Trojaner-Board - Kann Google nicht mehr aufrufen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Kann Google nicht mehr aufrufen (https://www.trojaner-board.de/90639-google-mehr-aufrufen.html)

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hier die Daten:

Combofix Logfile:

Code:

ComboFix 10-09-12.04 - DK-Sport 13.09.2010  14:27:02.1.1 - FAT32x86

ausgeführt von:: c:\dokumente und einstellungen\DK-Sport\Desktop\CoFix.exe

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\All Users\Anwendungsdaten\page

c:\dokumente und einstellungen\All Users\Anwendungsdaten\page\page.ico

c:\dokumente und einstellungen\All Users\Anwendungsdaten\page\page.URL

c:\dokumente und einstellungen\CanonBJC2100\b2508dex.exe

c:\dokumente und einstellungen\DK-Sport\Anwendungsdaten\ACD Systems\ACDSee\ImageDB.ddf

c:\programme\INSTALL.LOG

c:\windows\AutoRun.ini

c:\windows\Downloaded Program Files\setup.dll

c:\windows\winhelp.ini
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-13 bis 2010-09-13  ))))))))))))))))))))))))))))))

.
 

2010-09-13 10:53 . 2010-09-13 10:53        --------        d-----w-        C:\_OTL

2010-09-11 22:42 . 2010-09-11 22:42        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools

2010-09-11 22:41 . 2010-09-11 22:41        --------        d-----w-        c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Temp

2010-09-11 22:41 . 2010-09-11 22:41        --------        d-----w-        c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Deployment

2010-09-11 07:54 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-11 07:53 . 2010-09-11 07:54        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-09-11 07:53 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-09-11 07:15 . 2010-09-11 07:17        76704960        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe

2010-09-10 06:25 . 2001-10-28 15:42        116224        ----a-w-        c:\windows\system32\PDFCMNNT.DLL

2010-09-10 06:25 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL

2010-09-10 06:25 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL

2010-09-10 06:25 . 2010-09-10 06:25        --------        d-----w-        c:\programme\PDFCreator

2010-09-10 06:25 . 1998-07-05 23:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL

2010-09-09 17:05 . 2010-09-09 17:05        --------        d-----w-        c:\windows\system32\wbem\Repository

2010-09-09 17:04 . 2010-09-09 17:05        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Yahoo! Companion

2010-09-09 17:04 . 2010-09-09 17:04        --------        d-----w-        c:\windows\system32\config\systemprofile\Anwendungsdaten\Application Updater

2010-08-28 12:30 . 2001-08-18 02:22        12288        ----a-w-        c:\windows\system32\drivers\mouhid.sys

2010-08-28 12:30 . 2001-08-18 02:22        12288        ----a-w-        c:\windows\system32\dllcache\mouhid.sys

2010-08-28 12:29 . 2008-04-13 18:45        10368        ----a-w-        c:\windows\system32\drivers\hidusb.sys

2010-08-28 12:29 . 2008-04-13 18:45        10368        ----a-w-        c:\windows\system32\dllcache\hidusb.sys

2010-08-26 18:32 . 2010-08-26 18:32        --------        d-----w-        c:\windows\Samsung

2010-08-26 18:32 . 2008-03-11 19:10        21776        ----a-w-        c:\windows\system32\msxml2a.dll

2010-08-26 18:32 . 2010-03-09 11:34        157552        ----a-w-        c:\windows\system32\spd__ci.exe

2010-08-26 18:32 . 2010-03-16 15:01        141680        ----a-w-        c:\windows\system32\SUPDSvcA.dll

2010-08-26 18:32 . 2010-03-16 15:01        132464        ----a-w-        c:\windows\system32\SUPDSvc.exe

2010-08-26 18:32 . 2010-03-16 15:00        260464        ----a-w-        c:\windows\SUPDRun.exe

2010-08-26 18:32 . 2009-10-07 09:29        218112        ----a-w-        c:\windows\system32\SIPDUtil.dll

2010-08-26 18:32 . 2008-06-04 13:53        26624        ----a-w-        c:\windows\system32\spd__l.dll

2010-08-26 18:32 . 2007-06-27 07:56        19968        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\spd__pc.dll

2010-08-26 18:32 . 2010-03-25 07:49        282624        ----a-w-        c:\windows\system32\DscPnt.dll

2010-08-26 18:32 . 2007-10-02 17:21        65536        ----a-w-        c:\windows\system32\spd__ci.dll

2010-08-26 18:32 . 2010-08-26 18:32        --------        d-----w-        c:\programme\Samsung

2010-08-26 18:31 . 2010-08-26 18:31        --------        d-----w-        c:\temp\SamsungUniversalPrintDriver
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-13 08:40 . 2007-06-14 07:22        2828        --sha-w-        c:\windows\system32\KGyGaAvL.sys

2010-09-02 16:45 . 2007-02-02 05:20        590600        ----a-w-        c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-08-11 21:31 . 2001-08-18 10:00        81130        ----a-w-        c:\windows\system32\perfc007.dat

2010-08-11 21:31 . 2001-08-18 10:00        450314        ----a-w-        c:\windows\system32\perfh007.dat

