Hi Arne, hier das Log:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-08-18.04 - MeinPC 19.08.2010  18:47:14.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2046.1412 [GMT 2:00]
ausgeführt von:: d:\dokumente und einstellungen\MeinPC\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\jestertb.dll
d:\windows\system32\_000013_.tmp.dll
d:\windows\system32\svchost.exe.exe

Infizierte Kopie von d:\windows\system32\midimap.dll wurde gefunden und desinfiziert 
Kopie von - d:\windows\VistaMizer\old\midimap.dll wurde wiederhergestellt 

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-19 bis 2010-08-19  ))))))))))))))))))))))))))))))
.

2010-08-19 09:42 . 2010-08-19 09:42	--------	d-----w-	D:\_OTL
2010-08-18 17:39 . 2010-04-29 13:39	38224	----a-w-	d:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 17:39 . 2010-08-18 17:39	--------	d-----w-	d:\programme\Malwarebytes' Anti-Malware
2010-08-18 17:39 . 2010-04-29 13:39	20952	----a-w-	d:\windows\system32\drivers\mbam.sys
2010-08-13 20:23 . 2010-08-13 20:23	47364	----a-w-	d:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-10 20:01 . 2010-08-10 20:01	--------	d-----w-	d:\programme\Gemeinsame Dateien\fwc
2010-08-05 22:00 . 2010-08-05 22:00	--------	d-----w-	d:\programme\iPod
2010-08-03 11:47 . 2010-08-03 11:47	--------	d-----w-	d:\programme\Vista Anti-Lag
2010-07-31 16:03 . 2007-03-20 13:49	2781184	----a-w-	d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-07-28 10:29 . 2010-07-28 10:30	1555456	----a-w-	d:\windows\explorer.exe
2010-07-24 08:41 . 2010-06-14 14:31	744448	-c----w-	d:\windows\system32\dllcache\helpsvc.exe
2010-07-21 14:30 . 2010-07-21 14:30	73000	----a-w-	d:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 16:41 . 2009-10-23 15:02	--------	d-----w-	d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\Skype
2010-08-19 16:37 . 2009-06-06 13:06	--------	d-----w-	d:\programme\CCleaner
2010-08-19 14:09 . 2009-10-23 15:03	--------	d-----w-	d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\skypePM
2010-08-19 12:35 . 2010-06-23 20:22	--------	d-----w-	d:\programme\League of Legends
2010-08-18 16:58 . 2009-09-23 13:34	--------	d-----w-	d:\programme\Steam
2010-08-15 11:53 . 2009-08-05 21:07	--------	d-----w-	d:\programme\Mozilla Thunderbird
2010-08-12 13:14 . 2009-06-22 18:55	--------	d-----w-	d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\teamspeak2
2010-08-09 13:44 . 2009-06-21 18:03	--------	d-----w-	d:\programme\Gemeinsame Dateien\Blizzard Entertainment
2010-08-05 22:01 . 2010-07-01 09:25	--------	d-----w-	d:\programme\iTunes
2010-08-05 22:00 . 2009-09-09 19:40	--------	d-----w-	d:\programme\Gemeinsame Dateien\Apple
2010-07-28 16:13 . 2009-08-11 18:26	--------	d-----w-	d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\TeamViewer
2010-07-28 16:07 . 2009-08-11 18:26	--------	d-----w-	d:\programme\TeamViewer
2010-07-27 11:09 . 2009-10-17 17:50	--------	d-----w-	d:\dokumente und einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
2010-07-24 17:13 . 2010-07-05 02:09	--------	d-----w-	d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\vlc
2010-07-07 17:25 . 2009-05-01 11:38	22360	----a-w-	d:\dokumente und einstellungen\MeinPC\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-07-07 13:53 . 2009-05-01 11:40	--------	d--h--w-	d:\programme\InstallShield Installation Information
2010-07-07 13:53 . 2009-06-28 19:47	993	----a-w-	d:\windows\eReg.dat
2010-07-07 13:48 . 2010-07-07 13:48	--------	d-----w-	d:\programme\EA Games
2010-07-07 12:26 . 2010-07-07 12:25	--------	d-----w-	d:\programme\NVIDIA Corporation
2010-07-07 12:25 . 2010-07-07 12:25	--------	d-----w-	d:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-07-07 12:25 . 2010-07-07 12:25	217180	----a-w-	d:\windows\system32\nvdrsdb0.bin
2010-07-07 12:25 . 2010-07-07 12:25	1	----a-w-	d:\windows\system32\nvdrssel.bin
2010-07-07 12:25 . 2010-07-07 12:25	217180	----a-w-	d:\windows\system32\nvdrsdb1.bin
2010-07-06 21:34 . 2010-07-05 12:49	--------	d-----w-	d:\programme\Warcraft III
2010-07-05 21:41 . 2010-07-05 21:41	--------	d-sh--w-	d:\dokumente und einstellungen\All Users\Anwendungsdaten\SecuROM
2010-07-05 16:03 . 2010-07-05 12:51	22154	----a-w-	d:\windows\War3Unin.dat
2010-07-05 16:01 . 2010-07-05 16:01	--------	d-----w-	d:\programme\LogMeIn Hamachi
2010-07-05 13:46 . 2009-07-12 18:29	--------	d-----w-	d:\dokumente und einstellungen\All Users\Anwendungsdaten\Media Center Programs
2010-07-05 12:51 . 2010-07-05 12:51	2829	----a-w-	d:\windows\War3Unin.pif
2010-07-05 12:50 . 2010-07-05 12:50	126976	----a-w-	d:\windows\War3Unin.exe
2010-07-05 12:44 . 2010-07-05 12:44	--------	d-----w-	d:\programme\Smart Projects
2010-07-05 02:08 . 2010-07-05 02:08	--------	d-----w-	d:\programme\VideoLAN
2010-07-05 01:00 . 2010-07-01 18:12	--------	d-----w-	d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\uTorrent
2010-07-05 00:21 . 2004-08-04 12:00	81246	----a-w-	d:\windows\system32\perfc007.dat
2010-07-05 00:21 . 2004-08-04 12:00	452648	----a-w-	d:\windows\system32\perfh007.dat
2010-07-04 23:50 . 2010-07-04 23:50	--------	d-----w-	d:\programme\Microsoft Games for Windows - LIVE
2010-07-04 20:53 . 2010-07-01 18:22	--------	d-----w-	d:\programme\Movies
2010-07-01 18:18 . 2010-07-01 18:18	40445	----a-w-	d:\programme\uninstall.exe
2010-07-01 18:18 . 2010-07-01 18:18	--------	d-----w-	d:\programme\HELP
