Kann Google nicht mehr aufrufen

cosinus · 13.09.2010, 12:05

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Krid · 13.09.2010, 13:49

Hier die Daten:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-12.04 - DK-Sport 13.09.2010  14:27:02.1.1 - FAT32x86
ausgeführt von:: c:\dokumente und einstellungen\DK-Sport\Desktop\CoFix.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\page
c:\dokumente und einstellungen\All Users\Anwendungsdaten\page\page.ico
c:\dokumente und einstellungen\All Users\Anwendungsdaten\page\page.URL
c:\dokumente und einstellungen\CanonBJC2100\b2508dex.exe
c:\dokumente und einstellungen\DK-Sport\Anwendungsdaten\ACD Systems\ACDSee\ImageDB.ddf
c:\programme\INSTALL.LOG
c:\windows\AutoRun.ini
c:\windows\Downloaded Program Files\setup.dll
c:\windows\winhelp.ini

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-13 bis 2010-09-13  ))))))))))))))))))))))))))))))
.

2010-09-13 10:53 . 2010-09-13 10:53	--------	d-----w-	C:\_OTL
2010-09-11 22:42 . 2010-09-11 22:42	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-09-11 22:41 . 2010-09-11 22:41	--------	d-----w-	c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Temp
2010-09-11 22:41 . 2010-09-11 22:41	--------	d-----w-	c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Deployment
2010-09-11 07:54 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 07:53 . 2010-09-11 07:54	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-09-11 07:53 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-11 07:15 . 2010-09-11 07:17	76704960	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-10 06:25 . 2001-10-28 15:42	116224	----a-w-	c:\windows\system32\PDFCMNNT.DLL
2010-09-10 06:25 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2010-09-10 06:25 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2010-09-10 06:25 . 2010-09-10 06:25	--------	d-----w-	c:\programme\PDFCreator
2010-09-10 06:25 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2010-09-09 17:05 . 2010-09-09 17:05	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-09-09 17:04 . 2010-09-09 17:05	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2010-09-09 17:04 . 2010-09-09 17:04	--------	d-----w-	c:\windows\system32\config\systemprofile\Anwendungsdaten\Application Updater
2010-08-28 12:30 . 2001-08-18 02:22	12288	----a-w-	c:\windows\system32\drivers\mouhid.sys
2010-08-28 12:30 . 2001-08-18 02:22	12288	----a-w-	c:\windows\system32\dllcache\mouhid.sys
2010-08-28 12:29 . 2008-04-13 18:45	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
2010-08-28 12:29 . 2008-04-13 18:45	10368	----a-w-	c:\windows\system32\dllcache\hidusb.sys
2010-08-26 18:32 . 2010-08-26 18:32	--------	d-----w-	c:\windows\Samsung
2010-08-26 18:32 . 2008-03-11 19:10	21776	----a-w-	c:\windows\system32\msxml2a.dll
2010-08-26 18:32 . 2010-03-09 11:34	157552	----a-w-	c:\windows\system32\spd__ci.exe
2010-08-26 18:32 . 2010-03-16 15:01	141680	----a-w-	c:\windows\system32\SUPDSvcA.dll
2010-08-26 18:32 . 2010-03-16 15:01	132464	----a-w-	c:\windows\system32\SUPDSvc.exe
2010-08-26 18:32 . 2010-03-16 15:00	260464	----a-w-	c:\windows\SUPDRun.exe
2010-08-26 18:32 . 2009-10-07 09:29	218112	----a-w-	c:\windows\system32\SIPDUtil.dll
2010-08-26 18:32 . 2008-06-04 13:53	26624	----a-w-	c:\windows\system32\spd__l.dll
2010-08-26 18:32 . 2007-06-27 07:56	19968	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\spd__pc.dll
2010-08-26 18:32 . 2010-03-25 07:49	282624	----a-w-	c:\windows\system32\DscPnt.dll
2010-08-26 18:32 . 2007-10-02 17:21	65536	----a-w-	c:\windows\system32\spd__ci.dll
2010-08-26 18:32 . 2010-08-26 18:32	--------	d-----w-	c:\programme\Samsung
2010-08-26 18:31 . 2010-08-26 18:31	--------	d-----w-	c:\temp\SamsungUniversalPrintDriver

