meldet"

In der Datei 'C:\WINDOWS\system32\ntbaeset.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Browse.A' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern"

Das Thema wurde ja hier "http://www.trojaner-board.de/88339-d...gefunden.html" schon mal behandelt!

Kann ich das genauso abarbeiten?

mfg Michael

cosinus 30.07.2010 15:36
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

timi-nk 30.07.2010 18:45
Hallo!

zum 1.malwarebyts log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4370

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.07.2010 19:41:25
mbam-log-2010-07-30 (19-41-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|M:\|P:\|S:\|)
Durchsuchte Objekte: 263788
Laufzeit: 43 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{BE77D039-FB39-4C79-A245-FBE077943FA6}\RP129\A0040894.exe (Malware.Packer.Gen) -> No action taken.
F:\System Volume Information\_restore{BE77D039-FB39-4C79-A245-FBE077943FA6}\RP132\A0042326.exe (Malware.Packer.Gen) -> No action taken.
P:\System Volume Information\_restore{BE77D039-FB39-4C79-A245-FBE077943FA6}\RP132\A0042396.exe (Malware.Packer.Gen) -> No action taken.

timi-nk 30.07.2010 18:48
Hier der Rest
OTL Logfile:
Code:
OTL logfile created on: 30.07.2010 19:43:39 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = D:\download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = P:\Programme
Drive C: | 73,44 Gb Total Space | 38,55 Gb Free Space | 52,50% Space Free | Partition Type: NTFS
Drive D: | 75,61 Gb Total Space | 10,41 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 153,79 Gb Total Space | 24,39 Gb Free Space | 15,86% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 20,02 Gb Total Space | 9,33 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
Drive P: | 29,29 Gb Total Space | 23,86 Gb Free Space | 81,46% Space Free | Partition Type: NTFS
Drive S: | 29,78 Gb Total Space | 15,85 Gb Free Space | 53,20% Space Free | Partition Type: NTFS
 
Computer Name: HILSCHER-1B09E8
Current User Name: hilscher
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\download\OTL.exe (OldTimer Tools)
PRC - P:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - P:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - P:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - P:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - P:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Dokumente und Einstellungen\hilscher\Lokale Einstellungen\Apps\2.0\K27OL6Y1.ZVV\27NWOCG3.JTW\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - P:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - P:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - P:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - P:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - P:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - P:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - P:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - P:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\download\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (RoxLiveShare9) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (TomTomHOMEService) -- P:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SeaPort) -- P:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (NMSAccess) -- P:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirService) -- P:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- P:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (fsssvc) -- P:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IGDCTRL) -- P:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (StarWindServiceAE) -- P:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- P:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MotDev) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys File not found
DRV - (motccgpfl) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys File not found
DRV - (motccgp) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ithsgt) -- C:\WINDOWS\system32\drivers\ithsgt.sys ()
DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys ()
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgio) -- P:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (DiskSec) -- C:\WINDOWS\System32\drivers\disksec.sys (MAGIX)
DRV - (c2scsi) -- C:\WINDOWS\System32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.bild.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..extensions.enabledItems: {9220f99f-5b7d-4a4d-97ca-209991796400}:1.5
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: P:\Programme\Mozilla Firefox\components [2010.07.13 19:37:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: P:\Programme\Mozilla Firefox\plugins [2010.07.04 16:39:20 | 000,000,000 | ---D | M]
 