2010-07-01 18:12 . 2010-07-01 18:12	--------	d-----w-	d:\programme\uTorrent
2010-07-01 09:26 . 2010-07-01 09:25	--------	d-----w-	d:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-01 09:23 . 2009-12-22 13:05	--------	d-----w-	d:\programme\QuickTime
2010-07-01 09:21 . 2010-07-01 09:21	--------	d-----w-	d:\programme\Apple Software Update
2010-07-01 09:18 . 2009-12-22 13:06	--------	d-----w-	d:\programme\Bonjour
2010-06-26 14:30 . 2010-06-26 14:30	--------	d-----w-	d:\programme\Gemeinsame Dateien\Skype
2010-06-24 12:35 . 2010-06-24 12:35	--------	d-----w-	d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\LolClient
2010-06-23 18:04 . 2010-06-23 18:04	--------	d-----w-	d:\dokumente und einstellungen\All Users\Anwendungsdaten\PMB Files
2010-06-23 18:03 . 2010-06-23 18:03	--------	d-----w-	d:\programme\Pando Networks
2010-06-23 16:10 . 2010-01-20 17:27	--------	d-----w-	d:\programme\TeamSpeak 3 Client
2010-06-21 15:06 . 2010-06-21 14:46	--------	d-----w-	d:\programme\FL Studio 9
2010-06-14 14:31 . 2009-05-01 10:28	744448	----a-w-	d:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-07 23:57 . 2010-07-07 12:23	61440	----a-w-	d:\windows\system32\OpenCL.dll
2010-06-07 23:57 . 2010-07-07 12:23	2632296	----a-w-	d:\windows\system32\nvcuvenc.dll
2010-06-07 23:57 . 2010-07-07 12:23	2165352	----a-w-	d:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2010-07-07 12:23	15192064	----a-w-	d:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2010-07-07 12:23	4554752	----a-w-	d:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2010-07-07 12:23	232040	----a-w-	d:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2010-07-07 12:23	232040	----a-w-	d:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2010-07-07 12:23	2186342	----a-w-	d:\windows\system32\nvdata.bin
2010-06-07 23:57 . 2010-07-07 12:23	1359872	----a-w-	d:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2010-07-07 12:23	10256384	----a-w-	d:\windows\system32\nvcompiler.dll
2010-06-07 23:57 . 2009-05-01 15:37	6300544	----a-w-	d:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2009-05-01 15:33	10531200	----a-w-	d:\windows\system32\drivers\nv4_mini.sys
2010-05-22 15:12 . 2010-05-22 15:11	243310	----a-w-	D:\cc_20100522_171146.reg
2010-03-31 05:20 . 2010-03-31 05:20	156592	----a-w-	d:\programme\fraps64.dll
2010-03-31 05:20 . 2010-03-31 05:20	206768	----a-w-	d:\programme\fraps32.dll
2010-03-31 05:20 . 2010-03-31 05:20	74672	----a-w-	d:\programme\fraps64.dat
2010-03-31 05:20 . 2010-03-31 05:20	2340784	----a-w-	d:\programme\fraps.exe
2010-03-31 05:14 . 2010-03-31 05:14	163840	----a-w-	d:\programme\frapslcd.dll
2010-03-31 05:10 . 2010-03-31 05:10	19716	----a-w-	d:\programme\changes.txt
2010-03-31 04:56 . 2010-03-31 04:56	1872	----a-w-	d:\programme\README.HTM
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	d:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	d:\programme\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . d:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . F162D52EC8FEF363659AA6C667CE6989 . 724992 . . [5.82] . . d:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . F162D52EC8FEF363659AA6C667CE6989 . 724992 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . d:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-04 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . d:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2010-02-17 . 786F98EFD090AD93F03E3BD95FB68714 . 2192256 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 30A5FAA29014D7D165548B66BC783041 . 2405888 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2010-02-16 . 30A5FAA29014D7D165548B66BC783041 . 2405888 . . [5.1.2600.5938] . . d:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . 30A5FAA29014D7D165548B66BC783041 . 2405888 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . E1BD0FAFF2C1D0A825CBA97DCF0DDDAE . 2148864 . . [5.1.2600.5938] . . d:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2010-02-16 . 4456016C2FF1A8CCCAC8309C9B76E2F5 . 2192384 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-10 . A97847B2D30F4A299B35239D26BAD948 . 2191616 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . D4128AA197DD8F3120FC80008AB66CF7 . 2147840 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . CB7B03E38E9FE008A8B332020748AD2D . 2404864 . . [5.1.2600.5857] . . d:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe
[7] 2009-08-04 . 96D6882D49438D58B0DE0F7E8C8D241B . 2147840 . . [5.1.2600.5857] . . d:\windows\system32\VITrans\ntoskrnl.exe
[7] 2009-08-04 . 4B86421F2D85D9A4ECB06885C40B8EEB . 2191616 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AB44E2536F401A9AD471838E8C28DC38 . 2404864 . . [5.1.2600.5755] . . d:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-04-14 . 88077F757C6C793C33408D878B6E0F76 . 2147840 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2004-08-04 . C3EC5DD56E3EB15D80AF9FCEE030CABD . 2150912 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-14 . BF517C3FA60065DF6D97744648602957 . 589312 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . BF517C3FA60065DF6D97744648602957 . 589312 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . d:\windows\VistaMizer\old\user32.dll
[7] 2004-08-04 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\user32.dll

