Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   explorer.exe und drwtsn32.exe und späteres Einfrieren (https://www.trojaner-board.de/92883-explorer-exe-drwtsn32-exe-spaeteres-einfrieren.html)

Aehndiehmähn 15.11.2010 17:07
explorer.exe und drwtsn32.exe und späteres Einfrieren
 
Hallo,
seit einiger Zeit quälen mich beim booten des Rechners Fehlermeldungen.

explorer.exe hat ein Problem festgestellt und muss beendet werden

und

drwtsn32.exe hat ein problem festgestellt und muss beendet werden

Wenn der Rechner dann eine längere Zeit beanstandungsfrei gelaufen ist, erscheint eine Fehlermeldung bezüglich einer dll, welche eine nicht windows-fähige dll sein soll. Diese Fehlermeldung erscheint in einer größeren Zahl und dann friert der Rechner quasi ein .... es lassen sich keine Programme mehr ausführen. Erst nach einem Neustart klappt es wieder - für eine Zeit ....

Ich habe bereits die ersten Schritte mit den Tools durchgeführt und möchte die log-files posten. Irgendwo war eine Anleitung, wie das "besser lesbar" gemacht werden kann. Diese Anleitung finde ich nun nicht mehr. Bitte um einen Hinweis, damit ich die log-files dann posten kann.

Vielen Dank schon mal...
Aehndiehmähn

cosinus 15.11.2010 22:50
Hallo und :hallo:

am besten alle Logs in eine Datei zippen oder raren und dieses Archiv mit allen Logs hier dem nächsten Beitrah anhängen.

Aehndiehmähn 16.11.2010 09:16
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Arne,

schön, dass du mir hilfst. :applaus: Ich hoffe, ich habs richtig gemacht - bin nicht so der Profi.

Gmer hat nicht geklappt. Ich bekam eine Meldung, die ich als jpg angehängt habe.

Gruß
Aehndiehmähn

cosinus 16.11.2010 09:26
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Aehndiehmähn 16.11.2010 09:34
aktualisiert - und scan läuft. Wird nur einige Zeit dauern - vermute ich ....

Aehndiehmähn 16.11.2010 15:49
Liste der Anhänge anzeigen (Anzahl: 2)
Im Anhang die log-datei. Der Scan wurde mehrfach durch Meldungen unterbrochen (Zeitüberschreitung; siehe angehängtes jpg).

Nach dem scan habe ich die Funde von malwarebytes erntfernen lassen - ich hoffe, das war i.o.

Habe dann den Rechner neu gebootet und bekam die ebenfalls als jg angehägte meldung (boot.jpg)

cosinus 16.11.2010 21:52
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.20 13:05:52 | 000,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005.11.15 11:08:04 | 000,000,036 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{93af9136-a9d0-11dd-986d-0019d1e39b41}\Shell\AutoRun\command - "" = L:\instdata\xaver\bin\xaver.exe -- File not found
O33 - MountPoints2\{93af9136-a9d0-11dd-986d-0019d1e39b41}\Shell\command - "" = L:\instdata\xaver\bin\xaver.exe -- File not found
@Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:02C1CB6D
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C7038690
@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:93EB7685
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:981884E7
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Aehndiehmähn 17.11.2010 09:01
HAbe mit OTL nach Anweisung gefixt. Hier das Resultat:

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://home.sweetim.com" removed from browser.startup.homepage
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
K:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93af9136-a9d0-11dd-986d-0019d1e39b41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93af9136-a9d0-11dd-986d-0019d1e39b41}\ not found.
File L:\instdata\xaver\bin\xaver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93af9136-a9d0-11dd-986d-0019d1e39b41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93af9136-a9d0-11dd-986d-0019d1e39b41}\ not found.
File L:\instdata\xaver\bin\xaver.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:02C1CB6D deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C7038690 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:93EB7685 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:981884E7 deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 2572673 bytes
->Temporary Internet Files folder emptied: 2840443 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 615 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: vpn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 295485 bytes
RecycleBin emptied: 1611 bytes
 
Total Files Cleaned = 6,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11172010_084753

Files\Folders moved on Reboot...
File\Folder C:\windows\temp\usgthrsvc\Perflib_Perfdata_690.dat not found!
C:\windows\temp\Perflib_Perfdata_c44.dat moved successfully.

Registry entries deleted on Reboot...


gruß
Aehndiemähn

cosinus 17.11.2010 14:25
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Aehndiehmähn 17.11.2010 16:31
Hier nun das Cofi-log

Combofix Logfile:
Code:
ComboFix 10-11-16.06 - *** 17.11.2010  16:02:06.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.285 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
 
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
 
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\dokume~1\***\LOKALE~1\Temp\IadHide5.dll
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\***\Eigene Dateien\DPE.DUS
c:\dokumente und einstellungen\***\Lokale Einstellungen\Temp\IadHide5.dll
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\vpn\Anwendungsdaten\PriceGong
C:\Images
c:\windows\system32\spool\prtprocs\w32x86\ColorPr.dll
 
.
(((((((((((((((((((((((  Dateien erstellt von 2010-10-17 bis 2010-11-17  ))))))))))))))))))))))))))))))
.
 