2010-08-10 12:41 . 2010-08-10 12:41        --------        d-----w-        c:\programme\ABBYY PDF Transformer 3.0

2010-08-10 12:41 . 2010-08-10 12:41        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ABBYY

2010-08-10 12:41 . 2010-08-10 12:41        --------        d-----w-        c:\programme\Gemeinsame Dateien\ABBYY

2010-08-07 09:59 . 2010-07-11 07:20        0        ----a-w-        c:\windows\brdfxspd.dat

2010-07-11 07:20 . 2010-07-11 07:20        50        ----a-w-        c:\windows\system32\bridf08b.dat

2010-07-11 07:17 . 2010-07-11 07:17        10134        ----a-r-        c:\dokumente und einstellungen\DK-Sport\Anwendungsdaten\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe

2010-06-30 12:28 . 2002-12-19 05:41        149504        ----a-w-        c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-02-06 16:07        916480        ----a-w-        c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2002-12-16 06:11        1852032        ----a-w-        c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2003-01-23 08:52        354304        ----a-w-        c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2001-08-18 10:00        80384        ----a-w-        c:\windows\system32\iccvid.dll

2008-07-29 06:05 . 2009-06-11 12:48        3783672        ----a-w-        c:\programme\mfc90u.dll

2010-09-10 06:18 . 2010-09-10 06:18        119808        ----a-w-        c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll

2008-04-14 02:22 . 2002-12-19 05:41        551936        --sha-w-        c:\windows\system32\oleaut32.dll

2008-04-14 02:22 . 2001-08-18 10:00        84992        --sha-w-        c:\windows\system32\olepro32.dll

2008-04-14 02:22 . 2002-12-19 05:41        12288        --sha-w-        c:\windows\system32\regsvr32.exe

2008-04-14 02:22 . 2002-12-10 05:37        413696        --sha-w-        c:\windows\system32\msvcp60.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UIWatcher"="c:\programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe" [2009-02-23 3508568]

"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"Google Update"="c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2010-09-10 136176]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"CommCenter"="c:\programme\RVS\WCOM\SYSTEM\ccui.exe" [2000-09-20 933929]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-03-28 98304]

"WireLessKeyboard"="c:\programme\Trust\Trust Keyboard 15036\StartAutorun.exe" [2005-11-30 94208]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Ashampoo HDD Control Guard"="c:\programme\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-02-16 3994456]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

"StarMoneyRunEntry"="c:\programme\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe" [2010-08-24 57864]

"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]

"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-12 614400]

"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-10 30192]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
 

c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\

CommCenter.lnk - c:\windows\Installer\{23A11400-2D8E-11D4-AD5B-00E029170ABD}\RVSICO_CommCenter.exe [2004-6-14 28672]
 

c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\

CommCenter.lnk - c:\windows\Installer\{23A11400-2D8E-11D4-AD5B-00E029170ABD}\RVSICO_CommCenter.exe [2004-6-14 28672]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Verknpfung mit ISDNMO32.lnk - c:\monitor\ISDNMO32.EXE [2002-12-16 1117216]

VR-NetWorld Auftragsprfung.lnk - c:\programme\VR-NetWorld\vrtoolcheckorder.exe [2004-10-13 548864]

Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
 

c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\

CommCenter.lnk - c:\windows\Installer\{23A11400-2D8E-11D4-AD5B-00E029170ABD}\RVSICO_CommCenter.exe [2004-6-14 28672]
 

c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\

CommCenter.lnk - c:\windows\Installer\{23A11400-2D8E-11D4-AD5B-00E029170ABD}\RVSICO_CommCenter.exe [2004-6-14 28672]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave2"=AvmSnd.dll
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk /r \??\h:\0autocheck autochk *\0SsiEfr.e
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^CommCenter.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\CommCenter.lnk

backup=c:\windows\pss\CommCenter.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK

backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digital Image Monitor.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Digital Image Monitor.lnk

backup=c:\windows\pss\Digital Image Monitor.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GENO lite ZV Fälligkeiten.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\GENO lite ZV Fälligkeiten.lnk

backup=c:\windows\pss\GENO lite ZV Fälligkeiten.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ImageFox.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ImageFox.lnk

backup=c:\windows\pss\ImageFox.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office-Schnellstart.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office-Schnellstart.lnk

backup=c:\windows\pss\Microsoft Office-Schnellstart.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ScanPanel.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ScanPanel.lnk

backup=c:\windows\pss\ScanPanel.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^DK-Sport^Startmenü^Programme^Autostart^FRITZ!DSL Startcenter.lnk]

path=c:\dokumente und einstellungen\DK-Sport\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk

backup=c:\windows\pss\FRITZ!DSL Startcenter.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]

2004-12-27 14:02        550912        ----a-w-        c:\windows\mHotkey.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 11:50        1289000        ----a-w-        c:\programme\Microsoft ActiveSync\wcescomm.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2003-11-10 18:11        176128        ----a-w-        c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:22        1695232        ----a-w-        c:\programme\Messenger\msmsgs.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 14:44        3883840        ----a-w-        c:\programme\Windows Live\Messenger\msnmsgr.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50        155648        ----a-r-        c:\windows\system32\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]