[-] 2010-07-28 . E36DF1443AC667E81FC1764DC3AD763E . 1555456 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . E36DF1443AC667E81FC1764DC3AD763E . 1555456 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . d:\windows\system32\VITrans\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . d:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-04 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . d:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 149CF402512520027FEC06A978D59801 . 1312256 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . 149CF402512520027FEC06A978D59801 . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[7] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . d:\windows\VistaMizer\old\ole32.dll
[7] 2004-08-04 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ole32.dll

[-] 2008-04-14 . 7270F0B822CB67F0C32BEF7FB00CA4D4 . 25088 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 7270F0B822CB67F0C32BEF7FB00CA4D4 . 25088 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . d:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2010-02-16 . 9F24D01B6027FED0423FD28F1055E3DD . 2069120 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . 93A00B3500C269113E20BF4379D1C22F . 2284032 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2010-02-16 . 93A00B3500C269113E20BF4379D1C22F . 2284032 . . [5.1.2600.5938] . . d:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 93A00B3500C269113E20BF4379D1C22F . 2284032 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . 1DFCBCFD1C9016C051BE6D7243459CCA . 2027008 . . [5.1.2600.5938] . . d:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2010-02-16 . CEE28C8C47E52F185F9F8F3A2E31880C . 2069248 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-10 . 2E72317A93EF61138E43DCF7CD423EDF . 2068480 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 1143EBE276EA80A88942A21613078088 . 2026496 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . C50ED62BB5CDC5AD4F3985ED39C6AE87 . 2068480 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 9AEA0FA72067F6966EB97982CAFA72B7 . 2283520 . . [5.1.2600.5857] . . d:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe
[7] 2009-08-04 . 1FF1F43613BA7510A5A975ED034EB8E0 . 2026496 . . [5.1.2600.5857] . . d:\windows\system32\VITrans\ntkrnlpa.exe
[-] 2009-02-09 . B3FE2F98DD72EE16CBC6D3B93146362A . 2283520 . . [5.1.2600.5755] . . d:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . FEFB3BDA35CF469809B0C89AB6833AFC . 2026496 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2004-08-04 . F8D35488D41B19A306A454FFC0ED0336 . 2017792 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLAN Optimizer"="d:\dokumente und einstellungen\MeinPC\Desktop\WLAN Optimizer.exe" [2009-08-07 109056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"SunJavaUpdateSched"="d:\programme\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Diamondback"="d:\programme\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"Launch LgDevAgt"="d:\programme\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"Launch LGDCore"="d:\programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"StartCCC"="d:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="d:\programme\QuickTime\QTTask.exe" [2010-03-18 421888]
"LogMeIn Hamachi Ui"="d:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10	35696	----a-w-	d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 09:49	49152	----a-w-	d:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:52	25088	----a-w-	d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG DWL-G122]
2008-01-02 10:04	1552384	----a-w-	d:\programme\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53	141608	----a-w-	d:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12	3872080	----a-w-	d:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12	26192168	----a-r-	d:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-02 12:09	1238352	----a-w-	d:\programme\Steam\steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programme\\Steam\\SteamApps\\grandnic1\\counter-strike source\\hl2.exe"=
"d:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Programme\\Steam\\SteamApps\\grandnic1\\half-life 2 deathmatch\\hl2.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\Java\\jre6\\bin\\java.exe"=
"d:\\Programme\\Steam\\Steam.exe"=
"d:\\Programme\\Steam\\steamapps\\faridbang1991\\counter-strike source\\hl2.exe"=
"d:\\Programme\\Steam\\steamapps\\faridbang1991\\counter-strike\\hl.exe"=
"d:\\Programme\\Steam\\steamapps\\deluxe4ever23\\source sdk base 2007\\hl2.exe"=
"d:\\Programme\\Steam\\steamapps\\deluxe4ever23\\insurgency\\hl2.exe"=
"d:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Programme\\Steam\\steamapps\\deluxe4ever23\\source dedicated server\\srcds.exe"=
"d:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"d:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Programme\\League of Legends\\Air\\LolClient.exe"=
"d:\\Programme\\League of Legends\\Game\\League of Legends.exe"=
"d:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\uTorrent\\uTorrent.exe"=
"d:\\Programme\\Steam\\steamapps\\deluxe4ever23\\counter-strike\\hl.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\red faction guerrilla\\rfg_launcher.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\red faction guerrilla\\rfg.exe"=
"d:\\Programme\\Warcraft III\\Warcraft III.exe"=
"d:\\Programme\\Warcraft III\\War3.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Programme\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\World of Warcraft\\Launcher.exe"=
"c:\\StarCraft II\\StarCraft II.exe"=
"d:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"d:\\Programme\\iTunes\\iTunes.exe"=
"d:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"56748:TCP"= 56748:TCP:Pando Media Booster
"56748:UDP"= 56748:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6942:TCP"= 6942:TCP:League of Legends Launcher
"6942:UDP"= 6942:UDP:League of Legends Launcher
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
"5883:TCP"= 5883:TCP:qlfzgim
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher