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 08:40 . 2007-06-14 07:22	2828	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-09-02 16:45 . 2007-02-02 05:20	590600	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-11 21:31 . 2001-08-18 10:00	81130	----a-w-	c:\windows\system32\perfc007.dat
2010-08-11 21:31 . 2001-08-18 10:00	450314	----a-w-	c:\windows\system32\perfh007.dat
2010-08-10 12:41 . 2010-08-10 12:41	--------	d-----w-	c:\programme\ABBYY PDF Transformer 3.0
2010-08-10 12:41 . 2010-08-10 12:41	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\ABBYY
2010-08-10 12:41 . 2010-08-10 12:41	--------	d-----w-	c:\programme\Gemeinsame Dateien\ABBYY
2010-08-07 09:59 . 2010-07-11 07:20	0	----a-w-	c:\windows\brdfxspd.dat
2010-07-11 07:20 . 2010-07-11 07:20	50	----a-w-	c:\windows\system32\bridf08b.dat
2010-07-11 07:17 . 2010-07-11 07:17	10134	----a-r-	c:\dokumente und einstellungen\DK-Sport\Anwendungsdaten\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2010-06-30 12:28 . 2002-12-19 05:41	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-02-06 16:07	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2002-12-16 06:11	1852032	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-01-23 08:52	354304	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-08-18 10:00	80384	----a-w-	c:\windows\system32\iccvid.dll
2008-07-29 06:05 . 2009-06-11 12:48	3783672	----a-w-	c:\programme\mfc90u.dll
2010-09-10 06:18 . 2010-09-10 06:18	119808	----a-w-	c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-04-14 02:22 . 2002-12-19 05:41	551936	--sha-w-	c:\windows\system32\oleaut32.dll
2008-04-14 02:22 . 2001-08-18 10:00	84992	--sha-w-	c:\windows\system32\olepro32.dll
2008-04-14 02:22 . 2002-12-19 05:41	12288	--sha-w-	c:\windows\system32\regsvr32.exe
2008-04-14 02:22 . 2002-12-10 05:37	413696	--sha-w-	c:\windows\system32\msvcp60.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="c:\programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe" [2009-02-23 3508568]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Google Update"="c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2010-09-10 136176]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CommCenter"="c:\programme\RVS\WCOM\SYSTEM\ccui.exe" [2000-09-20 933929]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-03-28 98304]
"WireLessKeyboard"="c:\programme\Trust\Trust Keyboard 15036\StartAutorun.exe" [2005-11-30 94208]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Ashampoo HDD Control Guard"="c:\programme\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-02-16 3994456]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"StarMoneyRunEntry"="c:\programme\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe" [2010-08-24 57864]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-12 614400]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-10 30192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\
CommCenter.lnk - c:\windows\Installer\{23A11400-2D8E-11D4-AD5B-00E029170ABD}\RVSICO_CommCenter.exe [2004-6-14 28672]

c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\
CommCenter.lnk - c:\windows\Installer\{23A11400-2D8E-11D4-AD5B-00E029170ABD}\RVSICO_CommCenter.exe [2004-6-14 28672]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Verknpfung mit ISDNMO32.lnk - c:\monitor\ISDNMO32.EXE [2002-12-16 1117216]
VR-NetWorld Auftragsprfung.lnk - c:\programme\VR-NetWorld\vrtoolcheckorder.exe [2004-10-13 548864]
Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\
CommCenter.lnk - c:\windows\Installer\{23A11400-2D8E-11D4-AD5B-00E029170ABD}\RVSICO_CommCenter.exe [2004-6-14 28672]