2002-04-11 09:47        176128        ----a-w-        c:\programme\Microsoft IntelliPoint 4.1\Mouse\SETUP\MSH\Mouse\point32.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-03-28 20:19        98304        ----a-w-        c:\programme\QuickTime\qttask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

2006-09-19 07:07        827392        ----a-w-        c:\windows\vsnpstd3.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2003-01-20 07:48        47104        ----a-w-        c:\windows\SOUNDMAN.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopHid]

2003-10-06 08:22        40960        ----a-w-        c:\windows\StopHid.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]

2005-11-04 13:05        90112        ----a-w-        c:\windows\tsnpstd3.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]

2009-02-23 08:57        3508568        ----a-w-        c:\programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"de_serv"=3 (0x3)

"InterBaseServer"=3 (0x3)

"InterBaseGuardian"=2 (0x2)

"srservice"=2 (0x2)

"SAVScan"=2 (0x2)

"MDM"=2 (0x2)

"hpzglue_service"=2 (0x2)

"gusvc"=2 (0x2)

"a2free"=2 (0x2)

"SNDSrvc"=3 (0x3)

"SeaPort"=2 (0x2)

"LiveUpdate"=3 (0x3)

"idsvc"=3 (0x3)

"GoogleDesktopManager-061008-081103"=3 (0x3)

"fsssvc"=3 (0x3)

"EPSON_PM_RPCV4_01"=2 (0x2)

"DfSdkS"=2 (0x2)

"AVM IGD CTRL Service"=2 (0x2)

"Automatisches LiveUpdate - Scheduler"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=

"c:\\Monitor\\ISDNMO32.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=

"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager

"c:\\Programme\\StarMoney 7.0 S-Edition\\ouservice\\StarMoneyOnlineUpdate.exe"=

"c:\\Programme\\StarMoney 7.0 S-Edition\\app\\StarMoney.exe"=

"c:\\Programme\\StarMoney Business 4.0 Deutsche Bank Edition\\ouservice\\StarMoneyOnlineUpdate.exe"=

"c:\\Programme\\StarMoney Business 4.0 Deutsche Bank Edition\\app\\StarMoney.exe"=

"c:\\WINDOWS\\System32\\SUPDSvc.exe"=

"c:\\Programme\\VR-NetWorld\\VRNetWorld.exe"=

"c:\\WINLITE\\STARTEXE.EXE"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

"445:TCP"= 445:TCP:@xpsp2res.dll,-22005

"137:UDP"= 137:UDP:@xpsp2res.dll,-22001

"138:UDP"= 138:UDP:@xpsp2res.dll,-22002

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
 

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [03.02.2009 12:46 39472]

R0 WDMCAPI;ISDN PCI CAPI;c:\windows\system32\drivers\WDMCAPI.sys [01.05.2004 08:34 587776]

R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Lizenzierungsdienst;c:\programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [27.04.2009 10:17 759048]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [20.01.2010 07:46 337064]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.01.2010 07:46 135336]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [20.01.2010 07:46 405672]

R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [28.12.2009 19:06 59520]

R2 DfSdkS;Defragmentation-Service;c:\programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [28.12.2009 20:26 406016]

R2 Iprip;RIP-Überwachung;c:\windows\System32\svchost.exe -k netsvcs [18.08.2001 12:00 14336]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [20.02.2005 19:32 698368]

R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [29.11.2004 01:00 53632]

R3 fpcibase;FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [28.12.2009 18:44 537600]

R3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\drivers\Netfritz.sys [27.04.2004 17:58 334640]

R3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [01.05.2004 08:34 26112]

S2 CAPIRAS;CAPI 2.0 RAS driver;c:\windows\system32\drivers\CAPIRAS.SYS [08.06.2001 12:29 26624]

S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [06.05.2010 18:49 541192]

S2 StarMoney Business 4.0 OnlineUpdate;StarMoney Business 4.0 OnlineUpdate;c:\programme\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [20.06.2010 15:48 541192]

S3 ATWPKT;ATWPKT;c:\windows\system32\drivers\atwpkt.sys [10.12.2002 08:17 19140]

S3 AVMWAN;AVM NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [28.12.2009 18:44 29968]

S3 DVC;USB DVC Svc;c:\windows\system32\drivers\DVC.sys [07.08.2003 11:19 38401]

S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [13.07.2007 07:28 264704]

S3 FXUSBASE;Eumex 400 (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [29.11.2004 01:00 547968]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [10.09.2010 08:18 30192]

S3 mkusb;Mimaki Plotter USB Port Controller (mkusb.sys);c:\windows\system32\drivers\mkusb.sys [07.10.2009 16:09 34232]

S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [08.12.2002 09:45 24288]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [26.08.2010 20:32 132464]

S4 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

S4 hpzglue_service;hpzglue_service;c:\windows\System32\hpzglu05.exe --> c:\windows\System32\hpzglu05.exe [?]

.

