Desktop Icons unsichtbar, Festplattenfehlermeldung, Mehrere Trojaner

MojoRunnin · 07.05.2011, 06:56

Hallo Arne,

so, hier die GMR Log-Datei:
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-07 07:09:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3250824AS rev.3.AAE
Running: 759glerw.exe; Driver: C:\DOKUME~1\Michael\LOKALE~1\Temp\ugtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwAdjustPrivilegesToken [0xB5C7F224]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwClose [0xB5C7F7F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwConnectPort [0xB5C81234]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateFile [0xB5C80BE6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateKey [0xB5C7E99A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateSymbolicLinkObject [0xB5C82BC6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateThread [0xB5C7F5F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDeleteKey [0xB5C7EDDC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDeleteValueKey [0xB5C7EFDC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDeviceIoControlFile [0xB5C80EF6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDuplicateObject [0xB5C830CE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwEnumerateKey [0xB5C7F0F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwEnumerateValueKey [0xB5C7F15A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwFsControlFile [0xB5C80DA8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwLoadDriver [0xB5C8266A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenFile [0xB5C80A42]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenKey [0xB5C7EAFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenProcess [0xB5C7F3FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenSection [0xB5C82BF0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenThread [0xB5C7F348]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueryKey [0xB5C7F1C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueryMultipleValueKey [0xB5C7EEC6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueryValueKey [0xB5C7ECA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueueApcThread [0xB5C828D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwReplaceKey [0xB5C7E61C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwRequestWaitReplyPort [0xB5C81ABE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwRestoreKey [0xB5C7E77E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwResumeThread [0xB5C82FA0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSaveKey [0xB5C7E41A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSecureConnectPort [0xB5C810D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetContextThread [0xB5C7F6F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetSecurityObject [0xB5C82764]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetSystemInformation [0xB5C82C1A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetValueKey [0xB5C7EB52]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSuspendProcess [0xB5C82CFE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSuspendThread [0xB5C82E2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSystemDebugControl [0xB5C82596]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwTerminateProcess [0xB5C7F4C8]
SSDT            \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                                     ZwUnloadKey [0xB2FBB6D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwWriteVirtualMemory [0xB5C7F53A]

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                                                            804EAF84 5 Bytes  JMP B5C96874 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                                               804EF912 5 Bytes  JMP B5C96C2E \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text           ntkrnlpa.exe!ZwCallbackReturn + 2C88                                                                                80504524 4 Bytes  [9A, E9, C7, B5]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2DC0                                                                                8050465C 4 Bytes  [FC, EA, C7, B5]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2FD8                                                                                80504874 12 Bytes  [FE, 2C, C8, B5, 2A, 2E, C8, ...]
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB8711360, 0x20469D, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xB406A300, 0x3ACC8, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xBA378300, 0x1B7E, 0xE8000020]
?               C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                                         Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\SearchIndexer.exe[3976] kernel32.dll!WriteFile                                                  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                             [B992FDA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                             [B992FDA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x7A 0x45 0x05 0xFD ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