c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\
CommCenter.lnk - c:\windows\Installer\{23A11400-2D8E-11D4-AD5B-00E029170ABD}\RVSICO_CommCenter.exe [2004-6-14 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=AvmSnd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\h:\0autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^CommCenter.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\CommCenter.lnk
backup=c:\windows\pss\CommCenter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digital Image Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Digital Image Monitor.lnk
backup=c:\windows\pss\Digital Image Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GENO lite ZV Fälligkeiten.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\GENO lite ZV Fälligkeiten.lnk
backup=c:\windows\pss\GENO lite ZV Fälligkeiten.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ImageFox.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ImageFox.lnk
backup=c:\windows\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office-Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office-Schnellstart.lnk
backup=c:\windows\pss\Microsoft Office-Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ScanPanel.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ScanPanel.lnk
backup=c:\windows\pss\ScanPanel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^DK-Sport^Startmenü^Programme^Autostart^FRITZ!DSL Startcenter.lnk]
path=c:\dokumente und einstellungen\DK-Sport\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
backup=c:\windows\pss\FRITZ!DSL Startcenter.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-12-27 14:02	550912	----a-w-	c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:50	1289000	----a-w-	c:\programme\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-11-10 18:11	176128	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	----a-w-	c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44	3883840	----a-w-	c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50	155648	----a-r-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
2002-04-11 09:47	176128	----a-w-	c:\programme\Microsoft IntelliPoint 4.1\Mouse\SETUP\MSH\Mouse\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-28 20:19	98304	----a-w-	c:\programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 07:07	827392	----a-w-	c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-01-20 07:48	47104	----a-w-	c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopHid]
2003-10-06 08:22	40960	----a-w-	c:\windows\StopHid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2005-11-04 13:05	90112	----a-w-	c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
2009-02-23 08:57	3508568	----a-w-	c:\programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"de_serv"=3 (0x3)
"InterBaseServer"=3 (0x3)
"InterBaseGuardian"=2 (0x2)
"srservice"=2 (0x2)
"SAVScan"=2 (0x2)
"MDM"=2 (0x2)
"hpzglue_service"=2 (0x2)
"gusvc"=2 (0x2)
"a2free"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SeaPort"=2 (0x2)
"LiveUpdate"=3 (0x3)
"idsvc"=3 (0x3)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"fsssvc"=3 (0x3)
"EPSON_PM_RPCV4_01"=2 (0x2)
"DfSdkS"=2 (0x2)
"AVM IGD CTRL Service"=2 (0x2)
"Automatisches LiveUpdate - Scheduler"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"c:\\Monitor\\ISDNMO32.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Programme\\StarMoney 7.0 S-Edition\\ouservice\\StarMoneyOnlineUpdate.exe"=
"c:\\Programme\\StarMoney 7.0 S-Edition\\app\\StarMoney.exe"=
"c:\\Programme\\StarMoney Business 4.0 Deutsche Bank Edition\\ouservice\\StarMoneyOnlineUpdate.exe"=
"c:\\Programme\\StarMoney Business 4.0 Deutsche Bank Edition\\app\\StarMoney.exe"=
"c:\\WINDOWS\\System32\\SUPDSvc.exe"=
"c:\\Programme\\VR-NetWorld\\VRNetWorld.exe"=
"c:\\WINLITE\\STARTEXE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [03.02.2009 12:46 39472]
R0 WDMCAPI;ISDN PCI CAPI;c:\windows\system32\drivers\WDMCAPI.sys [01.05.2004 08:34 587776]
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Lizenzierungsdienst;c:\programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [27.04.2009 10:17 759048]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [20.01.2010 07:46 337064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.01.2010 07:46 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [20.01.2010 07:46 405672]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [28.12.2009 19:06 59520]
R2 DfSdkS;Defragmentation-Service;c:\programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [28.12.2009 20:26 406016]
R2 Iprip;RIP-Überwachung;c:\windows\System32\svchost.exe -k netsvcs [18.08.2001 12:00 14336]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [20.02.2005 19:32 698368]
R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [29.11.2004 01:00 53632]
R3 fpcibase;FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [28.12.2009 18:44 537600]
R3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\drivers\Netfritz.sys [27.04.2004 17:58 334640]
R3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [01.05.2004 08:34 26112]
S2 CAPIRAS;CAPI 2.0 RAS driver;c:\windows\system32\drivers\CAPIRAS.SYS [08.06.2001 12:29 26624]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [06.05.2010 18:49 541192]
S2 StarMoney Business 4.0 OnlineUpdate;StarMoney Business 4.0 OnlineUpdate;c:\programme\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [20.06.2010 15:48 541192]
S3 ATWPKT;ATWPKT;c:\windows\system32\drivers\atwpkt.sys [10.12.2002 08:17 19140]
S3 AVMWAN;AVM NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [28.12.2009 18:44 29968]
S3 DVC;USB DVC Svc;c:\windows\system32\drivers\DVC.sys [07.08.2003 11:19 38401]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [13.07.2007 07:28 264704]
S3 FXUSBASE;Eumex 400 (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [29.11.2004 01:00 547968]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [10.09.2010 08:18 30192]
S3 mkusb;Mimaki Plotter USB Port Controller (mkusb.sys);c:\windows\system32\drivers\mkusb.sys [07.10.2009 16:09 34232]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [08.12.2002 09:45 24288]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [26.08.2010 20:32 132464]
S4 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S4 hpzglue_service;hpzglue_service;c:\windows\System32\hpzglu05.exe --> c:\windows\System32\hpzglu05.exe [?]
.
Inhalt des "geplante Tasks" Ordners