2010-11-17 14:47 . 2010-11-17 14:48    --------    d-----w-    c:\programme\CCleaner
2010-11-17 07:47 . 2010-11-17 07:47    --------    d-----w-    C:\_OTL
2010-11-16 17:44 . 2010-11-16 17:44    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\ISDNWatch
2010-11-16 17:44 . 2004-05-24 12:35    59520    ----a-w-    c:\windows\system32\drivers\avmport.sys
2010-11-16 17:44 . 2004-05-24 12:35    167936    ----a-w-    c:\windows\AVM_cpdi.clr
2010-11-15 14:33 . 2010-11-15 14:35    --------    d-----w-    c:\programme\ERUNT
2010-11-15 14:06 . 2010-11-15 14:06    --------    d-----w-    c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-11-15 14:06 . 2010-04-29 14:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 14:06 . 2010-11-15 14:06    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware
2010-11-15 14:06 . 2010-11-15 14:06    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-11-15 14:06 . 2010-04-29 14:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-11-15 13:12 . 2010-11-15 13:12    --------    d-----w-    c:\dokumente und einstellungen\***\Documents
2010-11-15 10:05 . 2010-11-15 10:05    --------    d-----w-    c:\dokumente und einstellungen\***\Anwendungsdaten\Avira
2010-11-15 09:17 . 2010-11-15 09:17    --------    d-----w-    c:\programme\iPod
2010-11-15 09:17 . 2010-11-15 09:18    --------    d-----w-    c:\programme\iTunes
2010-11-14 09:09 . 2010-11-14 09:09    --------    d-----w-    C:\Sun
2010-11-14 08:40 . 2001-08-17 11:49    17152    -c--a-w-    c:\windows\system32\dllcache\atitunep.sys
2010-11-14 08:40 . 2001-08-17 11:49    26880    -c--a-w-    c:\windows\system32\dllcache\atirtsnd.sys
2010-11-14 08:40 . 2001-08-18 03:52    104832    -c--a-w-    c:\windows\system32\dllcache\atiraged.dll
2010-11-14 08:40 . 2001-08-18 03:19    70784    -c--a-w-    c:\windows\system32\dllcache\atiragem.sys
2010-11-14 08:40 . 2001-08-17 11:49    10240    -c--a-w-    c:\windows\system32\dllcache\atipcxxx.sys
2010-11-14 08:40 . 2001-08-17 11:49    49920    -c--a-w-    c:\windows\system32\dllcache\atirtcap.sys
2010-11-14 08:40 . 2001-08-18 03:19    75392    -c--a-w-    c:\windows\system32\dllcache\atimpae.sys
2010-11-14 08:40 . 2001-08-18 03:19    281728    -c--a-w-    c:\windows\system32\dllcache\atimtai.sys
2010-11-14 08:38 . 2001-08-17 13:07    101888    -c--a-w-    c:\windows\system32\dllcache\adpu160m.sys
2010-11-12 14:34 . 2004-12-03 13:46    49152    ----a-w-    c:\windows\system32\FritzColorPort.dll
2010-11-12 14:34 . 2003-11-27 15:36    36864    ----a-w-    c:\windows\system32\Fridru32.dll
2010-11-12 14:34 . 2003-11-26 11:18    49152    ----a-w-    c:\windows\system32\FritzPort.dll
2010-11-12 14:34 . 2002-01-05 04:36    964608    ----a-w-    c:\windows\system32\mfc70u.dll
2010-11-12 14:34 . 2002-01-05 03:38    54784    ----a-w-    c:\windows\system32\msvci70.dll
2010-11-12 14:34 . 2002-01-05 04:48    974848    ----a-w-    c:\windows\system32\mfc70.dll
2010-11-12 14:33 . 2010-11-16 17:31    --------    d-----w-    c:\programme\Gemeinsame Dateien\AVM
2010-11-11 17:39 . 2010-08-02 15:09    60936    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-11-11 17:39 . 2010-08-02 15:09    126856    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-11-11 17:39 . 2010-06-17 14:27    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-11-11 17:39 . 2010-06-17 14:27    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-11-11 17:39 . 2010-11-11 17:39    --------    d-----w-    c:\programme\Avira
2010-11-11 17:39 . 2010-11-11 17:39    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-11-08 09:34 . 2010-11-08 09:34    --------    d-----w-    c:\programme\Gemeinsame Dateien\Java
2010-11-08 09:34 . 2010-11-08 09:34    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2010-11-06 15:34 . 2010-11-06 15:34    --------    d-----w-    c:\programme\Gemeinsame Dateien\Haufe
2010-11-06 15:28 . 2010-11-06 15:28    --------    d-----w-    c:\programme\examotion
2010-11-06 15:28 . 2006-06-26 13:58    1929216    ----a-w-    c:\windows\system32\cdintf250.dll
2010-11-06 15:27 . 2010-11-06 15:27    86016    ----a-r-    c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{EB5AE940-8E5D-11DE-992A-005056B12123}\ARPPRODUCTICON.exe
2010-11-06 15:27 . 2010-11-06 15:28    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Haufe
2010-11-05 15:35 . 2010-11-05 15:35    --------    d-----w-    c:\dokumente und einstellungen\LocalService\Startmenü
2010-10-24 17:10 . 2010-10-24 17:10    --------    d-----w-    c:\dokumente und einstellungen\vpn\Anwendungsdaten\Logitech
2010-10-24 16:44 . 2010-10-24 16:45    --------    d-----w-    c:\dokumente und einstellungen\***
2010-10-24 16:41 . 2010-10-24 16:41    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\espionServerData
 