R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [04.10.2009 16:45 135336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\programme\LogMeIn Hamachi\hamachi-2.exe [30.03.2010 11:16 1107336]
R3 cmudau32;C-Media USB UDA Sound Interface;d:\windows\system32\drivers\cmudaxu.sys [05.05.2009 16:03 1414528]
R3 Razerlow;Diamondback 3G USB Filter Driver;d:\windows\system32\drivers\DB3G.sys [01.09.2009 12:29 13225]
S2 gupdate1ca0a43d3fac66;Google Update Service (gupdate1ca0a43d3fac66);"d:\programme\Google\Update\GoogleUpdate.exe" /svc --> d:\programme\Google\Update\GoogleUpdate.exe [?]
S2 wwskc;Task Network;d:\windows\system32\svchost.exe -k netsvcs [04.08.2004 14:00 14336]
S3 avmeject;AVM Eject;d:\windows\system32\drivers\avmeject.sys [05.07.2010 02:18 4352]
S3 FWLANUSB;AVM FRITZ!WLAN;d:\windows\system32\drivers\fwlanusb.sys [05.07.2010 02:17 265088]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
wwskc
.
Inhalt des "geplante Tasks" Ordners

2010-07-01 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - d:\dokumente und einstellungen\MeinPC\Anwendungsdaten\Mozilla\Firefox\Profiles\t9h5toww.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: d:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: d:\programme\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-CmUsbSound - cmcnfgu.cpl
MSConfigStartUp-CmUsbSound - cmcnfgu.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-19 18:59
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1343024091-1060284298-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e0,92,98,78,82,ed,09,76,58,98,d2,4d,65,39,75,e1,36,16,7e,33,98,81,f6,
   0c,ea,02,5f,3e,2f,e2,3b,6d,25,1f,19,e4,85,6b,87,93,e3,0e,4b,9b,c4,45,62,ac,\
"??"=hex:ed,64,b7,4b,d8,82,fd,d4,69,8e,e3,43,f8,8a,33,ca

[HKEY_USERS\S-1-5-21-1343024091-1060284298-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:ff,bf,6a,09,79,e2,c5,6b,0f,0b,40,2a,cb,71,92,7f,dc,2e,34,76,dc,
   26,f3,e7,91,ac,da,fc,7f,e2,b6,10,f8,b7,2c,ea,99,cf,8d,d5,15,b6,fe,1a,a9,58,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040211900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(900)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\atiadlxx.dll
d:\windows\system32\cscui.dll
d:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(956)
d:\windows\system32\wdigest.dll
d:\windows\system32\setupapi.dll
d:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(3924)
d:\windows\system32\SHDOCVW.dll
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\LINKINFO.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\MSVCP60.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\stobject.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\windows\system32\nvsvc32.exe
d:\programme\Avira\AntiVir Desktop\avguard.exe
d:\programme\Avira\AntiVir Desktop\avshadow.exe
d:\programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
d:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\programme\Bonjour\mDNSResponder.exe
d:\programme\Java\jre6\bin\jqs.exe
d:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\windows\system32\wbem\wmiapsrv.exe
d:\windows\system32\wscntfy.exe
d:\windows\RTHDCPL.EXE
d:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows\system32\RunDll32.exe
d:\windows\system32\RUNDLL32.EXE
d:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\programme\Razer\Diamondback 3G\razertra.exe
d:\programme\Razer\Diamondback 3G\razerofa.exe
d:\programme\iPod\bin\iPodService.exe
d:\programme\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-19  19:07:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-19 17:07

Vor Suchlauf: 11 Verzeichnis(se), 25.432.571.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 25.488.547.840 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Main Windows" /noexecute=optin /fastdetect

- - End Of File - - 97508C1593A847FA0A9C21DA026354E5
         

Gruß, hyper.

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Also, GMER hat sich leider mehrmals aufgehängt während dem Scan.