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-115176313-682003330-1004Core.job
- c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-09-10 06:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://banking.sparkasse-wittenberg.de/cgi/anfang.cgi
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: erima-online.com\www
TCP: {359E15E8-09F6-4CAD-8052-05AC533BFA9A} = 192.168.120.252,192.168.120.253
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0DF86CB3-1923-11D5-B470-0050BA1B3C6F} - hxxp://217.6.17.16/ConvisionVideo.cab
DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} - hxxps://img.web.de/v/fotoalbum/activex/upload_1111.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://62.131.75.242/webcl-10/wc_exec/setup.exe
FF - ProfilePath - c:\dokumente und einstellungen\DK-Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\fbl59lbs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://banking.sparkasse-wittenberg.de/cgi/anfang.cgi
FF - component: c:\dokumente und einstellungen\DK-Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\fbl59lbs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
HKLM-Run-PDFServiceEngine - c:\programme\PDF Suite\PDFServiceEngine.exe
HKU-Default-Run-SSS6_Suite - c:\programme\Steganos Security Suite 6\sss.exe
HKU-Default-Run-SSS6_SAFE - c:\programme\Steganos Security Suite 6\safe.exe
HKU-Default-Run-SSS6_SPM - c:\programme\Steganos Security Suite 6\spm.exe
MSConfigStartUp-GhostStartTrayApp - c:\programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
MSConfigStartUp-HP Component Manager - c:\programme\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
MSConfigStartUp-KONICA MINOLTA magicolor2300WStatusDisplay - c:\windows\system32\MSTMON_P.EXE
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
MSConfigStartUp-LogitechSoftwareUpdate - c:\programme\Logitech\Video\ManifestEngine.exe
MSConfigStartUp-LogitechVideoTray - c:\programme\Logitech\Video\LogiTray.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
MSConfigStartUp-Performance Center - c:\programme\Ascentive\Performance Center\ApcMain.exe
MSConfigStartUp-Skype - c:\programme\Skype\Phone\Skype.exe
MSConfigStartUp-SSC Service Utility - c:\dokume~1\DK-Sport\LOKALE~1\Temp\Rar$EX00.734\SSC Service Utility\ssc_serv.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-TkBellExe - c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-13 14:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\AvmSnd.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\AvmSnd.dll
c:\programme\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\AvmSnd.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Gemeinsame Dateien\AVM\de_serv.exe
c:\programme\Brother\ControlCenter3\brccMCtl.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\programme\RVS\WCOM\SYSTEM\RVSINST.EXE
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\programme\Brother\Brmfcmon\BrMfcmon.exe
c:\programme\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\fxssvc.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programme\RVS\WCOM\SYSTEM\ccsrv.exe
c:\programme\RVS\WCOM\SYSTEM\ccsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-13  14:40:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-13 12:40

Vor Suchlauf: 40 Verzeichnis(se), 78.948.335.616 Bytes frei
Nach Suchlauf: 57 Verzeichnis(se), 78.815.821.824 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - FB3B3FDCB0BCB285AD01A381CE44E3BC

--- --- ---

cosinus · 13.09.2010, 13:55

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Krid · 13.09.2010, 13:56

Hallo Arne,

zwei kleine Fragen am Rande.

IE8 fragt ob er sich zum standart machen soll. Was meinst du?

Outook Express will stänig komprmieren. Ich habe aber Bedenken, dass alle meine mails verloren gehen bzw sie nicht mehr in *Suchen* berücksichtigt werden. Das kann ich mir nicht leisten.

Gruß Dirk

cosinus · 13.09.2010, 14:07

Zitat:

IE8 fragt ob er sich zum standart machen soll. Was meinst du?

Natürlich nicht. Standardbrowser sollte Firefox oder Opera sein.

Zitat:

Outook Express will stänig komprmieren. Ich habe aber Bedenken, dass alle meine mails verloren gehen bzw sie nicht mehr in *Suchen* berücksichtigt werden. Das kann ich mir nicht leisten

Wieso sollten Mails verloren gehen?
Du solltest statt OE besser sowas wie Mozilla Thunderbird verwenden.

Krid · 13.09.2010, 14:15

Firefox hab ich ja drauf und auch schon son bisschen für den Wechsel vorbereitet
aber mit Mozilla Thunderbird hab ich mich noch nicht beschäftig.
Kann ich alle alten mails dahin mitnehmen ?

Gemer hört immer plötzlich auf- werde also überspringen

cosinus · 13.09.2010, 14:17

Zitat:

Kann ich alle alten mails dahin mitnehmen ?

Ja. Thunderbird importiert alle Mails aus OjE.