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 09:34 . 2010-04-30 07:42    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-09-18 10:22 . 2006-02-28 12:00    974848    ----a-w-    c:\windows\system32\Mfc42u.dll
2010-09-18 06:52 . 2006-02-28 12:00    974848    ----a-w-    c:\windows\system32\Mfc42.dll
2010-09-18 06:52 . 2006-02-28 12:00    954368    ----a-w-    c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2006-02-28 12:00    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-10 05:47 . 2006-02-28 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2006-02-28 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2006-02-28 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2010-09-01 11:50 . 2006-02-28 12:00    285824    ----a-w-    c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2006-02-28 12:00    1852928    ----a-w-    c:\windows\system32\win32k.sys
2010-08-31 09:40 . 2010-08-31 09:40    1409    ----a-w-    c:\windows\system32\tmpDC402.FOT
2010-08-31 09:40 . 2010-08-31 09:40    1409    ----a-w-    c:\windows\system32\tmpC5202.FOT
2010-08-31 09:40 . 2010-08-31 09:40    1409    ----a-w-    c:\windows\system32\tmp89502.FOT
2010-08-31 09:40 . 2010-08-31 09:40    1409    ----a-w-    c:\windows\system32\tmp56302.FOT
2010-08-31 09:40 . 2010-08-31 09:40    1409    ----a-w-    c:\windows\system32\tmpA1002.FOT
2010-08-31 09:40 . 2010-08-31 09:40    1409    ----a-w-    c:\windows\system32\tmp33102.FOT
2010-08-27 08:01 . 2006-02-28 12:00    119808    ----a-w-    c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-28 12:00    99840    ----a-w-    c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25    5632    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-02-28 12:00    357248    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-08-23 16:11 . 2006-02-28 12:00    617472    ----a-w-    c:\windows\system32\comctl32.dll
1998-04-26 22:00 . 2007-07-20 15:52    570128    -c--a-w-    c:\programme\Gemeinsame Dateien\Dao350.dll
.
 
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-08-18 10:08    353656    ----a-w-    c:\programme\PriceGong\2.1.0\PriceGongIE.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 15:25    1438520    ----a-r-    c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
 
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
 
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"Google Update"="c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"LDM"="c:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-08-09 32768]
"DUControl"="d:\programme\DirectUpdate v4\DUControl.exe" [2010-09-18 46832]
"DynSite"="d:\programme\Noel Danjou\DynSite\DynSite.exe" [2008-09-25 1342072]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"SpeechExec Startup"="c:\programme\Gemeinsame Dateien\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe" [2007-10-02 16384]
"NSCSysTrayUI"="c:\programme\Samsung\NetworkScan\NSCSysTrayUI.exe" [2006-09-14 270336]
"Norton Ghost 12.0"="c:\programme\Norton Ghost\Agent\VProTray.exe" [2007-10-05 2037088]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-09 507904]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"TrueImageMonitor.exe"="c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 1194728]
"AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1966928]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-03-18 202256]
"EvtMgr6"="c:\programme\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"Share-to-Web Namespace Daemon"="c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2010-08-30 111928]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-11-10 421160]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
"Schmaili"="e:\programme\Schmaili90\schmaili.exe" [2007-08-03 536576]
 
c:\dokumente und einstellungen\***\Startmen�\Programme\Autostart\
jAnrufmonitor 5.0.lnk - c:\programme\jAnrufmonitor\jam.exe [2010-10-27 45056]
Netzmanager.lnk - c:\programme\Netzmanager\netzmanager.exe [2010-3-22 1540096]
SmartCapture.lnk - c:\windows\Seiko\slpcap.exe [2006-7-12 123917]
 
c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
ISDNWatch.lnk - c:\programme\FRITZ!\IWatch.exe [2010-11-16 241664]
Logitech Desktop Messenger.lnk - c:\programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-8-9 450560]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29    64592    ----a-w-    c:\programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk /r \??\K:\0autocheck autochk *
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
 
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk]
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27    153136    -c--a-w-    c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCockpit]
2007-07-30 13:27    1207808    ----a-w-    c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\InfoCockpit.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 14:15    221184    -c--a-w-    c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 14:15    81920    -c--a-w-    c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57    153136    -c--a-w-    c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
2007-01-16 18:42    46632    -c--a-w-    c:\programme\ScanSoft\PDF Professional 4.0\RegistryController.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17    421888    ----a-w-    c:\programme\QuickTime\QTTask.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 01:01    32768    -c--a-w-    c:\programme\CyberLink\PowerDVD\PDVDServ.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42    69632    ----a-w-    c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03    210472    -c--a-w-    c:\programme\Gemeinsame Dateien\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STRATO Sync]
2006-05-28 14:24    589824    ----a-w-    e:\programme\STRATO Sync\STRATO Sync.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 16:13    68856    -c--a-w-    c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-18 07:44    202256    ----a-w-    c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48    2019624    ----a-w-    e:\programme\Uniblue\RegistryBooster\RegistryBooster.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DNSerSvc"=2 (0x2)
"de_serv"=3 (0x3)
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"T-Online_Software_6\WLAN-Access Finder"=c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
"InfoCockpit"=c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
"GMX SMS-Manager"=e:\programme\GMX\GMX SMS-Manager\SMSMngr.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IntelAudioStudio"="c:\programme\Intel Audio Studio\IntelAudioStudio.exe" BOOT
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"IRIS_S2P"=c:\programme\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
"Share-to-Web Namespace Daemon"=c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"SweetIM"=c:\programme\SweetIM\Messenger\SweetIM.exe
"ToADiMon.exe"=c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Marvell\\61xx\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Samsung\\NetworkScan\\NSCSysTrayUI.exe"=
"e:\\Programme\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"c:\\Programme\\ScanSoft\\OmniForm 5.0\\EReg\\NAVBrowser.exe"=
"c:\\Programme\\Wertpapieranalyse_2006\\wm50.exe"=
"c:\\Programme\\Opera\\Opera.exe"=
"c:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Programme\\TightVNC\\WinVNC.exe"=
"c:\\Programme\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"e:\\Programme\\TYPO3_4.2.3\\Apache\\bin\\Apache.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\dokumente und einstellungen\***\Anwendungsdaten\Facebook\facebook.exe"= c:\dokumente und einstellungen\***\Anwendungsdaten\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Programme\\Vodafone\\Messenger PC\\vfmsgpc.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programme\\StarMoney 7.0 S-Edition\\ouservice\\StarMoneyOnlineUpdate.exe"=
"c:\\Programme\\StarMoney 7.0 S-Edition\\app\\StarMoney.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5190:TCP"= 5190:TCP:icq
 