[2009.05.02 08:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Mozilla\Extensions
[2009.05.02 08:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2010.07.29 21:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Mozilla\Firefox\Profiles\se08j9ic.default\extensions
[2009.06.27 06:40:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Mozilla\Firefox\Profiles\se08j9ic.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.24 07:31:55 | 000,000,000 | ---D | M] (Gutscheinaffe) -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Mozilla\Firefox\Profiles\se08j9ic.default\extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}
[2009.07.18 21:39:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Mozilla\Firefox\Profiles\se08j9ic.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.05 06:34:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Mozilla\Firefox\Profiles\se08j9ic.default\extensions\fb_add_on@avm.de
[2010.04.11 18:44:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Mozilla\Firefox\Profiles\se08j9ic.default\extensions\sparweltgutscheinewl@sparwelt.de
[2009.03.23 14:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Mozilla\Firefox\Profiles\se08j9ic.default\extensions\toolbar_extras@de.yahoo.com
[2010.07.29 21:31:59 | 000,000,000 | ---D | M] -- P:\Programme\Mozilla Firefox\extensions
[2009.03.23 14:34:12 | 000,000,000 | ---D | M] -- P:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2010.07.04 16:39:16 | 000,001,392 | ---- | M] () -- P:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.04 16:39:16 | 000,002,344 | ---- | M] () -- P:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.04 16:39:16 | 000,006,805 | ---- | M] () -- P:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.04 16:39:16 | 000,001,178 | ---- | M] () -- P:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.04 16:39:16 | 000,001,105 | ---- | M] () -- P:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - P:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - P:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - P:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - P:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] P:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [StartCCC] P:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Automatisch An OneNote 2007 senden auf HILSCHER-6FE713] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Dokumente und Einstellungen\hilscher\Lokale Einstellungen\Apps\2.0\K27OL6Y1.ZVV\27NWOCG3.JTW\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [ccleaner] P:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [EPSON SX410 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [TomTomHOME.exe] P:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Dokumente und Einstellungen\hilscher\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = P:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - P:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - P:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - P:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - P:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - P:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - P:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - P:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - P:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file://D:\components\hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file://D:\components\A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file://D:\components\wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/1und1/smartdrive/activex/v1/1und1_de_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - P:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - P:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - P:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - P:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\vista.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\vista.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.23 14:05:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.04.15 12:57:52 | 000,000,025 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{8dc88d13-36df-11de-be56-00138f29382b}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: autoeate - (C:\WINDOWS\system32\ntbaeset.dll) - C:\WINDOWS\system32\ntbaeset.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.30 18:39:26 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\hilscher\Recent
[2010.07.30 07:53:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Malwarebytes
[2010.07.30 07:52:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.30 07:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.30 07:52:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.30 07:52:51 | 000,000,000 | ---D | C] -- P:\Programme\Malwarebytes' Anti-Malware
[2010.07.30 06:46:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.07.15 20:58:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.15 20:38:00 | 000,000,000 | ---D | C] -- P:\Programme\TomTom DesktopSuite
[2010.07.12 19:26:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\WinBatch
[2010.07.08 21:48:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hilscher\Anwendungsdaten\Canneverbe Limited
[2010.07.08 21:48:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.07.08 21:48:08 | 000,000,000 | ---D | C] -- P:\Programme\CDBurnerXP
[2010.07.06 20:23:49 | 000,000,000 | ---D | C] -- P:\Programme\PantsOff
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.30 19:00:00 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.07.30 18:39:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.30 18:38:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.30 18:38:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.30 18:38:39 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.30 15:19:21 | 005,242,880 | ---- | M] () -- C:\Dokumente und Einstellungen\hilscher\ntuser.dat
[2010.07.30 15:19:21 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\hilscher\ntuser.ini
[2010.07.30 15:19:05 | 000,452,452 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.30 15:19:05 | 000,435,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.30 15:19:05 | 000,081,408 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.30 15:19:05 | 000,068,610 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.30 15:19:04 | 001,051,126 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.30 13:32:05 | 000,002,493 | ---- | M] () -- C:\Dokumente und Einstellungen\hilscher\Desktop\Microsoft Office Outlook 2007.lnk
[2010.07.30 07:53:00 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.30 07:15:27 | 000,000,581 | ---- | M] () -- C:\Dokumente und Einstellungen\hilscher\Desktop\CCleaner.lnk
[2010.07.13 17:39:45 | 000,087,552 | ---- | M] () -- C:\Dokumente und Einstellungen\hilscher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.12 21:35:33 | 000,000,054 | ---- | M] () -- C:\Dokumente und Einstellungen\hilscher\Desktop\_Za00336
[2010.07.08 21:48:11 | 000,001,503 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.07.08 21:38:24 | 000,046,592 | ---- | M] () -- C:\WINDOWS\System32\ntbaeset.dll
[2010.07.04 12:48:10 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010.07.04 06:07:30 | 000,001,606 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2010.07.30 07:53:00 | 000,000,575 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.12 21:35:31 | 000,000,054 | ---- | C] () -- C:\Dokumente und Einstellungen\hilscher\Desktop\_Za00336
[2010.07.08 21:48:11 | 000,001,503 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.07.08 21:48:09 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.07.08 21:38:24 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\ntbaeset.dll
[2010.07.04 06:40:40 | 000,302,160 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.01.10 18:17:03 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009.08.27 14:21:13 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.08.27 10:48:50 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2009.08.27 10:48:50 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2009.06.10 19:53:09 | 000,000,106 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.05.25 10:21:19 | 000,000,101 | ---- | C] () -- C:\WINDOWS\BUZZTWLC.INI
[2009.05.16 16:05:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2009.04.06 19:33:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\PCCT.INI
[2009.04.06 19:29:41 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.03.30 21:55:20 | 000,000,241 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009.03.27 08:47:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX8400DEFGIPS.ini
[2009.03.25 21:38:24 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.03.25 21:35:41 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.03.23 14:56:54 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.03.23 14:28:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009.03.23 14:28:17 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009.03.23 14:28:16 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009.03.23 14:28:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009.03.23 14:28:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009.03.23 14:25:13 | 000,003,364 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.03.23 14:25:12 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.11.26 22:28:48 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.07.15 20:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.07.15 20:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.07.15 20:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[1999.01.27 00:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
< End of report >
--- --- ---