Krid · 13.09.2010, 14:28

OSAM

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 15:25:18 on 13.09.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - SsiEfr.e  (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-448539723-115176313-682003330-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSNDMGR.CPL
"FINDFAST.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\FINDFAST.CPL
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.CPL" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.CPL
"JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL
"MBLLNK.CPL" - "AvantGo, Inc." - C:\WINDOWS\system32\MBLLNK.CPL
"NVTUICPL.CPL" - "NVIDIA Corporation" - C:\WINDOWS\system32\NVTUICPL.CPL
"plugincpl131.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl131.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
"S32LUCP1.CPL" - "Symantec Corporation" - C:\WINDOWS\system32\S32LUCP1.CPL
"VERSCPL.CPL" - "Corel Corporation" - C:\WINDOWS\system32\VERSCPL.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"3xHybrid service" (3xHybrid) - "Philips Semiconductors GmbH" - C:\WINDOWS\System32\DRIVERS\3xHybrid.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"ATWPKT" (ATWPKT) - "America Online" - C:\WINDOWS\system32\Drivers\ATWPKT.SYS
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM FRITZ!web PPP over ISDN" (NETFRITZ) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS
"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmwan.sys
"AVMPORT" (AVMPORT) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmport.sys
"CAPI 2.0 RAS driver" (CAPIRAS) - ? - C:\WINDOWS\System32\DRIVERS\CAPIRAS.SYS
"catchme" (catchme) - ? - C:\CoFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"giveio" (giveio) - ? - C:\WINDOWS\system32\giveio.sys  (File found, but it contains no detailed information)
"hotcore3" (hotcore3) - "Paragon Software Group" - C:\WINDOWS\System32\drivers\hotcore3.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ISDN PCI CAPI" (WDMCAPI) - ? - C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\DK-Sport\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Microsoft IntelliPoint Features driver" (IPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\IPFilter.sys
"Mimaki Plotter USB Port Controller (mkusb.sys)" (mkusb) - "Mimaki Engineering Co., Ltd." - C:\WINDOWS\System32\Drivers\mkusb.sys
"NDIS WAN miniport" (WDMWANMP) - ? - C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pxtdqpog" (pxtdqpog) - ? - C:\DOKUME~1\DK-Sport\LOKALE~1\Temp\pxtdqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"tmcomm" (tmcomm) - ? - C:\WINDOWS\system32\drivers\tmcomm.sys  (File not found)
"UIM Drive Backup Image Plugin" (Uim_IM) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_IM.sys
"Universal Image Mounter Controller" (UimBus) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\UimBus.sys
"USB DVC Svc" (DVC) - "Samsung Electronics" - C:\WINDOWS\System32\Drivers\DVC.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "{F9DB5320-233E-11D1-9F84-707F02C10627}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp" - ? -   (File not found | COM-object registry key not found)
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
{04055D60-93D3-11D1-B8CC-00409524F097} "Bildordner" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{CDB89701-262F-11D1-AB9C-00C0F00683EB} "Corel Media Find Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{854AF161-1AE1-11D1-AB9B-00C0F00683EB} "Corel Media Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{E856F161-1AE5-11d1-AB9B-00C0F00683EB} "Corel Media Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{F8152501-455F-11D1-B1E6-444553540000} "Corel Media Folder Copy Hook Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{0A082D00-EC93-11D0-B1E6-80580BC10627} "Corel Media Folder Root Menu Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - D:\Programme\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CrlShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop-Explorer" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll
{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} "Folder To Corel Media Folder Menu Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{8E524B0D-04F0-11D1-B74A-00A0C90646A4} "IconFactTemp.NSIconHandlerFactory" - "Corel Corporation" - C:\Corel\Graphics8\programs\CNSFlt80.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{2582A520-4E2C-11D0-944A-00608CB854B7} "Micrografx Designer Schnellansicht" - "Micrografx, Inc." - C:\WINDOWS\system32\fvds70.dll
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll
{A2AC368A-F883-11D0-B745-00A0C90646A4} "NSFiltManDll.FiltManCom" - "Corel Corporation" - C:\Corel\Graphics8\programs\CNSFlt80.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{7FC7C9B0-FED7-11D1-8F70-00409524F097} "PackedImageFolder" - ? -   (File not found | COM-object registry key not found)
{2DC8E5F2-C89C-4730-82C9-19120DEE5B0A} "PDFTransformer3.PDFTContextMenu.1" - "ABBYY" - C:\Programme\ABBYY PDF Transformer 3.0\PDFTContextMenu.dll
{68f32140-2ca3-11d0-acc1-444553540000} "PicaView Shell Extension" - "ACD Systems, Ltd." - C:\Programme\ACD Systems\PicaView\Picaview.dll