Inhalt des "geplante Tasks" Ordners
 

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-115176313-682003330-1004Core.job

- c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-09-10 06:11]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://banking.sparkasse-wittenberg.de/cgi/anfang.cgi

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: erima-online.com\www

TCP: {359E15E8-09F6-4CAD-8052-05AC533BFA9A} = 192.168.120.252,192.168.120.253

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {0DF86CB3-1923-11D5-B470-0050BA1B3C6F} - hxxp://217.6.17.16/ConvisionVideo.cab

DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} - hxxps://img.web.de/v/fotoalbum/activex/upload_1111.cab

DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://62.131.75.242/webcl-10/wc_exec/setup.exe

FF - ProfilePath - c:\dokumente und einstellungen\DK-Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\fbl59lbs.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://banking.sparkasse-wittenberg.de/cgi/anfang.cgi

FF - component: c:\dokumente und einstellungen\DK-Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\fbl59lbs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\dokumente und einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 50

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe

HKLM-Run-PDFServiceEngine - c:\programme\PDF Suite\PDFServiceEngine.exe

HKU-Default-Run-SSS6_Suite - c:\programme\Steganos Security Suite 6\sss.exe

HKU-Default-Run-SSS6_SAFE - c:\programme\Steganos Security Suite 6\safe.exe

HKU-Default-Run-SSS6_SPM - c:\programme\Steganos Security Suite 6\spm.exe

MSConfigStartUp-GhostStartTrayApp - c:\programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

MSConfigStartUp-HP Component Manager - c:\programme\HP\hpcoretech\hpcmpmgr.exe

MSConfigStartUp-HP Software Update - c:\programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe

MSConfigStartUp-KONICA MINOLTA magicolor2300WStatusDisplay - c:\windows\system32\MSTMON_P.EXE

MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

MSConfigStartUp-LogitechSoftwareUpdate - c:\programme\Logitech\Video\ManifestEngine.exe

MSConfigStartUp-LogitechVideoTray - c:\programme\Logitech\Video\LogiTray.exe

MSConfigStartUp-Microsoft Works Update Detection - c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

MSConfigStartUp-Performance Center - c:\programme\Ascentive\Performance Center\ApcMain.exe

MSConfigStartUp-Skype - c:\programme\Skype\Phone\Skype.exe

MSConfigStartUp-SSC Service Utility - c:\dokume~1\DK-Sport\LOKALE~1\Temp\Rar$EX00.734\SSC Service Utility\ssc_serv.exe

MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe

MSConfigStartUp-TkBellExe - c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-13 14:36

Windows 5.1.2600 Service Pack 3 FAT NTAPI
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(820)

c:\windows\system32\AvmSnd.dll
 

- - - - - - - > 'lsass.exe'(876)

c:\windows\system32\AvmSnd.dll

c:\programme\Avira\AntiVir Desktop\avsda.dll
 

- - - - - - - > 'explorer.exe'(4060)

c:\windows\system32\AvmSnd.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\corel\Graphics8\programs\CMFFld80.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\programme\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\programme\Gemeinsame Dateien\AVM\de_serv.exe

c:\programme\Brother\ControlCenter3\brccMCtl.exe

c:\programme\Avira\AntiVir Desktop\avshadow.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

c:\programme\RVS\WCOM\SYSTEM\RVSINST.EXE

c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\tcpsvcs.exe

c:\windows\System32\snmp.exe

c:\programme\Brother\Brmfcmon\BrMfcmon.exe

c:\programme\Windows Live\Contacts\wlcomm.exe

c:\windows\system32\fxssvc.exe

c:\windows\System32\wbem\wmiapsrv.exe

c:\programme\RVS\WCOM\SYSTEM\ccsrv.exe

c:\programme\RVS\WCOM\SYSTEM\ccsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-09-13  14:40:09 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-09-13 12:40
 

Vor Suchlauf: 40 Verzeichnis(se), 78.948.335.616 Bytes frei

Nach Suchlauf: 57 Verzeichnis(se), 78.815.821.824 Bytes frei
 

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
 

- - End Of File - - FB3B3FDCB0BCB285AD01A381CE44E3BC

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Hallo Arne,

zwei kleine Fragen am Rande.

IE8 fragt ob er sich zum standart machen soll. Was meinst du?

Outook Express will stänig komprmieren. Ich habe aber Bedenken, dass alle meine mails verloren gehen bzw sie nicht mehr in *Suchen* berücksichtigt werden. Das kann ich mir nicht leisten.

Gruß Dirk

Zitat:

IE8 fragt ob er sich zum standart machen soll. Was meinst du?

Natürlich nicht. Standardbrowser sollte Firefox oder Opera sein.

Zitat:

Outook Express will stänig komprmieren. Ich habe aber Bedenken, dass alle meine mails verloren gehen bzw sie nicht mehr in *Suchen* berücksichtigt werden. Das kann ich mir nicht leisten

Wieso sollten Mails verloren gehen?
Du solltest statt OE besser sowas wie Mozilla Thunderbird verwenden.

Firefox hab ich ja drauf und auch schon son bisschen für den Wechsel vorbereitet
aber mit Mozilla Thunderbird hab ich mich noch nicht beschäftig.
Kann ich alle alten mails dahin mitnehmen ?

Gemer hört immer plötzlich auf- werde also überspringen

Zitat:

Kann ich alle alten mails dahin mitnehmen ?

Ja. Thunderbird importiert alle Mails aus OjE.