Hier das OSAM Log:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:31:23 on 19.08.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - D:\Programme\Apple Software Update\SoftwareUpdate.exe
-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----
"CScript" - "Microsoft Corporation" - D:\WINDOWS\System32\cscript.exe
"WScript" - "Microsoft Corporation" - D:\WINDOWS\System32\wscript.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"access.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\access.cpl
"appwiz.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\appwiz.cpl
"desk.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\desk.cpl
"diamondback.cpl" - "Razer Inc." - D:\WINDOWS\system32\diamondback.cpl
"hdwwiz.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\hdwwiz.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\infocardcpl.cpl
"intl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\intl.cpl
"irprops.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\irprops.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - D:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\javacpl.cpl
"joy.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\joy.cpl
"main.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\main.cpl
"mmsys.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\mmsys.cpl
"ncpa.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\ncpa.cpl
"nusrmgr.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\nusrmgr.cpl
"odbccp32.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\odbccp32.cpl
"PhysX.cpl" - ? - D:\WINDOWS\system32\PhysX.cpl
"powercfg.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\powercfg.cpl
"sysdm.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\sysdm.cpl
"telephon.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\telephon.cpl
"timedate.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\timedate.cpl
"wscui.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\wscui.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Version Cue CS3" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Pando" - "Pando Networks" - D:\Programme\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - D:\Programme\QuickTime\QTSystem\QuickTime.cpl
"Speech" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ANIO Service" (ANIO) - "Alpha Networks Inc." - D:\WINDOWS\system32\ANIO.SYS
"atksgt" (atksgt) - ? - D:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - D:\WINDOWS\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - D:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - D:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - D:\WINDOWS\gdrv.sys
"giveio" (giveio) - ? - D:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - D:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - D:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"mbr" (mbr) - ? - D:\DOKUME~1\MeinPC\LOKALE~1\Temp\mbr.sys  (File not found)
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - D:\WINDOWS\System32\Drivers\PxHelp20.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - D:\WINDOWS\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - D:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - D:\WINDOWS\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - D:\WINDOWS\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - D:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - D:\WINDOWS\System32\drivers\prohlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - D:\WINDOWS\System32\drivers\sfsync02.sys
"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - D:\WINDOWS\System32\drivers\prosync1.sys
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - D:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - D:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - D:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - D:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - D:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - D:\WINDOWS\system32\itss.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - D:\WINDOWS\system32\itss.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - D:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - "Microsoft Corporation" - D:\Programme\Outlook Express\wabfind.dll
{7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - D:\WINDOWS\system32\syncui.dll
{91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - D:\WINDOWS\system32\wuaucpl.cpl
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - D:\WINDOWS\system32\shimgvw.dll
{F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - D:\WINDOWS\system32\netplwiz.dll
{add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - D:\WINDOWS\system32\netplwiz.dll
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - D:\WINDOWS\system32\zipfldr.dll
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - D:\WINDOWS\system32\zipfldr.dll
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - D:\WINDOWS\system32\zipfldr.dll
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - D:\WINDOWS\system32\deskmon.dll
{42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - D:\WINDOWS\system32\deskadp.dll
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - D:\WINDOWS\system32\appwiz.cpl
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - ? -   (File not found | COM-object registry key not found)
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - D:\WINDOWS\system32\nvcpl.dll
{62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - D:\WINDOWS\system32\dsuiext.dll
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - D:\WINDOWS\system32\dsquery.dll
{0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - D:\WINDOWS\system32\dsuiext.dll
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - D:\WINDOWS\system32\dsquery.dll
{F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - D:\WINDOWS\system32\dsquery.dll
{f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - D:\WINDOWS\system32\deskperf.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - D:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - D:\WINDOWS\system32\photowiz.dll
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - D:\WINDOWS\system32\mmsys.cpl
{59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - D:\WINDOWS\system32\diskcopy.dll
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - D:\WINDOWS\System32\mmcshext.dll
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - D:\WINDOWS\system32\shimgvw.dll
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - D:\WINDOWS\system32\mstask.dll
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - D:\WINDOWS\system32\shimgvw.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - D:\WINDOWS\system32\hticons.dll
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - D:\WINDOWS\system32\icmui.dll
{675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - D:\WINDOWS\system32\icmui.dll
{5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - D:\WINDOWS\System32\icmui.dll
{176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - D:\WINDOWS\system32\icmui.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - D:\WINDOWS\system32\appwiz.cpl
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Programme\iTunes\iTunesMiniPlayer.dll
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - "Microsoft Corporation" - D:\WINDOWS\system32\cabview.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{00BB2763-6A77-11D0-A535-00C04FD7D062} "Microsoft AutoComplete" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft Datenverknüpfung" - ? -   (File not found | COM-object registry key not found)
{7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - D:\WINDOWS\system32\dskquoui.dll
{63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - D:\WINDOWS\system32\msieftp.dll
{00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - D:\WINDOWS\system32\mydocs.dll
{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - D:\WINDOWS\system32\mydocs.dll
{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - D:\WINDOWS\system32\mydocs.dll
{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - D:\WINDOWS\system32\NETSHELL.dll
{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - D:\WINDOWS\system32\NETSHELL.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - D:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - ? -   (File not found | COM-object registry key not found)
{10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - D:\WINDOWS\System32\cscui.dll
{750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - D:\WINDOWS\System32\cscui.dll
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - D:\WINDOWS\System32\cscui.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - D:\WINDOWS\system32\netplwiz.dll
{41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - D:\WINDOWS\system32\themeui.dll
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - D:\WINDOWS\system32\wpdshext.dll
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - D:\WINDOWS\system32\wpdshext.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - D:\WINDOWS\system32\Audiodev.dll
{D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - D:\WINDOWS\system32\remotepg.dll
{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - D:\WINDOWS\system32\wiashext.dll
{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - D:\WINDOWS\system32\wiashext.dll
{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - D:\WINDOWS\system32\wiashext.dll
{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - D:\WINDOWS\system32\wiashext.dll
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - D:\WINDOWS\system32\wiashext.dll
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - D:\WINDOWS\system32\mstask.dll
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - D:\WINDOWS\system32\mstask.dll
{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - D:\WINDOWS\system32\fontext.dll
{D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - D:\WINDOWS\system32\sendmail.dll
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - D:\WINDOWS\system32\sendmail.dll
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - D:\WINDOWS\system32\appwiz.cpl
{0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - D:\WINDOWS\system32\shimgvw.dll
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - D:\WINDOWS\system32\shimgvw.dll
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - D:\WINDOWS\system32\shimgvw.dll
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - D:\WINDOWS\system32\dsquery.dll
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - D:\WINDOWS\system32\shscrap.dll
{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - D:\WINDOWS\system32\printui.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - D:\WINDOWS\system32\ntshrui.dll
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - D:\WINDOWS\system32\ntshrui.dll
{59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - D:\WINDOWS\system32\ntlanui2.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - D:\WINDOWS\system32\netplwiz.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - D:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - "Microsoft Corporation" - D:\WINDOWS\system32\shell32.dll
{acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - "Microsoft Corporation" - D:\WINDOWS\system32\upnpui.dll
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - D:\WINDOWS\system32\netplwiz.dll
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - D:\WINDOWS\system32\shimgvw.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - D:\WINDOWS\system32\shell32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - D:\WINDOWS\system32\SHELL32.dll
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - D:\WINDOWS\system32\stobject.dll
{e57ce738-33e8-4c51-8354-bb4de9d215d1} "UPnP Tray Monitor" - "Microsoft Corporation" - D:\WINDOWS\system32\upnpui.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - D:\WINDOWS\system32\webcheck.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - D:\WINDOWS\system32\shdocvw.dll
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - D:\WINDOWS\system32\SHELL32.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Adresse" - "Microsoft Corporation" - D:\WINDOWS\system32\browseui.dll
<binary data> "&Links" - "Microsoft Corporation" - D:\WINDOWS\system32\SHELL32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - D:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{1E3F1348-4370-4BBE-A67A-CC7ED824CA85} "Microsoft Genuine Advantage Self Support Tool" - "Microsoft Corporation" - D:\WINDOWS\system32\SelfHelpControl.DLL / hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - D:\WINDOWS\system32\OGACheckControl.DLL / hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - D:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - D:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{353e2a48-6254-4bd3-88f4-3b51a0ca7870} "COMPUTERBILD-Abzockschutz" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{2e250b90-0e7a-42a3-9d65-e39f9f227fa4} "CBAbzockschutz.InitToolbarBHO" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
{E5A1691B-D188-4419-AD02-90002030B8EE} "{E5A1691B-D188-4419-AD02-90002030B8EE}" - ? -   (File not found | COM-object registry key not found)