timi-nk 30.07.2010 18:53
Noch ne Datei war da nicht!

cosinus 30.07.2010 19:19
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O32 - AutoRun File - [2007.04.15 12:57:52 | 000,000,025 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{8dc88d13-36df-11de-be56-00138f29382b}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O36 - AppCertDlls: autoeate - (C:\WINDOWS\system32\ntbaeset.dll) - C:\WINDOWS\system32\ntbaeset.dll ()
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

timi-nk 30.07.2010 19:55
Hier das ergebniss:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPropertiesMyComputer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileAssociate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartMenuLogoff deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayItemsDisplay deleted successfully.
C:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dc88d13-36df-11de-be56-00138f29382b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dc88d13-36df-11de-be56-00138f29382b}\ not found.
File E:\InstallTomTomHOME.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\autoeate:C:\WINDOWS\system32\ntbaeset.dll deleted successfully.
File move failed. C:\WINDOWS\system32\ntbaeset.dll scheduled to be moved on reboot.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hilscher
->Temp folder emptied: 151305 bytes
->Temporary Internet Files folder emptied: 68203 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48413865 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07302010_205134

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\ntbaeset.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 30.07.2010 20:25
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

timi-nk 30.07.2010 20:55
Das ergebniss:

Combofix Logfile:
Code:
ComboFix 10-07-30.01 - hilscher 30.07.2010  21:43:43.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1596 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\hilscher\Desktop\confi.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\hilscher\Anwendungsdaten\inst.exe
C:\Install.exe

Infizierte Kopie von c:\windows\system32\midimap.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\VistaMizer\old\midimap.dll wurde wiederhergestellt

.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-28 bis 2010-07-30  ))))))))))))))))))))))))))))))
.