OSAM

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 15:25:18 on 13.09.2010
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - ? - SsiEfr.e  (File not found)
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskUserS-1-5-21-448539723-115176313-682003330-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ALSNDMGR.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSNDMGR.CPL

"FINDFAST.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\FINDFAST.CPL

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"ISUSPM.CPL" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.CPL

"JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL

"MBLLNK.CPL" - "AvantGo, Inc." - C:\WINDOWS\system32\MBLLNK.CPL

"NVTUICPL.CPL" - "NVIDIA Corporation" - C:\WINDOWS\system32\NVTUICPL.CPL

"plugincpl131.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl131.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl

"S32LUCP1.CPL" - "Symantec Corporation" - C:\WINDOWS\system32\S32LUCP1.CPL

"VERSCPL.CPL" - "Corel Corporation" - C:\WINDOWS\system32\VERSCPL.CPL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"3xHybrid service" (3xHybrid) - "Philips Semiconductors GmbH" - C:\WINDOWS\System32\DRIVERS\3xHybrid.sys

"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys

"ATWPKT" (ATWPKT) - "America Online" - C:\WINDOWS\system32\Drivers\ATWPKT.SYS

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"AVM FRITZ!web PPP over ISDN" (NETFRITZ) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS

"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmwan.sys

"AVMPORT" (AVMPORT) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmport.sys

"CAPI 2.0 RAS driver" (CAPIRAS) - ? - C:\WINDOWS\System32\DRIVERS\CAPIRAS.SYS

"catchme" (catchme) - ? - C:\CoFix\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys

"giveio" (giveio) - ? - C:\WINDOWS\system32\giveio.sys  (File found, but it contains no detailed information)

"hotcore3" (hotcore3) - "Paragon Software Group" - C:\WINDOWS\System32\drivers\hotcore3.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"ISDN PCI CAPI" (WDMCAPI) - ? - C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys  (File signed by Microsoft | File found, but it contains no detailed information)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"mbr" (mbr) - ? - C:\DOKUME~1\DK-Sport\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"Microsoft IntelliPoint Features driver" (IPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\IPFilter.sys

"Mimaki Plotter USB Port Controller (mkusb.sys)" (mkusb) - "Mimaki Engineering Co., Ltd." - C:\WINDOWS\System32\Drivers\mkusb.sys

"NDIS WAN miniport" (WDMWANMP) - ? - C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys  (File signed by Microsoft | File found, but it contains no detailed information)

"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pxtdqpog" (pxtdqpog) - ? - C:\DOKUME~1\DK-Sport\LOKALE~1\Temp\pxtdqpog.sys  (Hidden registry entry, rootkit activity | File not found)

"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"tmcomm" (tmcomm) - ? - C:\WINDOWS\system32\drivers\tmcomm.sys  (File not found)

"UIM Drive Backup Image Plugin" (Uim_IM) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_IM.sys

"Universal Image Mounter Controller" (UimBus) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\UimBus.sys

"USB DVC Svc" (DVC) - "Samsung Electronics" - C:\WINDOWS\System32\Drivers\DVC.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "{F9DB5320-233E-11D1-9F84-707F02C10627}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp" - ? -   (File not found | COM-object registry key not found)

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll

{04055D60-93D3-11D1-B8CC-00409524F097} "Bildordner" - ? -   (File not found | COM-object registry key not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

{CDB89701-262F-11D1-AB9C-00C0F00683EB} "Corel Media Find Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{854AF161-1AE1-11D1-AB9B-00C0F00683EB} "Corel Media Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{E856F161-1AE5-11d1-AB9B-00C0F00683EB} "Corel Media Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{F8152501-455F-11D1-B1E6-444553540000} "Corel Media Folder Copy Hook Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{0A082D00-EC93-11D0-B1E6-80580BC10627} "Corel Media Folder Root Menu Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)

{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - D:\Programme\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CrlShell.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop-Explorer" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll

{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} "Folder To Corel Media Folder Menu Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{8E524B0D-04F0-11D1-B74A-00A0C90646A4} "IconFactTemp.NSIconHandlerFactory" - "Corel Corporation" - C:\Corel\Graphics8\programs\CNSFlt80.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{2582A520-4E2C-11D0-944A-00608CB854B7} "Micrografx Designer Schnellansicht" - "Micrografx, Inc." - C:\WINDOWS\system32\fvds70.dll

{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll

{A2AC368A-F883-11D0-B745-00A0C90646A4} "NSFiltManDll.FiltManCom" - "Corel Corporation" - C:\Corel\Graphics8\programs\CNSFlt80.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL

{7FC7C9B0-FED7-11D1-8F70-00409524F097} "PackedImageFolder" - ? -   (File not found | COM-object registry key not found)

{2DC8E5F2-C89C-4730-82C9-19120DEE5B0A} "PDFTransformer3.PDFTContextMenu.1" - "ABBYY" - C:\Programme\ABBYY PDF Transformer 3.0\PDFTContextMenu.dll

{68f32140-2ca3-11d0-acc1-444553540000} "PicaView Shell Extension" - "ACD Systems, Ltd." - C:\Programme\ACD Systems\PicaView\Picaview.dll