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [05.07.2007 13:43 91520]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [05.07.2007 12:30 21504]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [02.11.2007 16:32 14949]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 04:45 169312]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.11.2010 18:39 135336]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [17.07.2007 13:18 554352]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [16.11.2010 18:44 59520]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [02.11.2007 16:32 652592]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [09.08.2010 13:56 10448]
R2 Marvell RAID;Marvell RAID Event Agent;c:\programme\Marvell\61xx\svc\mvraidsvc.exe [03.02.2007 02:18 61440]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [10.12.2007 20:05 61440]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [22.03.2010 15:40 9728]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R2 TeamViewer5;TeamViewer 5;c:\programme\TeamViewer\Version5\TeamViewer_Service.exe [19.10.2010 13:29 2011944]
R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [24.11.2004 53632]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\drivers\cjusb.sys [02.11.2007 16:32 23040]
R3 fpcibase;FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [06.07.2007 08:35 548864]
S2 gupdate1c9b8f867f13612;Google Update Service (gupdate1c9b8f867f13612);c:\programme\Google\Update\GoogleUpdate.exe [09.04.2009 10:48 133104]
S2 MRUWebService;MRU Web Service;c:\programme\Marvell\61xx\Apache2\bin\Apache.exe [10.01.2007 08:17 20539]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [16.11.2010 19:39 549384]
S3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [06.07.2007 08:35 37568]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [13.08.2007 10:24 182400]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [13.08.2007 10:22 12288]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [13.08.2007 10:22 320256]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [13.08.2007 10:22 394880]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [10.12.2007 20:05 17280]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 13:49 227232]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [10.12.2007 20:05 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [09.08.2006 15:39 17536]
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\DRIVERS\NETFRITZ.SYS --> c:\windows\system32\DRIVERS\NETFRITZ.SYS [?]
S3 PinnacleRoyalTS;Pinnacle Systems RoyalTS Device;c:\windows\system32\drivers\RoyalTS.sys [02.11.2007 16:19 124544]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.01.2008 10:12 25088]
S4 DNSerSvc;DNSerSvc;e:\programme\DynDNS\DNSerSvc.exe --> e:\programme\DynDNS\DNSerSvc.exe [?]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv    REG_MULTI_SZ      Tapisrv
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
 
2010-11-17 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
 
2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
 
2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-09 09:48]
 
2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-09 09:48]
 
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-413027322-839522115-1003Core.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-03-22 18:03]
 
2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-413027322-839522115-1003UA.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-03-22 18:03]
 
2010-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-73586283-413027322-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
 
2010-11-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-413027322-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
 
2010-11-17 c:\windows\Tasks\User_Feed_Synchronization-{DDDBF525-132B-4D21-9A11-5662E8FC2C89}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Mit ScanSoft PDF Converter 4.1 öffnen - c:\programme\ScanSoft\PDF Professional 4.0\cnvres_ger.dll /100
IE: MMS senden - c:\programme\Vodafone\Messenger PC\Plugins\Vodafone SMS Toolbar\IE\SMSToolbar.dll/242
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: SMS senden - c:\programme\Vodafone\Messenger PC\Plugins\Vodafone SMS Toolbar\IE\SMSToolbar.dll/241
IE: {{0221703C-6E84-4915-9960-593A66B3D84E} - c:\programme\ELOoffice\EloArcConnect.exe
IE: {{39FC0E7F-84EA-4962-AB58-33913BC63CAB} - c:\programme\ELOoffice\EloInternetExplorer.htm
Trusted Zone: commerzbanking.de
TCP: {09611DB1-63F0-48EE-9B46-98699623DEE5} = 192.168.2.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r8u67x7k.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r8u67x7k.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\programme\PriceGong\2.1.0\FF\components\PriceGongFF.dll
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programme\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\programme\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
---- FIREFOX Richtlinien ----
 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
 
MSConfigStartUp-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
 
 
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-17 16:18
Windows 5.1.2600 Service Pack 3 NTFS
 
Scanne versteckte Prozesse...
 
Scanne versteckte Autostarteinträge...
 