{D0FAC080-AE1A-11ce-8016-CE90976DC901} "Picture Publisher File Viewer" - ? - C:\WINDOWS\system32\ppiv20.dll  (File found, but it contains no detailed information)
{F93F5F63-423F-11D2-8D61-00605206619F} "Search Result" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79300-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{E0D79301-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{E0D79302-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
{B63FCD5A-2396-11D1-B762-00A0C90646A4} "{B63FCD5A-2396-11D1-B762-00A0C90646A4}" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFnd80.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
{4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "a-squared Scanner" - "Emsi Software GmbH" - C:\WINDOWS\DOWNLO~1\asquared.ocx / hxxp://ax.emsisoft.com/asquared.cab
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} "Java Plug-in 1.3.1" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\JavaSoft\JRE\1.3.1\bin\npjava131.dll / hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_16\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{0DF86CB3-1923-11D5-B470-0050BA1B3C6F} "JpegServerPushControl Class" - "Convision Technology GmbH" - C:\WINDOWS\System32\CONVIS~1.DLL / hxxp://217.6.17.16/ConvisionVideo.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{215B8138-A3CF-44C5-803F-8226143CFC0A} "Trend Micro ActiveX Scan Agent 6.6" - "Trend Micro Inc." - C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll / HouseCall - Free Online Virus Scan - Trend Micro USA
{51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} "Upload Control" - "WEB.DE AG" - C:\WINDOWS\DOWNLO~1\upload.ocx / https://img.web.de/v/fotoalbum/activex/upload_1111.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} "{9F1C11AA-197B-4942-BA54-47A8489BB47F}" - ? -   (File not found | COM-object registry key not found) / hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37782.2456365741
{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} "{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}" - "InstallShield Software Corporation" - C:\WINDOWS\DOWNLO~1\setup.exe / hxxp://62.131.75.242/webcl-10/wc_exec/setup.exe
{D27CDB6E-AE6D-11CF-96B8-444500000000} "{D27CDB6E-AE6D-11CF-96B8-444500000000}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} "WEB.DE Browser Configuration by mquadr.at" - "mquadr.at softwareengineering und consulting gmbh" - C:\WINDOWS\system32\ieconfig_1und1.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - ? - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll  (File not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Acrobat Assistant.lnk" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe  (Shortcut exists | File exists)
"Verknüpfung mit ISDNMO32.lnk" - "Heuer Software" - C:\Monitor\ISDNMO32.EXE  (Shortcut exists | File exists)
"VR-NetWorld Auftragsprüfung.lnk" - "VR-NetWorld Software" - C:\Programme\VR-NetWorld\VRToolCheckOrder.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"UIWatcher" - "ashampoo GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
"Yahoo! Pager" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Ashampoo HDD Control Guard" - "Ashampoo Development GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
"ISUSPM Startup" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"StarMoneyRunEntry" - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - "C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe"
"WireLessKeyboard" - ? - C:\Programme\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"EPSON BiD Monitor1" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON2.DLL
"EPSON Stylus Photo R220 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBAIE.DLL
"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaColorMon.dll
"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll
"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaMon.dll
"MIMAKI Port Monitor2" - ? - MPMSERV_1.dll  (File not found)
"PDF-XChange4-ABBYY" - "Tracker Software Products Ltd." - C:\WINDOWS\system32\pxc40pma.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"RDGCOMMON Language Monitor" - "Roland DG Corporation" - C:\WINDOWS\system32\RDCOMMON.DLL
"RVS Fax Monitor" - "RVS Datentechnik GmbH, München" - C:\WINDOWS\system32\RVSMONNT.DLL
"STIKA Monitor" - "Roland DG Corporation" - C:\WINDOWS\system32\STIKAMON.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ABBYY PDF Transformer 3.0 - Lizenzierungsdienst" (ABBYY.Licensing.PDFTransformer.Classic.3.0) - "ABBYY" - C:\Programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
"Defragmentation-Service" (DfSdkS) - "mst software GmbH, Germany" - C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"RVS Installer" (RVSINST) - "RVS Datentechnik GmbH, München" - C:\Programme\RVS\WCOM\SYSTEM\RVSINST.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
"StarMoney Business 4.0 OnlineUpdate" (StarMoney Business 4.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WRNotifier" - ? - WRLogonNTF.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Krid · 13.09.2010, 14:29