{D0FAC080-AE1A-11ce-8016-CE90976DC901} "Picture Publisher File Viewer" - ? - C:\WINDOWS\system32\ppiv20.dll  (File found, but it contains no detailed information)

{F93F5F63-423F-11D2-8D61-00605206619F} "Search Result" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

{E0D79300-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll

{E0D79301-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll

{E0D79302-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

{B63FCD5A-2396-11D1-B762-00A0C90646A4} "{B63FCD5A-2396-11D1-B762-00A0C90646A4}" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFnd80.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

{4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" - ? -   (File not found | COM-object registry key not found)

<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "a-squared Scanner" - "Emsi Software GmbH" - C:\WINDOWS\DOWNLO~1\asquared.ocx / hxxp://ax.emsisoft.com/asquared.cab

{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} "Java Plug-in 1.3.1" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\JavaSoft\JRE\1.3.1\bin\npjava131.dll / hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_16\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

{0DF86CB3-1923-11D5-B470-0050BA1B3C6F} "JpegServerPushControl Class" - "Convision Technology GmbH" - C:\WINDOWS\System32\CONVIS~1.DLL / hxxp://217.6.17.16/ConvisionVideo.cab

Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

{215B8138-A3CF-44C5-803F-8226143CFC0A} "Trend Micro ActiveX Scan Agent 6.6" - "Trend Micro Inc." - C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll / HouseCall - Free Online Virus Scan - Trend Micro USA

{51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} "Upload Control" - "WEB.DE AG" - C:\WINDOWS\DOWNLO~1\upload.ocx / https://img.web.de/v/fotoalbum/activex/upload_1111.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

{9F1C11AA-197B-4942-BA54-47A8489BB47F} "{9F1C11AA-197B-4942-BA54-47A8489BB47F}" - ? -   (File not found | COM-object registry key not found) / hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37782.2456365741

{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} "{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}" - "InstallShield Software Corporation" - C:\WINDOWS\DOWNLO~1\setup.exe / hxxp://62.131.75.242/webcl-10/wc_exec/setup.exe

{D27CDB6E-AE6D-11CF-96B8-444500000000} "{D27CDB6E-AE6D-11CF-96B8-444500000000}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} "WEB.DE Browser Configuration by mquadr.at" - "mquadr.at softwareengineering und consulting gmbh" - C:\WINDOWS\system32\ieconfig_1und1.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

{02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - ? - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll  (File not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"Acrobat Assistant.lnk" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe  (Shortcut exists | File exists)

"Verknüpfung mit ISDNMO32.lnk" - "Heuer Software" - C:\Monitor\ISDNMO32.EXE  (Shortcut exists | File exists)

"VR-NetWorld Auftragsprüfung.lnk" - "VR-NetWorld Software" - C:\Programme\VR-NetWorld\VRToolCheckOrder.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c

"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"

"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background

"UIWatcher" - "ashampoo GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe

"Yahoo! Pager" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Ashampoo HDD Control Guard" - "Ashampoo Development GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"BrMfcWnd" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun

"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup

"IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"

"ISUSPM Startup" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup

"ISUSScheduler" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"

"PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"StarMoneyRunEntry" - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - "C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe"

"WireLessKeyboard" - ? - C:\Programme\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

"EPSON BiD Monitor1" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON2.DLL

"EPSON Stylus Photo R220 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBAIE.DLL

"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaColorMon.dll

"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll

"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaMon.dll

"MIMAKI Port Monitor2" - ? - MPMSERV_1.dll  (File not found)

"PDF-XChange4-ABBYY" - "Tracker Software Products Ltd." - C:\WINDOWS\system32\pxc40pma.dll

"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"RDGCOMMON Language Monitor" - "Roland DG Corporation" - C:\WINDOWS\system32\RDCOMMON.DLL

"RVS Fax Monitor" - "RVS Datentechnik GmbH, München" - C:\WINDOWS\system32\RVSMONNT.DLL

"STIKA Monitor" - "Roland DG Corporation" - C:\WINDOWS\system32\STIKAMON.DLL
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ABBYY PDF Transformer 3.0 - Lizenzierungsdienst" (ABBYY.Licensing.PDFTransformer.Classic.3.0) - "ABBYY" - C:\Programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe

"Defragmentation-Service" (DfSdkS) - "mst software GmbH, Germany" - C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe

"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"RVS Installer" (RVSINST) - "RVS Datentechnik GmbH, München" - C:\Programme\RVS\WCOM\SYSTEM\RVSINST.EXE

"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe

"StarMoney Business 4.0 OnlineUpdate" (StarMoney Business 4.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WRNotifier" - ? - WRLogonNTF.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

OSAM jetzt vieleicht doppelt aber besser als gar nicht

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 15:25:18 on 13.09.2010
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - ? - SsiEfr.e  (File not found)
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskUserS-1-5-21-448539723-115176313-682003330-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ALSNDMGR.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSNDMGR.CPL

"FINDFAST.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\FINDFAST.CPL

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"ISUSPM.CPL" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.CPL

"JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL

"MBLLNK.CPL" - "AvantGo, Inc." - C:\WINDOWS\system32\MBLLNK.CPL

"NVTUICPL.CPL" - "NVIDIA Corporation" - C:\WINDOWS\system32\NVTUICPL.CPL

"plugincpl131.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl131.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl

"S32LUCP1.CPL" - "Symantec Corporation" - C:\WINDOWS\system32\S32LUCP1.CPL

"VERSCPL.CPL" - "Corel Corporation" - C:\WINDOWS\system32\VERSCPL.CPL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"3xHybrid service" (3xHybrid) - "Philips Semiconductors GmbH" - C:\WINDOWS\System32\DRIVERS\3xHybrid.sys

"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys

"ATWPKT" (ATWPKT) - "America Online" - C:\WINDOWS\system32\Drivers\ATWPKT.SYS

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"AVM FRITZ!web PPP over ISDN" (NETFRITZ) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS

"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmwan.sys

"AVMPORT" (AVMPORT) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmport.sys

"CAPI 2.0 RAS driver" (CAPIRAS) - ? - C:\WINDOWS\System32\DRIVERS\CAPIRAS.SYS

"catchme" (catchme) - ? - C:\CoFix\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys

"giveio" (giveio) - ? - C:\WINDOWS\system32\giveio.sys  (File found, but it contains no detailed information)

"hotcore3" (hotcore3) - "Paragon Software Group" - C:\WINDOWS\System32\drivers\hotcore3.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"ISDN PCI CAPI" (WDMCAPI) - ? - C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys  (File signed by Microsoft | File found, but it contains no detailed information)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"mbr" (mbr) - ? - C:\DOKUME~1\DK-Sport\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"Microsoft IntelliPoint Features driver" (IPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\IPFilter.sys

"Mimaki Plotter USB Port Controller (mkusb.sys)" (mkusb) - "Mimaki Engineering Co., Ltd." - C:\WINDOWS\System32\Drivers\mkusb.sys

"NDIS WAN miniport" (WDMWANMP) - ? - C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys  (File signed by Microsoft | File found, but it contains no detailed information)

"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pxtdqpog" (pxtdqpog) - ? - C:\DOKUME~1\DK-Sport\LOKALE~1\Temp\pxtdqpog.sys  (Hidden registry entry, rootkit activity | File not found)

"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"tmcomm" (tmcomm) - ? - C:\WINDOWS\system32\drivers\tmcomm.sys  (File not found)

"UIM Drive Backup Image Plugin" (Uim_IM) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_IM.sys

"Universal Image Mounter Controller" (UimBus) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\UimBus.sys

"USB DVC Svc" (DVC) - "Samsung Electronics" - C:\WINDOWS\System32\Drivers\DVC.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "{F9DB5320-233E-11D1-9F84-707F02C10627}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp" - ? -   (File not found | COM-object registry key not found)

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll

{04055D60-93D3-11D1-B8CC-00409524F097} "Bildordner" - ? -   (File not found | COM-object registry key not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

{CDB89701-262F-11D1-AB9C-00C0F00683EB} "Corel Media Find Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{854AF161-1AE1-11D1-AB9B-00C0F00683EB} "Corel Media Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{E856F161-1AE5-11d1-AB9B-00C0F00683EB} "Corel Media Folder" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{F8152501-455F-11D1-B1E6-444553540000} "Corel Media Folder Copy Hook Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{0A082D00-EC93-11D0-B1E6-80580BC10627} "Corel Media Folder Root Menu Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)

{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - D:\Programme\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CrlShell.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop-Explorer" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll

{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} "Folder To Corel Media Folder Menu Handler" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFld80.dll

{8E524B0D-04F0-11D1-B74A-00A0C90646A4} "IconFactTemp.NSIconHandlerFactory" - "Corel Corporation" - C:\Corel\Graphics8\programs\CNSFlt80.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{2582A520-4E2C-11D0-944A-00608CB854B7} "Micrografx Designer Schnellansicht" - "Micrografx, Inc." - C:\WINDOWS\system32\fvds70.dll

{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll

{A2AC368A-F883-11D0-B745-00A0C90646A4} "NSFiltManDll.FiltManCom" - "Corel Corporation" - C:\Corel\Graphics8\programs\CNSFlt80.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL

{7FC7C9B0-FED7-11D1-8F70-00409524F097} "PackedImageFolder" - ? -   (File not found | COM-object registry key not found)

{2DC8E5F2-C89C-4730-82C9-19120DEE5B0A} "PDFTransformer3.PDFTContextMenu.1" - "ABBYY" - C:\Programme\ABBYY PDF Transformer 3.0\PDFTContextMenu.dll

{68f32140-2ca3-11d0-acc1-444553540000} "PicaView Shell Extension" - "ACD Systems, Ltd." - C:\Programme\ACD Systems\PicaView\Picaview.dll

{D0FAC080-AE1A-11ce-8016-CE90976DC901} "Picture Publisher File Viewer" - ? - C:\WINDOWS\system32\ppiv20.dll  (File found, but it contains no detailed information)

{F93F5F63-423F-11D2-8D61-00605206619F} "Search Result" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