2010-07-30 05:53 . 2010-07-30 05:53        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\Malwarebytes
2010-07-30 05:52 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 05:52 . 2010-07-30 05:52        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-30 05:52 . 2010-07-30 05:53        --------        d-----w-        p:\programme\Malwarebytes' Anti-Malware
2010-07-30 05:52 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-15 18:58 . 2010-06-14 14:31        744448        -c----w-        c:\windows\system32\dllcache\helpsvc.exe
2010-07-15 18:38 . 2010-07-15 18:38        --------        d-----w-        p:\programme\TomTom DesktopSuite
2010-07-12 17:26 . 2010-07-12 17:26        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\WinBatch
2010-07-08 19:48 . 2010-07-08 19:48        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\Canneverbe Limited
2010-07-08 19:48 . 2010-07-08 19:48        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
2010-07-08 19:48 . 2009-11-12 12:48        7168        ----a-w-        c:\windows\system32\drivers\StarOpen.sys
2010-07-08 19:48 . 2010-07-08 19:48        --------        d-----w-        p:\programme\CDBurnerXP
2010-07-08 19:38 . 2010-07-08 19:38        46592        ----a-w-        c:\windows\system32\ntbaeset.dll
2010-07-06 18:23 . 2010-07-30 11:54        --------        d-----w-        p:\programme\PantsOff
2010-07-04 04:40 . 2010-07-04 04:40        302160        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 19:39 . 2009-03-25 19:32        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\FRITZ!
2010-07-30 13:20 . 2009-06-09 18:18        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\Media Player Classic
2010-07-30 13:19 . 2006-02-28 12:00        81408        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-30 13:19 . 2006-02-28 12:00        452452        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-30 05:15 . 2009-03-31 18:33        --------        d-----w-        p:\programme\CCleaner
2010-07-16 04:55 . 2009-03-23 15:42        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-07-13 18:46 . 2009-03-23 17:39        --------        d-----w-        p:\programme\MOBackup
2010-07-13 15:38 . 2009-05-25 08:39        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\UseNeXT
2010-07-08 20:12 . 2009-06-20 19:19        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\dvdcss
2010-06-27 04:16 . 2010-04-11 16:44        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\SparweltGutschein
2010-06-20 18:28 . 2009-04-01 17:32        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\EPSON
2010-06-16 20:20 . 2010-06-16 20:20        664        ----a-w-        c:\windows\system32\d3d9caps.dat
2010-06-16 18:31 . 2010-06-16 18:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\POIbase
2010-06-16 18:29 . 2010-06-16 18:27        --------        d-----w-        p:\programme\POIbase
2010-06-14 14:31 . 2009-03-23 12:01        744448        ----a-w-        c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 06:57 . 2010-06-14 06:57        --------        d-----w-        p:\programme\MSXML 6.0
2010-06-12 21:10 . 2009-04-06 05:59        --------        d-----w-        p:\programme\Microsoft Silverlight
2010-06-06 13:39 . 2010-06-06 13:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\tmp
2010-06-06 13:39 . 2009-03-29 12:40        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\hps
2010-06-06 13:37 . 2010-06-06 13:37        --------        d-----w-        p:\programme\CeWe Color
2010-06-03 09:13 . 2009-06-20 18:40        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\Vso
2010-06-03 09:08 . 2010-06-03 09:07        --------        d-----w-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\gtk-2.0
2010-06-01 19:09 . 2010-06-01 19:09        --------        d-----w-        p:\programme\GIMP-2.0
2010-05-24 13:43 . 2010-05-24 13:43        15086        ----a-r-        c:\dokumente und einstellungen\hilscher\Anwendungsdaten\Microsoft\Installer\{63D3D558-EAF4-419B-880C-208DAC13F794}\ARPPRODUCTICON.exe
2010-05-06 10:31 . 2006-02-28 12:00        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-05-02 08:05 . 2006-02-28 12:00        1851392        ----a-w-        c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\winlogon.exe
[7] 2006-02-28 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . F162D52EC8FEF363659AA6C667CE6989 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . F162D52EC8FEF363659AA6C667CE6989 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\comctl32.dll
[7] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2006-02-28 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . BF517C3FA60065DF6D97744648602957 . 589312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . BF517C3FA60065DF6D97744648602957 . 589312 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\user32.dll
[7] 2006-02-28 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . E36DF1443AC667E81FC1764DC3AD763E . 1555456 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . E36DF1443AC667E81FC1764DC3AD763E . 1555456 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\explorer.exe
[7] 2006-02-28 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 149CF402512520027FEC06A978D59801 . 1312256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . 149CF402512520027FEC06A978D59801 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[7] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ole32.dll
[7] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\ole32.dll
[7] 2006-02-28 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll

[-] 2008-04-14 . 7270F0B822CB67F0C32BEF7FB00CA4D4 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 7270F0B822CB67F0C32BEF7FB00CA4D4 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\ctfmon.exe
[7] 2006-02-28 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="p:\programme\CCleaner\CCleaner.exe" [2010-07-23 1755960]
"AVMUSBFernanschluss"="c:\dokumente und einstellungen\hilscher\Lokale Einstellungen\Apps\2.0\K27OL6Y1.ZVV\27NWOCG3.JTW\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-04-18 139264]
"TomTomHOME.exe"="p:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="p:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="p:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-10-12 198160]
"GrooveMonitor"="p:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

c:\dokumente und einstellungen\hilscher\Startmen\Programme\Autostart\
FRITZ!DSL Protect.lnk - p:\programme\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"p:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"p:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"p:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"p:\\Programme\\FRITZ!fax\\FriFax32.exe"=
"p:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"p:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"p:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"s:\\level r\\LevelR\\LevelR.bin"=
"p:\\Programme\\FRITZ!fax\\igd_finder.exe"=
"p:\\Programme\\Motorola\\Software Update\\msu.exe"=
"p:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"p:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"p:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Dokumente und Einstellungen\\hilscher\\Lokale Einstellungen\\Apps\\2.0\\K27OL6Y1.ZVV\\27NWOCG3.JTW\\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\\fritzbox-usb-fernanschluss.exe"=