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"comdlg32" - "Microsoft Corporation" - D:\WINDOWS\system32\comdlg32.dll
"ole32" - "Microsoft Corporation" - D:\WINDOWS\system32\ole32.dll
"shell32" - "Microsoft Corporation" - D:\WINDOWS\system32\shell32.dll
"url" - "Microsoft Corporation" - D:\WINDOWS\system32\url.dll
"user32" - "Microsoft Corporation" - D:\WINDOWS\system32\user32.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Microsoft Corporation" - D:\WINDOWS\system32\digest.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\MeinPC\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ctfmon.exe" - "Microsoft Corporation" - D:\WINDOWS\system32\ctfmon.exe
"WLAN Optimizer" - "none" - D:\Dokumente und Einstellungen\MeinPC\Desktop\WLAN Optimizer.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - D:\WINDOWS\Explorer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe_ID0EYTHM" - "Adobe Systems Incorporated" - D:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Diamondback" - ? - D:\Programme\Razer\Diamondback 3G\razerhid.exe
"iTunesHelper" - "Apple Inc." - "D:\Programme\iTunes\iTunesHelper.exe"
"Launch LGDCore" - "Logitech Inc." - "D:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
"Launch LgDevAgt" - "Logitech Inc." - "D:\Programme\Logitech\GamePanel Software\LgDevAgt.exe"
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task" - "Apple Inc." - "D:\Programme\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "D:\Programme\Java\jre6\bin\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - D:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ablagemappe" (ClipSrv) - "Microsoft Corporation" - D:\WINDOWS\system32\clipsrv.exe
"Adobe Version Cue CS3" (Adobe Version Cue CS3) - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
"ANIWZCSd Service" (ANIWZCSdService) - "Wireless Service" - D:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
"Anwendungsverwaltung" (AppMgmt) - ? - D:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - D:\Programme\Bonjour\mDNSResponder.exe
"Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - D:\WINDOWS\system32\msdtc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - D:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - ? - "D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe"  (File not found)
"Google Update Service (gupdate1ca0a43d3fac66)" (gupdate1ca0a43d3fac66) - ? - "D:\Programme\Google\Update\GoogleUpdate.exe" /svc  (File not found)
"HID Input Service" (HidServ) - ? -  D:\WINDOWS\System32\hidserv.dll  (File not found)
"iPod-Dienst" (iPod Service) - "Apple Inc." - D:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jqs.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - D:\Programme\LogMeIn Hamachi\hamachi-2.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - D:\WINDOWS\system32\mnmsrvc.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - D:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Task Network" (wwskc) - ? - D:\WINDOWS\system32\budldelt.dll  (File not found)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Installer" (MSIServer) - "Microsoft Corporation" - D:\WINDOWS\system32\msiexec.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Microsoft Corporation" - D:\WINDOWS\system32\WINDOW~1.SCR
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - D:\WINDOWS\system32\LogonUI.EXE
"VmApplet" - "Microsoft Corporation" - D:\WINDOWS\system32\sysdm.cpl
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - D:\WINDOWS\System32\cscui.dll
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"cscdll" - "Microsoft Corporation" - D:\WINDOWS\system32\cscdll.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - D:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Da ich von dem Bootscan dingsda kein Log finden konnte habe ich einfach einen Screen von dem CMD Fenster gemacht, sieht ja ned so doll aus aber sieh selbst. (Screen im Anhang)