--- --- ---

Und hier die OSAM Log-Datei:
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 07:51:59 on 07.05.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Scheduled Update for Ask Toolbar.job" - ? - C:\Programme\Ask.com\UpdateTask.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.0.1" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys
"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\System32\drivers\aspi32.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"FreshIO" (FreshIO) - ? - C:\Programme\FreshDevices\FreshDiagnose\FreshIO.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Kl1" (kl1) - "Kaspersky Lab" - C:\WINDOWS\System32\drivers\kl1.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "T-Online International AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNSp50.sys
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ugtdqpob" (ugtdqpob) - ? - C:\DOKUME~1\Michael\LOKALE~1\Temp\ugtdqpob.sys  (Hidden registry entry, rootkit activity | File not found)
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - C:\Programme\Illustrate\dBpoweramp\dBShell.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\msgrapp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - "Illustrate" - C:\Programme\Illustrate\dBpoweramp\dMCShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll  (File not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll
{79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 11\programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"MedionShop" - ? - MEDIONshop Deutschland  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{3DF6983D-D415-4AE5-8106-43987731DAA5} "AldiActiveFormX Element" - ? - C:\WINDOWS\DOWNLO~1\ALDI_E~1.OCX  (File found, but it contains no detailed information) / hxxp://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab
{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} "IPSUploader Control" - "IP Labs GmbH - Germany." - C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Macromedia, Inc." - C:\WINDOWS\system32\Macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll
<binary data> "Nero Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Nero Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AnyDVD" - "SlySoft, Inc." - C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
"BitTorrent DNA" - "BitTorrent, Inc." - "C:\Programme\DNA\btdna.exe"
"LaunchList" - "Pinnacle Systems" - C:\Programme\Pinnacle\Studio 11\LaunchList2.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AlcFDMonitor" - "Realtek Semiconductor Corp." - C:\WINDOWS\ALCFDRTM.EXE
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"AVP" - "Kaspersky Lab" - "C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe"
"CHotkey" - ? - mHotkey.exe
"InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "  (File not found)
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LanguageShortcut" - ? - C:\Programme\CyberLink\PowerDVD\Language\Language.exe
"ledpointer" - "Chicony" - CNYHKey.exe
"Lexmark X6100 Series" - "Lexmark International, Inc." - "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe"
"LexwareInfoService" - ? - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart  (File found, but it contains no detailed information)
"MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe"
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
"PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"Showwnd" - ? - showwnd.exe  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"@C:\Programme\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Programme\Nero\Update\NASvc.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Kaspersky Security Suite CBE 09" (avp) - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
"NMIndexingService" (NMIndexingService) - ? - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe"  (File not found)
"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys
"User Profile Hive Cleanup" (UPHClean) - "Microsoft Corporation" - C:\Programme\UPHClean\uphclean.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\WINDOWS\system32\klogon.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Und nun noch MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F30000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F10000 fltmgr.sys
0xB9EFE000 sr.sys
0xBA0F8000 klbg.sys
0xBA108000 PxHelp20.sys
0xB9EE7000 KSecDD.sys
0xB9E5A000 Ntfs.sys
0xB9E2D000 NDIS.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9E13000 Mup.sys
0xB98F4000 kl1.sys
0xBA338000 \WINDOWS\system32\drivers\TDI.SYS
0xBA298000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8AEF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8711000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB86FD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB86D5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA488000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB86B1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8ADF000 \SystemRoot\system32\DRIVERS\klfltdev.sys
0xBA490000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB85E7000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0xB85C4000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xBA498000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xB84B8000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA4A0000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8A9F000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA574000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB847C000 \SystemRoot\system32\DRIVERS\parport.sys
0xB8A8F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8463000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA4B0000 \SystemRoot\system32\drivers\ASAPIW2k.sys
0xB8A7F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8A6F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA370000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA380000 \SystemRoot\system32\DRIVERS\klim5.sys
0xBA739000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB98C8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB844C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA430000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA438000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA448000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA468000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA616000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB83EE000 \SystemRoot\system32\DRIVERS\update.sys