R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [06.04.2009 16:32 14208]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06.12.2005 17:11 35328]
R2 AntiVirSchedulerService;Avira AntiVir Planer;p:\programme\Avira\AntiVir Desktop\sched.exe [23.03.2009 09:02 108289]
R2 IGDCTRL;AVM IGD CTRL Service;p:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 10:14 87344]
R2 TomTomHOMEService;TomTomHOMEService;p:\programme\TomTom HOME 2\TomTomHOMEService.exe [24.06.2010 16:41 92008]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\drivers\avmaura.sys [18.04.2010 05:41 101248]
S1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [07.04.2009 14:10 241664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;p:\programme\MAGIX\Common\Database\bin\fbserver.exe [27.03.2009 07:58 1527900]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.03.2009 14:56 685816]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 11:14        451872        ----a-w-        c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-07-30 c:\windows\Tasks\1-Klick-Wartung.job
- p:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-13 10:03]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - p:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: p:\programme\FRITZ!DSL\\sarah.dll
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxp://img.ui-portal.de/1und1/smartdrive/activex/v1/1und1_de_osupload_2002.cab
FF - ProfilePath - c:\dokumente und einstellungen\hilscher\Anwendungsdaten\Mozilla\Firefox\Profiles\se08j9ic.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.bild.de
FF - component: c:\dokumente und einstellungen\hilscher\Anwendungsdaten\Mozilla\Firefox\Profiles\se08j9ic.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: p:\programme\Microsoft\Office Live\npOLW.dll
FF - plugin: p:\programme\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
p:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
p:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
p:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
p:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
p:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
p:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
p:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
p:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
p:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
p:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
p:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
p:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
p:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
p:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-30 21:49
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1343024091-562591055-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\wdigest.dll
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(960)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
p:\programme\Avira\AntiVir Desktop\avguard.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE
p:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
p:\programme\CDBurnerXP\NMSAccessU.exe
p:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
p:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\RunDll32.exe
p:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
p:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
p:\programme\FRITZ!DSL\StCenter.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-30  21:53:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-30 19:53

Vor Suchlauf: 10 Verzeichnis(se), 41.305.559.040 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 41.353.445.376 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 17A1725EE8EB03401099C7F529A50ED6
--- --- ---

cosinus 30.07.2010 20:58
c:\windows\system32\ntbaeset.dll

Bitte diese Datei bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

timi-nk 30.07.2010 21:07
Ich hoffe ich habe es richtig gemacht!!!!

timi-nk 30.07.2010 21:10
ich hoffe es hat alles geklappt!!

cosinus 31.07.2010 13:45
Hat leider nicht so geklappt wie ich das wollte. Angekommen ist eine leere Datei.

Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
files to delete:
c:\windows\system32\ntbaeset.dll
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken

timi-nk 31.07.2010 14:01
Hier das eine

Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\ntbaeset.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

timi-nk 31.07.2010 14:03
Hier der rest!

File-Upload.net - backup.zip

timi-nk 31.07.2010 14:06
hxxp://www.file-upload.net/download-2712418/backup.zip.html