OSAM jetzt vieleicht doppelt aber besser als gar nicht

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 15:25:18 on 13.09.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - SsiEfr.e  (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-448539723-115176313-682003330-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSNDMGR.CPL
"FINDFAST.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\FINDFAST.CPL
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.CPL" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.CPL
"JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL
"MBLLNK.CPL" - "AvantGo, Inc." - C:\WINDOWS\system32\MBLLNK.CPL
"NVTUICPL.CPL" - "NVIDIA Corporation" - C:\WINDOWS\system32\NVTUICPL.CPL
"plugincpl131.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl131.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
"S32LUCP1.CPL" - "Symantec Corporation" - C:\WINDOWS\system32\S32LUCP1.CPL
"VERSCPL.CPL" - "Corel Corporation" - C:\WINDOWS\system32\VERSCPL.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"3xHybrid service" (3xHybrid) - "Philips Semiconductors GmbH" - C:\WINDOWS\System32\DRIVERS\3xHybrid.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"ATWPKT" (ATWPKT) - "America Online" - C:\WINDOWS\system32\Drivers\ATWPKT.SYS
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM FRITZ!web PPP over ISDN" (NETFRITZ) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS
"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmwan.sys
"AVMPORT" (AVMPORT) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmport.sys
"CAPI 2.0 RAS driver" (CAPIRAS) - ? - C:\WINDOWS\System32\DRIVERS\CAPIRAS.SYS
"catchme" (catchme) - ? - C:\CoFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"giveio" (giveio) - ? - C:\WINDOWS\system32\giveio.sys  (File found, but it contains no detailed information)
"hotcore3" (hotcore3) - "Paragon Software Group" - C:\WINDOWS\System32\drivers\hotcore3.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ISDN PCI CAPI" (WDMCAPI) - ? - C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\DK-Sport\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Microsoft IntelliPoint Features driver" (IPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\IPFilter.sys
"Mimaki Plotter USB Port Controller (mkusb.sys)" (mkusb) - "Mimaki Engineering Co., Ltd." - C:\WINDOWS\System32\Drivers\mkusb.sys
"NDIS WAN miniport" (WDMWANMP) - ? - C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pxtdqpog" (pxtdqpog) - ? - C:\DOKUME~1\DK-Sport\LOKALE~1\Temp\pxtdqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"tmcomm" (tmcomm) - ? - C:\WINDOWS\system32\drivers\tmcomm.sys  (File not found)
"UIM Drive Backup Image Plugin" (Uim_IM) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_IM.sys
"Universal Image Mounter Controller" (UimBus) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\UimBus.sys
"USB DVC Svc" (DVC) - "Samsung Electronics" - C:\WINDOWS\System32\Drivers\DVC.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "{F9DB5320-233E-11D1-9F84-707F02C10627}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp" - ? -   (File not found | COM-object registry key not found)
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
{04055D60-93D3-11D1-B8CC-00409524F097} "Bildordner" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{CDB89701-262F-11D1-AB9C-00C0F00683EB} "Corel Media Find Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{854AF161-1AE1-11D1-AB9B-00C0F00683EB} "Corel Media Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{E856F161-1AE5-11d1-AB9B-00C0F00683EB} "Corel Media Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{F8152501-455F-11D1-B1E6-444553540000} "Corel Media Folder Copy Hook Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{0A082D00-EC93-11D0-B1E6-80580BC10627} "Corel Media Folder Root Menu Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - D:\Programme\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CrlShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop-Explorer" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll
{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} "Folder To Corel Media Folder Menu Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll
{8E524B0D-04F0-11D1-B74A-00A0C90646A4} "IconFactTemp.NSIconHandlerFactory" - "Corel Corporation" - C:\Corel\Graphics8\programs\CNSFlt80.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{2582A520-4E2C-11D0-944A-00608CB854B7} "Micrografx Designer Schnellansicht" - "Micrografx, Inc." - C:\WINDOWS\system32\fvds70.dll
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll
{A2AC368A-F883-11D0-B745-00A0C90646A4} "NSFiltManDll.FiltManCom" - "Corel Corporation" - C:\Corel\Graphics8\programs\CNSFlt80.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{7FC7C9B0-FED7-11D1-8F70-00409524F097} "PackedImageFolder" - ? -   (File not found | COM-object registry key not found)
{2DC8E5F2-C89C-4730-82C9-19120DEE5B0A} "PDFTransformer3.PDFTContextMenu.1" - "ABBYY" - C:\Programme\ABBYY PDF Transformer 3.0\PDFTContextMenu.dll
{68f32140-2ca3-11d0-acc1-444553540000} "PicaView Shell Extension" - "ACD Systems, Ltd." - C:\Programme\ACD Systems\PicaView\Picaview.dll
{D0FAC080-AE1A-11ce-8016-CE90976DC901} "Picture Publisher File Viewer" - ? - C:\WINDOWS\system32\ppiv20.dll  (File found, but it contains no detailed information)
{F93F5F63-423F-11D2-8D61-00605206619F} "Search Result" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79300-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{E0D79301-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{E0D79302-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