0xB98BC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0xBA178000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB5D9F000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB5D7B000 \SystemRoot\system32\drivers\portcls.sys
0xBA1A8000 \SystemRoot\system32\drivers\drmk.sys
0xBA208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA62C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB5C70000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA640000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6C4000 \SystemRoot\System32\Drivers\Null.SYS
0xBA642000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3E8000 \SystemRoot\System32\drivers\vga.sys
0xBA644000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA646000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6261000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5C3D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB5BBC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB5B94000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB5B6E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB5B4C000 \SystemRoot\System32\drivers\afd.sys
0xB8ABF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8AAF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB5B21000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB5A89000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA400000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xB5D5F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB59D7000 \SystemRoot\system32\DRIVERS\cmiucr.SYS
0xB5D37000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB5974000 \SystemRoot\system32\DRIVERS\rt2500usb.sys
0xBA398000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xB8490000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB5950000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA168000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5938000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB5C29000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3B0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6D6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3D0000 \SystemRoot\System32\ATMFD.DLL
0xBA480000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB50BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB44C2000 \SystemRoot\system32\drivers\wdmaud.sys
0xB45FF000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA658000 \SystemRoot\system32\drivers\splitter.sys
0xB4474000 \SystemRoot\system32\drivers\kmixer.sys
0xB419D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB4292000 \SystemRoot\System32\drivers\aspi32.sys
0xB406A000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB3F11000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3D79000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA378000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xB31C5000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB2FBB000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xB1596000 \??\C:\DOKUME~1\Michael\LOKALE~1\Temp\ugtdqpob.sys
0xAF217000 \SystemRoot\System32\Drivers\Udfs.SYS
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
676 C:\WINDOWS\system32\smss.exe
892 csrss.exe
916 C:\WINDOWS\system32\winlogon.exe
960 C:\WINDOWS\system32\services.exe
972 C:\WINDOWS\system32\lsass.exe
1140 C:\WINDOWS\system32\svchost.exe
1184 svchost.exe
1276 C:\WINDOWS\system32\svchost.exe
1516 svchost.exe
1780 C:\WINDOWS\system32\LEXBCES.EXE
1852 C:\WINDOWS\system32\LEXPPS.EXE
1876 C:\WINDOWS\system32\spoolsv.exe
184 C:\WINDOWS\explorer.exe
544 C:\Programme\Home Cinema\PowerCinema\PCMService.exe
596 C:\WINDOWS\system32\CmUCREye.exe
744 C:\Programme\Medion Info Display\MdionLCM.exe
764 C:\WINDOWS\mHotkey.exe
780 C:\WINDOWS\CNYHKey.exe
832 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
880 C:\WINDOWS\RTHDCPL.exe
884 C:\WINDOWS\ALCFDRTM.EXE
1224 C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe
1296 C:\Programme\Lexmark X6100 Series\lxbfbmon.exe
1376 svchost.exe
1440 C:\Programme\iTunes\iTunesHelper.exe
1556 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1560 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1596 C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
1568 C:\Programme\DNA\btdna.exe
1916 C:\Programme\Bonjour\mDNSResponder.exe
1984 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
1488 C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
1444 C:\Programme\Windows Media Player\wmpnscfg.exe
1868 C:\WINDOWS\system32\svchost.exe
1612 C:\Programme\Java\jre6\bin\jqs.exe
2064 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
2104 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
2628 C:\Programme\Nero\Update\NASvc.exe
2680 C:\WINDOWS\system32\nvsvc32.exe
2840 C:\Programme\CyberLink\Shared Files\RichVideo.exe
2932 C:\WINDOWS\system32\svchost.exe
3116 C:\Programme\UPHClean\uphclean.exe
3676 wmpnetwk.exe
3976 C:\WINDOWS\system32\searchindexer.exe
1792 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
2188 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
2648 C:\Programme\iPod\bin\iPodService.exe
608 alg.exe
2904 C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
3864 C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
3564 C:\WINDOWS\system32\wuauclt.exe
3792 C:\WINDOWS\system32\searchprotocolhost.exe
1168 searchfilterhost.exe
724 C:\Dokumente und Einstellungen\Michael\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`1a8eb800 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000038`82bd0600 (FAT32)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1A88FB21AE7DE3F2E2BB0173F7E9ECB617047576

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Ich danke dir wirklich für Deine unglaubliche Mühe!

Viele Grüße,
Mike

Desktop Icons unsichtbar, Festplattenfehlermeldung, Mehrere Trojaner

Plagegeister aller Art und deren Bekämpfung: Desktop Icons unsichtbar, Festplattenfehlermeldung, Mehrere Trojaner

Desktop Icons unsichtbar, Festplattenfehlermeldung, Mehrere Trojaner

Ähnliche Themen: Desktop Icons unsichtbar, Festplattenfehlermeldung, Mehrere Trojaner