MfG

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

• Doppelklick auf die MBRCheck.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Das Tool braucht nur eine Sekunde.
• Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Code: Alles auswählenAufklappen

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000007d

Kernel Drivers (total 131):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x80723000 \WINDOWS\system32\hal.dll
  0xB85A8000 \WINDOWS\system32\KDCOM.DLL
  0xB84B8000 \WINDOWS\system32\BOOTVID.dll
  0xB7F78000 ACPI.sys
  0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB7F67000 pci.sys
  0xB80A8000 isapnp.sys
  0xB8670000 pciide.sys
  0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xB80B8000 MountMgr.sys
  0xB7F48000 ftdisk.sys
  0xB8330000 PartMgr.sys
  0xB80C8000 sfsync02.sys
  0xB80D8000 VolSnap.sys
  0xB7F30000 atapi.sys
  0xB80E8000 disk.sys
  0xB80F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB7F10000 fltmgr.sys
  0xB7EFE000 sr.sys
  0xB8108000 PxHelp20.sys
  0xB7EE7000 KSecDD.sys
  0xB7E5A000 Ntfs.sys
  0xB7E2D000 NDIS.sys
  0xB85AC000 speedfan.sys
  0xB8338000 sfhlp02.sys
  0xB85AE000 sfhlp01.sys
  0xB7E1C000 sfdrv01.sys
  0xB85B0000 prosync1.sys
  0xB7E04000 \WINDOWS\System32\drivers\SCSIPORT.SYS
  0xB7DE8000 prohlp02.sys
  0xB7DCE000 Mup.sys
  0xB8671000 giveio.sys
  0xB82C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB6E1D000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB6E09000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB6DE1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xB6DC7000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
  0xB8428000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB6DA3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xB8430000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB8438000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xB82F8000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB85A0000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xB6D8F000 \SystemRoot\system32\DRIVERS\parport.sys
  0xB8308000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB8318000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xB8138000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB6D6C000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB8448000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xB878A000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB8148000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB7DA6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB6D55000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB8158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB8168000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xB8450000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB6D44000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB8178000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB8458000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB8460000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB8468000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0xB8188000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB8470000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB8478000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xB85E4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB6CE6000 \SystemRoot\system32\DRIVERS\update.sys
  0xB7D9A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB8198000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB4745000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xB4721000 \SystemRoot\system32\drivers\portcls.sys
  0xB81A8000 \SystemRoot\system32\drivers\drmk.sys
  0xB81C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xB8608000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB8348000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xB860A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xB8724000 \SystemRoot\System32\Drivers\Null.SYS
  0xB860C000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB8370000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xB8378000 \SystemRoot\System32\drivers\vga.sys
  0xB860E000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xB8610000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB8380000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB8388000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB8580000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB45FE000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB45A5000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xB457D000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB4557000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xB4535000 \SystemRoot\System32\drivers\afd.sys
  0xB81F8000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xB8208000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB8390000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xB450A000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xB44CE000 \SystemRoot\System32\drivers\prodrv06.sys
  0xB445E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xB8218000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB443C000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xB8614000 \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xB4418000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xB43A7000 \SystemRoot\system32\DRIVERS\Dr71WU.sys
  0xB854C000 \SystemRoot\System32\Drivers\DB3G.sys
  0xB8550000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB8248000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xB83B0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xB8558000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xB4225000 \SystemRoot\system32\drivers\cmudaxu.sys
  0xB4655000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xB420D000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xB8624000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB464D000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB83B8000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xB87C0000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xB3E7F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xB3E5F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB3B32000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB3A2D000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB3CE7000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB8642000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB83D8000 \??\D:\WINDOWS\system32\ANIO.SYS
  0xB3647000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xB84A8000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xB317A000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB379D000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB25B5000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB16D1000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
       0 System Idle Process
       4 System
     664 D:\WINDOWS\system32\smss.exe
     872 csrss.exe
     896 D:\WINDOWS\system32\winlogon.exe
     940 D:\WINDOWS\system32\services.exe
     952 D:\WINDOWS\system32\lsass.exe
    1132 D:\WINDOWS\system32\nvsvc32.exe
    1216 D:\WINDOWS\system32\svchost.exe
    1272 svchost.exe
    1416 D:\WINDOWS\system32\svchost.exe
    1484 svchost.exe
    1672 svchost.exe
    1924 D:\WINDOWS\system32\spoolsv.exe
    1964 D:\Programme\Avira\AntiVir Desktop\sched.exe
    1980 D:\Programme\Avira\AntiVir Desktop\avguard.exe
     144 svchost.exe
     416 D:\Programme\Avira\AntiVir Desktop\avshadow.exe
    1368 D:\WINDOWS\explorer.exe
    1452 D:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    1656 D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1640 D:\Programme\Bonjour\mDNSResponder.exe
    1768 D:\Programme\LogMeIn Hamachi\hamachi-2.exe
    1800 D:\Programme\Java\jre6\bin\jqs.exe
     484 D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    1736 D:\WINDOWS\RTHDCPL.exe
    1788 D:\Programme\Java\jre6\bin\jusched.exe
    1752 D:\Programme\Razer\Diamondback 3G\razerhid.exe
    1876 D:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
    1956 D:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    1332 D:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    1600 D:\Programme\Avira\AntiVir Desktop\avgnt.exe
    2108 D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
    2220 D:\Programme\iTunes\iTunesHelper.exe
    2228 D:\Dokumente und Einstellungen\MeinPC\Desktop\WLAN Optimizer.exe
    2236 D:\WINDOWS\system32\ctfmon.exe
    3992 D:\Programme\Razer\Diamondback 3G\razertra.exe
    4032 D:\WINDOWS\system32\wscntfy.exe
     788 D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    2348 D:\WINDOWS\system32\wbem\wmiapsrv.exe
    2664 alg.exe
    3368 D:\Programme\Razer\Diamondback 3G\razerofa.exe
    3424 D:\Programme\Mozilla Firefox\firefox.exe
     644 D:\Programme\iPod\bin\iPodService.exe
    3956 D:\Programme\Java\jre6\bin\jucheck.exe
    4012 D:\WINDOWS\system32\svchost.exe
    1824 D:\Programme\Windows Live\Messenger\msnmsgr.exe
    2000 D:\Programme\Windows Live\Contacts\wlcomm.exe
    1680 D:\Programme\League of Legends\lol.launcher.exe
    3048 D:\Programme\League of Legends\Air\LolClient.exe
    3472 D:\Dokumente und Einstellungen\MeinPC\Desktop\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`4c130200  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000039`3e828400  (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JD-00HBB0, Rev: 08.02D08