{B63FCD5A-2396-11D1-B762-00A0C90646A4} "{B63FCD5A-2396-11D1-B762-00A0C90646A4}" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFnd80.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
{4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "a-squared Scanner" - "Emsi Software GmbH" - C:\WINDOWS\DOWNLO~1\asquared.ocx / hxxp://ax.emsisoft.com/asquared.cab
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} "Java Plug-in 1.3.1" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\JavaSoft\JRE\1.3.1\bin\npjava131.dll / hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_16\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{0DF86CB3-1923-11D5-B470-0050BA1B3C6F} "JpegServerPushControl Class" - "Convision Technology GmbH" - C:\WINDOWS\System32\CONVIS~1.DLL / hxxp://217.6.17.16/ConvisionVideo.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{215B8138-A3CF-44C5-803F-8226143CFC0A} "Trend Micro ActiveX Scan Agent 6.6" - "Trend Micro Inc." - C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll / HouseCall - Free Online Virus Scan - Trend Micro USA
{51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} "Upload Control" - "WEB.DE AG" - C:\WINDOWS\DOWNLO~1\upload.ocx / https://img.web.de/v/fotoalbum/activex/upload_1111.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} "{9F1C11AA-197B-4942-BA54-47A8489BB47F}" - ? -   (File not found | COM-object registry key not found) / hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37782.2456365741
{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} "{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}" - "InstallShield Software Corporation" - C:\WINDOWS\DOWNLO~1\setup.exe / hxxp://62.131.75.242/webcl-10/wc_exec/setup.exe
{D27CDB6E-AE6D-11CF-96B8-444500000000} "{D27CDB6E-AE6D-11CF-96B8-444500000000}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} "WEB.DE Browser Configuration by mquadr.at" - "mquadr.at softwareengineering und consulting gmbh" - C:\WINDOWS\system32\ieconfig_1und1.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - ? - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll  (File not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Acrobat Assistant.lnk" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe  (Shortcut exists | File exists)
"Verknüpfung mit ISDNMO32.lnk" - "Heuer Software" - C:\Monitor\ISDNMO32.EXE  (Shortcut exists | File exists)
"VR-NetWorld Auftragsprüfung.lnk" - "VR-NetWorld Software" - C:\Programme\VR-NetWorld\VRToolCheckOrder.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"UIWatcher" - "ashampoo GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
"Yahoo! Pager" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Ashampoo HDD Control Guard" - "Ashampoo Development GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
"ISUSPM Startup" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"StarMoneyRunEntry" - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - "C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe"
"WireLessKeyboard" - ? - C:\Programme\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"EPSON BiD Monitor1" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON2.DLL
"EPSON Stylus Photo R220 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBAIE.DLL
"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaColorMon.dll
"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll
"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaMon.dll
"MIMAKI Port Monitor2" - ? - MPMSERV_1.dll  (File not found)
"PDF-XChange4-ABBYY" - "Tracker Software Products Ltd." - C:\WINDOWS\system32\pxc40pma.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"RDGCOMMON Language Monitor" - "Roland DG Corporation" - C:\WINDOWS\system32\RDCOMMON.DLL
"RVS Fax Monitor" - "RVS Datentechnik GmbH, München" - C:\WINDOWS\system32\RVSMONNT.DLL
"STIKA Monitor" - "Roland DG Corporation" - C:\WINDOWS\system32\STIKAMON.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ABBYY PDF Transformer 3.0 - Lizenzierungsdienst" (ABBYY.Licensing.PDFTransformer.Classic.3.0) - "ABBYY" - C:\Programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
"Defragmentation-Service" (DfSdkS) - "mst software GmbH, Germany" - C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"RVS Installer" (RVSINST) - "RVS Datentechnik GmbH, München" - C:\Programme\RVS\WCOM\SYSTEM\RVSINST.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
"StarMoney Business 4.0 OnlineUpdate" (StarMoney Business 4.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WRNotifier" - ? - WRLogonNTF.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Krid · 13.09.2010, 14:36

Arne, wo bekomme ich Thunder. . . sicher her - und ohne Kosten möglichst?

cosinus · 13.09.2010, 14:45

Zitat:

Arne, wo bekomme ich Thunder. . . sicher her - und ohne Kosten möglichst?

Google ist dein Freund

SCNR

http://www.mozillamessaging.com/de/thunderbird/

Krid · 13.09.2010, 14:50

bin halt schon was älter
aber benutze Google schon ab und an

Krid · 13.09.2010, 14:55

werd ihn anschließend installieren und schaun ob ich klarkomme

Danke dir schon mal dafür, dass du mir auch sicher dabei ein paar tipps gibst Arne.

cosinus · 13.09.2010, 15:17

Was ist mit GMER und dem Bootkit Remover?

Krid · 13.09.2010, 15:24

GMER hat immer mittendrin aufgehört. hatte ich glaube schon geschrieben.

Bootki Remover hab ich wohl überlesen
hol es gleich nach

13.09.2010, 15:17	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Kann Google nicht mehr aufrufen Was ist mit GMER und dem Bootkit Remover? __________________ Logfiles bitte immer in CODE-Tags posten

Kann Google nicht mehr aufrufen

Log-Analyse und Auswertung: Kann Google nicht mehr aufrufen