cosinus 31.07.2010 14:45
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

timi-nk 31.07.2010 21:51
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:50:01 on 31.07.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - P:\Programme\TuneUp Utilities 2009\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"access.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\access.cpl
"appwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
"desk.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\desk.cpl
"hdwwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\hdwwiz.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"intl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\intl.cpl
"irprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\irprops.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"joy.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\joy.cpl
"main.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\main.cpl
"mmsys.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
"ncpa.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\ncpa.cpl
"nusrmgr.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nusrmgr.cpl
"odbccp32.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\odbccp32.cpl
"powercfg.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\powercfg.cpl
"sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
"telephon.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\telephon.cpl
"timedate.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\timedate.cpl
"wscui.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wscui.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - P:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - P:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - P:\Programme\QuickTime\QTSystem\QuickTime.cpl
"Speech" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a52taqfx" (a52taqfx) - ? - C:\WINDOWS\system32\drivers\a52taqfx.sys  (Hidden registry entry, rootkit activity | File not found)
"avgio" (avgio) - "Avira GmbH" - P:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM USB-Fernanschluss" (avmaura) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmaura.sys
"c2scsi" (c2scsi) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\c2scsi.sys
"catchme" (catchme) - ? - C:\confi.exe\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DiskSec" (DiskSec) - "MAGIX" - C:\WINDOWS\system32\drivers\DiskSec.sys
"ffldypob" (ffldypob) - ? - C:\DOKUME~1\hilscher\LOKALE~1\Temp\ffldypob.sys  (Hidden registry entry, rootkit activity | File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ithsgt" (ithsgt) - ? - C:\WINDOWS\System32\DRIVERS\ithsgt.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lilsgt" (lilsgt) - ? - C:\WINDOWS\System32\DRIVERS\lilsgt.sys  (File found, but it contains no detailed information)
"MotCcgpFlService" (motccgpfl) - ? - C:\WINDOWS\System32\DRIVERS\motccgpfl.sys  (File not found)
"Motorola Inc. USB Device" (MotDev) - ? - C:\WINDOWS\System32\DRIVERS\motodrv.sys  (File not found)
"Motorola USB Composite Device Driver" (motccgp) - ? - C:\WINDOWS\System32\DRIVERS\motccgp.sys  (File not found)
"NTSIM" (NTSIM) - "VIA Networking Technologies, Inc.      " - C:\WINDOWS\system32\ntsim.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 3.x)" (sfsync03) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync03.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - P:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - P:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - P:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - P:\Programme\7-Zip\7-zip.dll
{7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - C:\WINDOWS\system32\syncui.dll
{91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - P:\Programme\Windows Live\Mail\mailcomm.dll
{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - C:\WINDOWS\system32\deskmon.dll
{42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - C:\WINDOWS\system32\deskadp.dll
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\deskperf.dll
{22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\photowiz.dll
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
{59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - C:\WINDOWS\system32\diskcopy.dll
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - C:\WINDOWS\System32\mmcshext.dll
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{EFA24E62-B078-11d0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - C:\WINDOWS\system32\hticons.dll
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - C:\WINDOWS\System32\icmui.dll
{176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquoui.dll
{63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\msieftp.dll
{00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - P:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - P:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll
{03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - P:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - C:\WINDOWS\system32\themeui.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\remotepg.dll
{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\fontext.dll
{D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - P:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{00BB2763-6A77-11D0-A535-00C04FD7D062} "Shell Microsoft AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - C:\WINDOWS\system32\shscrap.dll
{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - C:\WINDOWS\system32\printui.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - C:\WINDOWS\system32\ntlanui2.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - P:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - P:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - P:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - P:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - P:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - P:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - P:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - P:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - P:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - P:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - P:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - P:\Programme\Windows Live\Toolbar\wltcore.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} "A9Helper.A9" - ? - C:\WINDOWS\Downloaded Program Files\A9.ocx / file://D:\components\A9.ocx
{22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} "HidInputMonitorX Control" - "TODO: <Company name>" - C:\WINDOWS\DOWNLO~1\HIDINP~1.OCX / file://D:\components\hidinputmonitorx.ocx
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - P:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - P:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - P:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - P:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} "UI File Upload Control" - "WEB.DE" - C:\WINDOWS\DOWNLO~1\osupload.ocx / hxxp://img.ui-portal.de/1und1/smartdrive/activex/v1/1und1_de_osupload_2002.cab
{7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class" - ? - C:\WINDOWS\Downloaded Program Files\wmvhdrating.ocx / file://D:\components\wmvhdrating.ocx
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - P:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"Exec" - "Microsoft Corporation" - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - P:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
"Messenger" - "Microsoft Corporation" - P:\Programme\Messenger\msmsgs.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - P:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - P:\Programme\Windows Live\Toolbar\wltcore.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - P:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - P:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - P:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{10945114-b19f-4614-8450-b25e444a1020} "SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - P:\Programme\Windows Live\Toolbar\wltcore.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"comdlg32" - "Microsoft Corporation" - C:\WINDOWS\system32\comdlg32.dll
"ole32" - "Microsoft Corporation" - C:\WINDOWS\system32\ole32.dll
"user32" - "Microsoft Corporation" - C:\WINDOWS\system32\user32.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\digest.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"FRITZ!DSL Protect.lnk" - "AVM Berlin" - P:\Programme\FRITZ!DSL\FwebProt.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - C:\Dokumente und Einstellungen\hilscher\Lokale Einstellungen\Apps\2.0\K27OL6Y1.ZVV\27NWOCG3.JTW\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe
"ccleaner" - "Piriform Ltd" - "P:\Programme\CCleaner\CCleaner.exe" /AUTO
"ctfmon.exe" - "Microsoft Corporation" - C:\WINDOWS\system32\ctfmon.exe
"TomTomHOME.exe" - "TomTom" - "P:\Programme\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira GmbH" - "P:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "P:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "P:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll
"EPSON SX410 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBFCE.DLL
"FRITZ!fax Color Monitor" - ? - FritzVistaColorMon.dll  (File not found)
"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll
"FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ablagemappe" (ClipSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\clipsrv.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - P:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - P:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - P:\Programme\FRITZ!DSL\IGDCTRL.EXE
"Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - C:\WINDOWS\system32\msdtc.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - P:\Programme\MAGIX\Common\Database\bin\fbserver.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - P:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"LiveShare P2P Server 9" (RoxLiveShare9) - ? - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"  (File not found)
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - P:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - C:\WINDOWS\system32\mnmsrvc.exe
"NMSAccess" (NMSAccess) - ? - P:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - P:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - P:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - P:\Programme\TomTom HOME 2\TomTomHOMEService.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\WINDOWS\System32\TuneUpDefragService.exe
"TuneUp Program Statistics Service" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\WINDOWS\System32\TUProgSt.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe
"Windows Live Family Safety" (fsssvc) - "Microsoft Corporation" - P:\Programme\Windows Live\Family Safety\fsssvc.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\LogonUI.EXE
"VmApplet" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Drahtlos" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS-Paketplaner" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Skripts" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Sarah NSP" - "AVM Berlin" - P:\Programme\FRITZ!DSL\sarah.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"SARAH LSP" - "AVM Berlin" - P:\Programme\FRITZ!DSL\sarah.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