{E0D79300-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll

{E0D79301-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll

{E0D79302-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

{B63FCD5A-2396-11D1-B762-00A0C90646A4} "{B63FCD5A-2396-11D1-B762-00A0C90646A4}" - "Corel Corporation" - C:\Corel\Graphics8\programs\CMFFnd80.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

{4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" - ? -   (File not found | COM-object registry key not found)

<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "a-squared Scanner" - "Emsi Software GmbH" - C:\WINDOWS\DOWNLO~1\asquared.ocx / hxxp://ax.emsisoft.com/asquared.cab

{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} "Java Plug-in 1.3.1" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\JavaSoft\JRE\1.3.1\bin\npjava131.dll / hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_16\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

{0DF86CB3-1923-11D5-B470-0050BA1B3C6F} "JpegServerPushControl Class" - "Convision Technology GmbH" - C:\WINDOWS\System32\CONVIS~1.DLL / hxxp://217.6.17.16/ConvisionVideo.cab

Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

{215B8138-A3CF-44C5-803F-8226143CFC0A} "Trend Micro ActiveX Scan Agent 6.6" - "Trend Micro Inc." - C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll / HouseCall - Free Online Virus Scan - Trend Micro USA

{51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} "Upload Control" - "WEB.DE AG" - C:\WINDOWS\DOWNLO~1\upload.ocx / https://img.web.de/v/fotoalbum/activex/upload_1111.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

{9F1C11AA-197B-4942-BA54-47A8489BB47F} "{9F1C11AA-197B-4942-BA54-47A8489BB47F}" - ? -   (File not found | COM-object registry key not found) / hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37782.2456365741

{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} "{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}" - "InstallShield Software Corporation" - C:\WINDOWS\DOWNLO~1\setup.exe / hxxp://62.131.75.242/webcl-10/wc_exec/setup.exe

{D27CDB6E-AE6D-11CF-96B8-444500000000} "{D27CDB6E-AE6D-11CF-96B8-444500000000}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} "WEB.DE Browser Configuration by mquadr.at" - "mquadr.at softwareengineering und consulting gmbh" - C:\WINDOWS\system32\ieconfig_1und1.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

{02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - ? - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll  (File not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"Acrobat Assistant.lnk" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe  (Shortcut exists | File exists)

"Verknüpfung mit ISDNMO32.lnk" - "Heuer Software" - C:\Monitor\ISDNMO32.EXE  (Shortcut exists | File exists)

"VR-NetWorld Auftragsprüfung.lnk" - "VR-NetWorld Software" - C:\Programme\VR-NetWorld\VRToolCheckOrder.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\DK-Sport\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c

"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"

"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background

"UIWatcher" - "ashampoo GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe

"Yahoo! Pager" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Ashampoo HDD Control Guard" - "Ashampoo Development GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"BrMfcWnd" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun

"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup

"IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"

"ISUSPM Startup" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup

"ISUSScheduler" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"

"PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"StarMoneyRunEntry" - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - "C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe"

"WireLessKeyboard" - ? - C:\Programme\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

"EPSON BiD Monitor1" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON2.DLL

"EPSON Stylus Photo R220 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBAIE.DLL

"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaColorMon.dll

"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll

"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaMon.dll

"MIMAKI Port Monitor2" - ? - MPMSERV_1.dll  (File not found)

"PDF-XChange4-ABBYY" - "Tracker Software Products Ltd." - C:\WINDOWS\system32\pxc40pma.dll

"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"RDGCOMMON Language Monitor" - "Roland DG Corporation" - C:\WINDOWS\system32\RDCOMMON.DLL

"RVS Fax Monitor" - "RVS Datentechnik GmbH, München" - C:\WINDOWS\system32\RVSMONNT.DLL

"STIKA Monitor" - "Roland DG Corporation" - C:\WINDOWS\system32\STIKAMON.DLL
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ABBYY PDF Transformer 3.0 - Lizenzierungsdienst" (ABBYY.Licensing.PDFTransformer.Classic.3.0) - "ABBYY" - C:\Programme\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe

"Defragmentation-Service" (DfSdkS) - "mst software GmbH, Germany" - C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe

"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"RVS Installer" (RVSINST) - "RVS Datentechnik GmbH, München" - C:\Programme\RVS\WCOM\SYSTEM\RVSINST.EXE

"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe

"StarMoney Business 4.0 OnlineUpdate" (StarMoney Business 4.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WRNotifier" - ? - WRLogonNTF.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Arne, wo bekomme ich Thunder. . . sicher her - und ohne Kosten möglichst?

Zitat:

Arne, wo bekomme ich Thunder. . . sicher her - und ohne Kosten möglichst?

Google ist dein Freund

SCNR http://www.trojaner-board.de/images/icons/icon32.gif

http://www.mozillamessaging.com/de/thunderbird/

:stirn:
bin halt schon was älter
aber benutze Google schon ab und an

werd ihn anschließend installieren und schaun ob ich klarkomme

Danke dir schon mal dafür, dass du mir auch sicher dabei ein paar tipps gibst Arne.:daumenhoc

Was ist mit GMER und dem Bootkit Remover?

GMER hat immer mittendrin aufgehört. hatte ich glaube schon geschrieben.

Bootki Remover hab ich wohl überlesen
hol es gleich nach