Scanne versteckte Dateien...
 
 
c:\windows\TEMP\xpxgdn24.0.cs 73416 bytes
c:\windows\TEMP\xpxgdn24.cmdline 424 bytes
c:\windows\TEMP\xpxgdn24.dll 45056 bytes executable
c:\windows\TEMP\xpxgdn24.err 0 bytes
c:\windows\TEMP\xpxgdn24.out
c:\windows\TEMP\xpxgdn24.tmp
 
Scan erfolgreich abgeschlossen
versteckte Dateien: 6
 
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
 
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|ù•6~*]
"7040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"7040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040111900063D11C8EF10054038389C"="C?\\windows\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 
- - - - - - - > 'winlogon.exe'(1612)
c:\windows\system32\Ati2evxx.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
 
- - - - - - - > 'explorer.exe'(4640)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Bonjour\mDNSResponder.exe
d:\programme\DirectUpdate v4\DUEngine.exe
c:\programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programme\Norton Ghost\Agent\VProSvc.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\SearchIndexer.exe
c:\programme\TeamViewer\Version5\TeamViewer.exe
c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\programme\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\javaw.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-17  16:27:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-11-17 15:26
 
Vor Suchlauf: 19 Verzeichnis(se), 20.563.369.984 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 20.497.883.136 Bytes frei
 
- - End Of File - - 00A02166DE5886D4BB7C391BF60C46C1
--- --- ---


gruß und zwischendurch schon mal ein dickes :dankeschoen: für deine geduldige hilfe

cosinus 17.11.2010 19:09
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Aehndiehmähn 18.11.2010 14:15
Hi,

Gmer hat sich aufgehängt. Demgemäß hier zunächst OSAM:

Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:05:35 on 18.11.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-73586283-413027322-839522115-1003Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-73586283-413027322-839522115-1003UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"RealUpgradeLogonTaskS-1-5-21-73586283-413027322-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-73586283-413027322-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2009\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cjtpl.cpl" - " REINER SCT" - C:\windows\system32\cjtpl.cpl
"Ddbaccpl.cpl" - "DataDesign AG" - C:\windows\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\windows\system32\ddBACCTM.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\windows\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\windows\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\windows\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP2.CPL
"ToSysCnf" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\windows\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\windows\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\windows\System32\DRIVERS\tifsfilt.sys
"AFS2k" (AFS2K) - "Oak Technology Inc." - C:\windows\system32\drivers\AFS2K.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\windows\system32\drivers\Aspi32.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"AVM FRITZ!web PPP over ISDN" (NETFRITZ) - ? - C:\windows\System32\DRIVERS\NETFRITZ.SYS  (File not found)
"AVMPORT" (AVMPORT) - "AVM Berlin" - C:\windows\System32\drivers\avmport.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"CdaD10BA" (CdaD10BA) - "Macrovision Europe Ltd" - C:\WINDOWS\system32\drivers\CdaD10BA.SYS
"Changer" (Changer) - ? - C:\windows\system32\drivers\Changer.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys
"Flash5 Invoker Service" (Invoker) - "Your Corporation" - C:\WINDOWS\System32\Drivers\Invoker.sys
"FlexBIOS Service" (FlexBios) - "Your Corporation" - C:\WINDOWS\System32\Drivers\FlexBios.sys
"Franson VSerial" (bizVSerial) - "franson.biz" - C:\windows\System32\drivers\bizVSerialNT.sys
"i2omgmt" (i2omgmt) - ? - C:\windows\system32\drivers\i2omgmt.sys  (File not found)
"Intel (R) System Management BIOS Service" (SMBios) - "Intel Corporation" - C:\windows\System32\DRIVERS\SMBios.sys
"Intel(R) SMBus 2.0 Driver" (smbusp) - "Intel Corporation" - C:\windows\System32\DRIVERS\intelsmb.sys
"lbrtfdc" (lbrtfdc) - ? - C:\windows\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech Beep Suppression Driver" (LBeepKE) - "Logitech, Inc." - C:\windows\System32\Drivers\LBeepKE.sys
"Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\windows\System32\DRIVERS\LHidFilt.Sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\windows\System32\DRIVERS\LMouFilt.Sys
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\windows\System32\drivers\npf.sys
"PCIDump" (PCIDump) - ? - C:\windows\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\windows\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\windows\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\windows\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\windows\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys
"Symantec Event Monitor Driver" (VProEventMonitor) - "Symantec Corporation" - C:\windows\System32\DRIVERS\vproeventmonitor.sys
"Symantec V2i Mount Driver" (v2imount) - "Symantec Corporation" - C:\windows\System32\DRIVERS\v2imount.sys
"Symantec Volume Snap Shot Driver" (symsnap) - "StorageCraft" - C:\windows\System32\DRIVERS\symsnap.sys
"WDICA" (WDICA) - ? - C:\windows\system32\drivers\WDICA.sys  (File not found)
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\windows\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\windows\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\windows\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726a1b3-1986-4bb6-b619-5728a064c44f} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{9726A1B3-1986-4BB6-B619-5728A064C44F} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                         " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell-Erweiterungskomponente" - ? - E:\Programme\Corel\Graphics10\Draw\CdrViewer\CrlShell100.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{BB7DFDE3-8629-41BF-BCEC-90F436E2A0AE} "ELOShellExtension.ShellExt" - "ELO Digital Office GmbH" - C:\Programme\ELOoffice\ELOShl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPointP\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{A4DF5659-0801-4A60-9607-1C48695EFDA9} "Ordner HP Share-to-Web" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{ADD80807-5EDD-4a73-A2D6-920DFF8CC009} "PDF Converter 4.0 Shell Extension" - "Nuance Communications, Inc." - C:\Programme\ScanSoft\PDF Professional 4.0\ShellExt40.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\windows\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "Vodafone SMS Toolbar" - "Vodafone" - C:\Programme\Vodafone\Messenger PC\Plugins\Vodafone SMS Toolbar\IE\SMSToolbar.dll
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{A057A204-BACC-4D26-9990-79A187E2698E}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\WINDOWS\system32\OGACheckControl.DLL /
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{4D054067-DE3A-48F9-B19B-BCD229B9AE8D} "{4D054067-DE3A-48F9-B19B-BCD229B9AE8D}" - ? -   (File not found | COM-object registry key not found) /
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
"ELO Archiv" - ? - C:\Programme\ELOoffice\EloInternetExplorer.htm
"Exec" - ? - C:\Programme\ELOoffice\EloArcConnect.exe  (File found, but it contains no detailed information)
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? -   (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{27743AB1-8A7C-442A-8F10-AE39E2F26538} "Vodafone SMS Toolbar" - "Vodafone" - C:\Programme\Vodafone\Messenger PC\Plugins\Vodafone SMS Toolbar\IE\SMSToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{1631550F-191D-4826-B069-D9439253D926} "PriceGongBHO Class" - "PriceGong" - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"ISDNWatch.lnk" - "AVM Berlin" - C:\Programme\FRITZ!\IWatch.exe  (Shortcut exists | File exists)
"Logitech Desktop Messenger.lnk" - "Logitech" - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe  (Shortcut exists | File exists)
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
"jAnrufmonitor 5.0.lnk" - ? - C:\Programme\jAnrufmonitor\jam.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
"Netzmanager.lnk" - "Deutsche Telekom AG" - C:\Programme\Netzmanager\netzmanager.exe  (Shortcut exists | File exists)
"SmartCapture.lnk" - "Seiko Instruments USA Inc." - C:\WINDOWS\Seiko\slpcap.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DUControl" - "WildUP" - "d:\Programme\DirectUpdate v4\DUControl.exe"
"DynSite" - "Noël Danjou" - "d:\Programme\Noel Danjou\DynSite\DynSite.exe"
"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
"LDM" - "Logitech" - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"EvtMgr6" - "Logitech, Inc." - C:\Programme\Logitech\SetPointP\SetPoint.exe /launchGaming
"IAAnotif" - "Intel Corporation" - "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Norton Ghost 12.0" - "Symantec Corporation" - "C:\Programme\Norton Ghost\Agent\VProTray.exe"
"NSCSysTrayUI" - "Samsung" - "C:\Programme\Samsung\NetworkScan\NSCSysTrayUI.exe" /HIDEUI
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
"Share-to-Web Namespace Daemon" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"SpeechExec Startup" - "Philips Austria GmbH - Speech Processing" - C:\Programme\Gemeinsame Dateien\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"TrueImageMonitor.exe" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\windows\system32\FritzColorPort.dll
"FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\windows\system32\FritzPort.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\windows\system32\mdimon.dll
"PDFCreator" - ? - C:\windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"SmarThru PC Fax Port" - ? - C:\windows\system32\SamFaxPort.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - D:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"cyberJack PC/SC COM Service " (cjpcsc) - "REINER SCT" - C:\WINDOWS\system32\cjpcsc.exe
"DataSvr" (DataSvr) - ? - "C:\Programme\Wave Systems Corp\Common\DataServer.exe"  (File not found)
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"DirectUpdate-Service" (DirectUpdate) - "WildUP" - d:\Programme\DirectUpdate v4\DUEngine.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9b8f867f13612)" (gupdate1c9b8f867f13612) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Marvell RAID Event Agent" (Marvell RAID) - ? - C:\Programme\Marvell\61xx\svc\mvraidsvc.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
"MRU Web Service" (MRUWebService) - "Apache Software Foundation" - C:\Programme\Marvell\61xx\Apache2\bin\Apache.exe
"NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"Norton Ghost" (Norton Ghost) - "Symantec Corporation" - C:\Programme\Norton Ghost\Agent\VProSvc.exe
"NTRU Hybrid TSS v1.05 TCSD" (tcsd_win32.exe) - ? - C:\Programme\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"OmniForm Printer" (OmniForm Printer) - ? - C:\WINDOWS\system32\ofps.exe  (File found, but it contains no detailed information)
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Programme\WinPcap\rpcapd.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\windows\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\windows\System32\TuneUpDefragService.exe
"TuneUp Program Statistics Service" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\windows\System32\TUProgSt.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
"WgaLogon" - "Microsoft Corporation" - C:\windows\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
... und MBR ...