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!
         

Ohje Ohje

Zitat:

232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

MBR ist ok

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf .
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Also ich hoffe das es jetzt geht.
Zunächst, ich kann leider kein Extra.txt liefern da es selbst nach mehrmaligem scannen nicht gemacht wurde, hab beim letzten mal auch Extra Registry SafeList angekreuzt aber trotzdem nichts
Also das OTL.txt ist im Anhang..
Und was mich noch interessieren würde, hab ich jetzt eigentlich einen Virus oder suchen wir nur danach?^^

MfG Hyper

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
SRV - (wwskc) -- D:\WINDOWS\System32\budldelt.dll File not found
NetSvcs: wwskc - D:\WINDOWS\System32\budldelt.dll File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Hi, hier das Log:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Service wwskc stopped successfully!
Service wwskc deleted successfully!
File  D:\WINDOWS\System32\budldelt.dll File not found not found.
wwskc removed from NetSvcs value successfully!
========== COMMANDS ==========
D:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: MeinPC
->Temp folder emptied: 221763667 bytes
->Temporary Internet Files folder emptied: 2667910 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38510686 bytes
->Flash cache emptied: 565 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 31621632 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56038 bytes
RecycleBin emptied: 330278777 bytes
 
Total Files Cleaned = 596,00 mb
 
 
OTL by OldTimer - Version 3.2.10.0 log created on 08212010_132001

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

MfG!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hi, hier Malwarebytes:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4462

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.08.2010 21:16:56
mbam-log-2010-08-22 (21-16-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (D:\|)
Durchsuchte Objekte: 288805
Laufzeit: 1 Stunde(n), 6 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\WINDOWS\VistaMizer\reshacker.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Sollte eigentlich ein Fehlalarm sein da Vistamizer nur das Design von Windows XP ändert, habs aber trotzdem gelöscht, hoffe der Skin geht jetzt noch

Mhh bin wohl in der Menge untergegangen kann das sein?

Nö, ich warte auf das SUPERAntiSpyware Logfile!

Sorry das mit SUPERAntiSpyware hab ich überlesen

Hier das Log:

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/25/2010 at 09:02 PM

Application Version : 4.41.1000

Core Rules Database Version : 5404
Trace Rules Database Version: 3216

Scan type       : Complete Scan
Total Scan Time : 01:23:24

Memory items scanned      : 628
Memory threats detected   : 0
Registry items scanned    : 6340
Registry threats detected : 0
File items scanned        : 162141
File threats detected     : 2

Adware.Tracking Cookie
	D:\Dokumente und Einstellungen\MeinPC\Cookies\meinpc@atdmt[3].txt

Trojan.Agent/Gen-Nullo[Short]
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{EF226410-B055-45DF-8CAB-1EB8AB721915}\RP7\A0002407.EXE
         

MfG.

Hm, nur Überreste

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.