timi-nk 31.07.2010 21:54
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

timi-nk 01.08.2010 08:03
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-01 09:02:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\hilscher\LOKALE~1\Temp\ffldypob.sys


---- System - GMER 1.0.15 ----

SSDT BA7CE62E ZwCreateKey
SSDT BA7CE624 ZwCreateThread
SSDT BA7CE633 ZwDeleteKey
SSDT BA7CE63D ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xB9EC3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB9EC4340]
SSDT BA7CE642 ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xB9EBE0B0]
SSDT BA7CE610 ZwOpenProcess
SSDT BA7CE615 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xB9EC4418]
SSDT sptd.sys ZwQueryValueKey [0xB9EC4298]
SSDT BA7CE64C ZwReplaceKey
SSDT BA7CE647 ZwRestoreKey
SSDT BA7CE638 ZwSetValueKey
SSDT BA7CE61F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.sfrelocÿÿÿÿsfsync03unknown last section [0xBA0F5000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xBA0F5000, 0xA20, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB93D6000, 0x1C5D58, 0xE8000020]
.text USBPORT.SYS!DllUnload B93928AC 5 Bytes JMP 8A347318
? System32\Drivers\a7h64b5b.SYS Das System kann den angegebenen Pfad nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\ithsgt.sys section is writeable [0xA6293300, 0x21770, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EBEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EBEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EBEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EBF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EBF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9ED429A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A68C1E8
Device \Driver\usbuhci \Device\USBPDO-0 8A28F790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6211E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6211E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6211E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6211E8
Device \Driver\usbuhci \Device\USBPDO-1 8A28F790
Device \Driver\usbuhci \Device\USBPDO-2 8A28F790
Device \Driver\NetBT \Device\NetBT_Tcpip_{0E580028-0923-4730-8537-EA445E896BE9} 8A3DE690
Device \Driver\usbuhci \Device\USBPDO-3 8A28F790
Device \Driver\usbehci \Device\USBPDO-4 8A40A518

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A68E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 DiskSec.sys (MAGIX)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A68E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 DiskSec.sys (MAGIX)

Device \Driver\Cdrom \Device\CdRom0 8A3481E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A68E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 DiskSec.sys (MAGIX)

Device \Driver\Cdrom \Device\CdRom1 8A3481E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A68E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 DiskSec.sys (MAGIX)

Device \Driver\Cdrom \Device\CdRom2 8A3481E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A68E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 DiskSec.sys (MAGIX)

Device \Driver\Ftdisk \Device\HarddiskVolume6 8A68E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 DiskSec.sys (MAGIX)

Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3DE690
Device \Driver\NetBT \Device\NetbiosSmb 8A3DE690
Device \Driver\PCI_NTPNP1822 \Device\0000004f sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 8A28F790
Device \Driver\usbuhci \Device\USBFDO-1 8A28F790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A191790
Device \Driver\usbuhci \Device\USBFDO-2 8A28F790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A191790
Device \Driver\usbuhci \Device\USBFDO-3 8A28F790
Device \Driver\usbehci \Device\USBFDO-4 8A40A518
Device \Driver\Ftdisk \Device\FtControl 8A68E1E8
Device \Driver\a7h64b5b \Device\Scsi\a7h64b5b1 8A0FF320
Device \Driver\a7h64b5b \Device\Scsi\a7h64b5b1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a7h64b5b \Device\Scsi\a7h64b5b1Port4Path0Target0Lun0 8A0FF320
Device \Driver\a7h64b5b \Device\Scsi\a7h64b5b1Port4Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A12B790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 P:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBA 0x06 0x9F 0x8F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x52 0x58 0x8A 0x69 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x84 0x57 0x51 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 P:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0xF3 0x67 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x52 0x58 0x8A 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2D 0xE0 0x91 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 P:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0x23 0x3F 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x52 0x58 0x8A 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x11 0x41 0x32 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 P:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0x23 0x3F 0x52 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x52 0x58 0x8A 0x69 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x11 0x41 0x32 0xD0 ...