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Professional
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x000007bd

Kernel Drivers (total 159):
  0x804D7000 \windows\system32\ntkrnlpa.exe
  0x806E5000 \windows\system32\hal.dll
  0xF7B82000 \windows\system32\KDCOM.DLL
  0xF7A92000 \windows\system32\BOOTVID.dll
  0xF7552000 ACPI.sys
  0xF7B84000 \windows\system32\DRIVERS\WMILIB.SYS
  0xF7541000 pci.sys
  0xF7682000 isapnp.sys
  0xF7692000 ohci1394.sys
  0xF76A2000 \windows\system32\DRIVERS\1394BUS.SYS
  0xF7C4A000 pciide.sys
  0xF7902000 \windows\system32\DRIVERS\PCIIDEX.SYS
  0xF76B2000 MountMgr.sys
  0xF7522000 ftdisk.sys
  0xF7B86000 dmload.sys
  0xF74FC000 dmio.sys
  0xF790A000 PartMgr.sys
  0xF76C2000 VolSnap.sys
  0xF74E4000 atapi.sys
  0xF742C000 iaStor.sys
  0xF7415000 mv61xx.sys
  0xF73FD000 \windows\system32\drivers\SCSIPORT.SYS
  0xF76D2000 disk.sys
  0xF76E2000 \windows\system32\DRIVERS\CLASSPNP.SYS
  0xF73DD000 fltmgr.sys
  0xF73CB000 sr.sys
  0xF76F2000 PxHelp20.sys
  0xF73AC000 symsnap.sys
  0xF7395000 KSecDD.sys
  0xF7308000 Ntfs.sys
  0xF72DB000 NDIS.sys
  0xF727B000 timntr.sys
  0xF7912000 stm_tpm.sys
  0xF7260000 snapman.sys
  0xF7246000 Mup.sys
  0xF7772000 \SystemRoot\system32\DRIVERS\SMBios.sys
  0xF7792000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF60CD000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
  0xF60B9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF6091000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF6051000 \SystemRoot\system32\DRIVERS\e1e5132.sys
  0xF7A2A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF602D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7A32000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF5FA7000 \SystemRoot\system32\DRIVERS\fpcibase.sys
  0xF77A2000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF7A3A000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xF5F93000 \SystemRoot\system32\DRIVERS\parport.sys
  0xF77B2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF77C2000 \SystemRoot\system32\DRIVERS\L8042mou.Sys
  0xF5F81000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
  0xF7A42000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF6EEA000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
  0xF7A52000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF77D2000 \SystemRoot\system32\DRIVERS\serial.sys
  0xF6EE6000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xF77E2000 \SystemRoot\System32\Drivers\AFS2K.SYS
  0xF77F2000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF7802000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF5F5E000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7A5A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF7812000 \SystemRoot\system32\DRIVERS\AVMCOWAN.sys
  0xF7BBC000 \SystemRoot\System32\Drivers\RootMdm.sys
  0xF7A62000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7D8B000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF63AF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF6EDE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF5F47000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF639F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF638F000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7A6A000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF5F36000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF637F000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7A72000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7A7A000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF5F06000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF636F000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7BBE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF5E80000 \SystemRoot\system32\DRIVERS\update.sys
  0xF71CD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF635F000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xAE6E9000 \SystemRoot\system32\drivers\sthda.sys
  0xAE6C5000 \SystemRoot\system32\drivers\portcls.sys
  0xF632F000 \SystemRoot\system32\drivers\drmk.sys
  0xF631F000 \SystemRoot\system32\drivers\sfng32.sys
  0xF6AF0000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7BC4000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF79F2000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xF7BF2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7D3E000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7BF4000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7A12000 \SystemRoot\System32\drivers\vga.sys
  0xF7BF6000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7BF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7A1A000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7A22000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF6EF6000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xAAABB000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xAAA62000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xAAA12000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xAA9EC000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF5EF2000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xAA9CA000 \SystemRoot\System32\drivers\afd.sys
  0xAC698000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF7A4A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xAA8FF000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xAC688000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xAA88F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xAC678000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xAC658000 \SystemRoot\System32\Drivers\Fips.SYS
  0xAE6AA000 \SystemRoot\System32\drivers\bizVSerialNT.sys
  0xAA7B1000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF7C04000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xACBB6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xAA93A000 \SystemRoot\system32\drivers\usbaudio.sys
  0xAC996000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xAC668000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xA77D5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xA7657000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xA61F6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xAA799000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0xA5730000 \SystemRoot\system32\DRIVERS\cjusb.sys
  0xA1DF2000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xA216C000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0xA0EA9000 \SystemRoot\System32\Drivers\dump_mv61xx.sys
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xA215C000 \SystemRoot\System32\drivers\Dxapi.sys
  0xA765F000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7D1A000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\ati2dvag.dll
  0xBF057000 \SystemRoot\System32\ati2cqag.dll
  0xBF0B1000 \SystemRoot\System32\atikvmag.dll
  0xBF101000 \SystemRoot\System32\atiok3x2.dll
  0xBF113000 \SystemRoot\System32\ati3duag.dll
  0xBF3DD000 \SystemRoot\System32\ativvaxx.dll
  0x9EC85000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0x9EC70000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xACB9E000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xAAA4E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA10B0000 \SystemRoot\System32\drivers\avmport.sys
  0xA1BEA000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xA31FD000 \SystemRoot\System32\Drivers\Aspi32.SYS
  0x9EBD4000 \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
  0xA5EA4000 \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys
  0xA5FDE000 \SystemRoot\System32\Drivers\LBeepKE.sys
  0x9EA88000 \SystemRoot\system32\DRIVERS\srv.sys
  0x9E433000 \SystemRoot\system32\drivers\wdmaud.sys
  0x9E9F8000 \SystemRoot\system32\drivers\sysaudio.sys
  0x9E4C0000 \SystemRoot\system32\drivers\npf.sys
  0xA19F8000 \SystemRoot\system32\DRIVERS\v2imount.sys
  0xACBE6000 \SystemRoot\System32\Drivers\TDTCP.SYS
  0x9D322000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xA0F4E000 \SystemRoot\system32\DRIVERS\wceusbsh.sys
  0x9BF4D000 \SystemRoot\System32\Drivers\HTTP.sys
  0x9E5C8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x9B46B000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 87):
      0 System Idle Process
      4 System
    1120 C:\WINDOWS\system32\smss.exe
    1332 csrss.exe
    1532 C:\WINDOWS\system32\winlogon.exe
    1612 C:\WINDOWS\system32\services.exe
    1624 C:\WINDOWS\system32\lsass.exe
    1828 C:\WINDOWS\system32\svchost.exe
    588 svchost.exe
    920 C:\WINDOWS\system32\svchost.exe
    1024 svchost.exe
    1188 svchost.exe
    1404 C:\WINDOWS\system32\spoolsv.exe
    1452 scardsvr.exe
    1468 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1572 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
    1712 D:\PROGRAMME\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    1880 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1912 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2016 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    300 C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
    292 C:\Programme\Bonjour\mDNSResponder.exe
    336 C:\WINDOWS\system32\cjpcsc.exe
    620 D:\PROGRAMME\DirectUpdate v4\DUEngine.exe
    776 C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    800 C:\Programme\Java\jre6\bin\jqs.exe
    868 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    888 C:\Programme\Marvell\61xx\Apache2\bin\Apache.exe
    1060 C:\Programme\Google\Update\GoogleUpdate.exe
    1104 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
    1240 C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
    2240 C:\Programme\Marvell\61xx\Apache2\bin\Apache.exe
    3540 C:\Programme\Norton Ghost\Agent\VProSvc.exe
    3896 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2192 C:\WINDOWS\explorer.exe
    3440 C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3560 C:\Programme\Samsung\NetworkScan\NSCSysTrayUI.exe
    3568 C:\Programme\Norton Ghost\Agent\VProTray.exe
    3592 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    3628 C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
    3732 C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
    4016 C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
    368 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
    1484 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    4040 C:\WINDOWS\system32\svchost.exe
    2004 C:\Programme\Logitech\SetPointP\SetPoint.exe
    2252 C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
    3488 C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    1836 C:\WINDOWS\system32\TUProgSt.exe
    1988 C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    4200 C:\Programme\SweetIM\Messenger\SweetIM.exe
    4236 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    4276 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    4436 C:\Programme\iTunes\iTunesHelper.exe
    4508 C:\Programme\TeamViewer\Version5\TeamViewer.exe
    4548 C:\Programme\Microsoft ActiveSync\wcescomm.exe
    4684 C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
    4792 C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    4844 D:\PROGRAMME\DirectUpdate v4\DUControl.exe
    5104 D:\PROGRAMME\Noel Danjou\DynSite\DynSite.exe
    5144 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    5176 C:\WINDOWS\system32\ctfmon.exe
    5200 C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.exe
    5408 C:\Programme\FRITZ!\IWatch.exe
    5688 C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
    5756 C:\Programme\Windows Desktop Search\WindowsSearch.exe
    5876 C:\Programme\Netzmanager\netzmanager.exe
    5940 C:\WINDOWS\Seiko\slpcap.exe
    6036 C:\WINDOWS\system32\javaw.exe
    4772 wmiprvse.exe
    5568 C:\Programme\FRITZ!\FriFax32.exe
    4228 C:\WINDOWS\system32\wuauclt.exe
    5912 C:\WINDOWS\system32\svchost.exe
    6128 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    3324 C:\Programme\iPod\bin\iPodService.exe
    748 C:\WINDOWS\system32\searchindexer.exe
    4996 alg.exe
    5344 PresentationFontCache.exe
    5284 C:\Programme\Opera\opera.exe
    4468 C:\Programme\Microsoft ActiveSync\WCESMgr.exe
    6140 C:\WINDOWS\system32\svchost.exe
    3584 C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
    5228 C:\WINDOWS\system32\searchprotocolhost.exe
    3528 D:\PROGRAMME\RA2000\WINEXE\FMX_Client.Exe
    5192 C:\Dokumente und Einstellungen\Andreas\Desktop\MBRCheck.exe
    6512 C:\WINDOWS\system32\searchprotocolhost.exe
    6172 searchfilterhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000046`08fd3200  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600  (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000059`35b00000  (NTFS)
\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00  (FAT32)

PhysicalDrive0 Model Number: MARVELLRaid LD 0, Rev: 1.01
PhysicalDrive1 Model Number: SAMSUNGHD753LJ, Rev: 1113
PhysicalDrive2 Model Number: WD5000AAKB Externa, Rev: l108

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0  RE: Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
    698 GB  \\.\PhysicalDrive1  RE: Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    465 GB  \\.\PhysicalDrive2  RE: Unknown MBR code
            SHA1: 2109F29445E77C0BCB56987F39830EB288D04575


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Gruß
Aehndiehmähn

cosinus 18.11.2010 18:28
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Aehndiehmähn 18.11.2010 22:13
ööööhm - sorry, wenn ich nachfrage ... dasselbe also nochmal?

werd ich natürlih morgen früh machen , wenn ich nix anderes mitgeteilt bekomme ...

cosinus 18.11.2010 23:02
Ups, sry, hab mich verklickt :o

Das sollte gepostet werden => Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:36 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131