---- EOF - GMER 1.0.15 ----

cosinus 01.08.2010 19:28
Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
remover.exe fix \\.\PhysicalDrive0

timi-nk 01.08.2010 21:02
Erledigt!!!

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Dokumente und Einstellungen\hilscher>remover.exe fix \\.\PhysicalDrive0
Bootkit Remover
(c) 2009 eSage Lab
esage lab - main

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Restoring boot code at \\.\PhysicalDrive0...
OK

Done;
Press any key to quit...

C:\Dokumente und Einstellungen\hilscher>

cosinus 01.08.2010 22:34
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

timi-nk 02.08.2010 20:04
Der 1 log: hat lange gedauert

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4381

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02.08.2010 21:03:24
mbam-log-2010-08-02 (21-03-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|M:\|P:\|S:\|)
Durchsuchte Objekte: 265504
Laufzeit: 3 Stunde(n), 57 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{BE77D039-FB39-4C79-A245-FBE077943FA6}\RP129\A0040894.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{BE77D039-FB39-4C79-A245-FBE077943FA6}\RP132\A0042326.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
P:\System Volume Information\_restore{BE77D039-FB39-4C79-A245-FBE077943FA6}\RP132\A0042396.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

timi-nk 02.08.2010 20:33
Der andere log kommt morgen!!

Bis dann

timi-nk 03.08.2010 17:33
Hier das 2. log:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 08/03/2010 at 06:24 PM

Application Version : 4.39.1002

Core Rules Database Version : 5302
Trace Rules Database Version: 3114

Scan type : Complete Scan
Total Scan Time : 01:30:11

Memory items scanned : 627
Memory threats detected : 0
Registry items scanned : 7907
Registry threats detected : 0
File items scanned : 140155
File threats detected : 4

Trojan.Agent/Gen-Keygen
F:\SYSTEM VOLUME INFORMATION\_RESTORE{BE77D039-FB39-4C79-A245-FBE077943FA6}\RP132\A0042324.EXE
F:\SYSTEM VOLUME INFORMATION\_RESTORE{BE77D039-FB39-4C79-A245-FBE077943FA6}\RP132\A0042328.EXE

Trojan.Agent/Gen-Krpytik
S:\SYSTEM VOLUME INFORMATION\_RESTORE{BE77D039-FB39-4C79-A245-FBE077943FA6}\RP132\A0042451.EXE
S:\SYSTEM VOLUME INFORMATION\_RESTORE{D7B267F0-19DD-4F10-996F-58940EDE3EF8}\RP99\A0027745.EXE

cosinus 05.08.2010 14:44
Zitat:
Trojan.Agent/Gen-Keygen
Sach nicht, dass Du mal (illegale!) Keygens drauf und ausgeführt hattest! :eek:

timi-nk 05.08.2010 16:51
Das ist schon ewig her!

Ich weiß das das nichts bringt!
kaufen ist eh besser und sicherer!!

cosinus 05.08.2010 17:12
Was heißt ewig, wie lang ist das her? :headbang:
Normalerweise ist bei keygens schluss mit lustig, da illegal, und du wirst nur noch Hinweise zur Neuinstallation von Windows bekommen :balla:

timi-nk 05.08.2010 18:04
mindestes 3 Jahre. Mit dem Keygenzeugs bin ich eh nie klar gekommen!
Jetzt gibt es nur legalle SW garantiert

cosinus 05.08.2010 18:24
Nagut. Das Zeug war wenn überhaupt eh nur noch "indirekt" auf dem Rechner, nämlich in der SWH.
Rechner wieder ok? Oder gab's noch weitere Funde oder Probleme?

timi-nk 05.08.2010 18:37
Was heißt SWH??

Rechner ist i.O.

anti vir hat nur die uralt keygens gefunden!

Gibts irgend etwas was auf dem Rechner besser sein könnte???

cosinus 05.08.2010 18:51
Zitat:
Was heißt SWH??
Systemwiederherstellung

timi-nk 05.08.2010 19:00
Danke für die Hilfe!!

Bis später!

Großes kino jungs; Ihr habt was drauf
Grüß den Rest

Schönes WE,
Ich muß jetzt Zuckertüte packen

cosinus 05.08.2010 19:46
Gut, dann bitte die Updates prüfen, hier mein Leitfaden dazu:


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:52 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130