Arbeitsplatz öffnet sich von selbst

    Arbeitsplatz öffnet sich von selbst

    Hallo!!

    Ich hab seit einigen Tagen das Problem das sich der Arbeitsplatz wie von Geisterhand selbst öffnet, oft auch mehrfach hintereinander...
    Hab schon mit Antivir, spyboot,cccleaner alles durchsucht das Problem ist immer noch, vielleicht kann mir hier jemand helfen...:
    Habe das Hijack Logfile gleich mal drangehangen...:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:52:02, on 10.01.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir Desktop\sched.exe
    C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Programme\Avira\AntiVir Desktop\avguard.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    F:\Programme\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Programme\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Dokumente und Einstellungen\Lars\Lokale Einstellungen\Temp\nro.tmp\"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsup…eb_site.cab?1262888061359
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Update Service (gupdate1ca3e1f583c8530) (gupdate1ca3e1f583c8530) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

    --
    End of file - 5253 bytes

    Vielen Dank schonmal....!

    RE: Arbeitsplatz öffnet sich von selbst

    Original von bln_eddie
    Hallo!!

    Ich hab seit einigen Tagen das Problem das sich der Arbeitsplatz wie von Geisterhand selbst öffnet, oft auch mehrfach hintereinander...
    Hab schon mit Antivir, spyboot,cccleaner alles durchsucht das Problem ist immer noch, vielleicht kann mir hier jemand helfen...:
    Habe das Hijack Logfile gleich mal drangehangen...:



    Vielen Dank schonmal....!


    Hallo!

    Nun das Hijackthis log zeigt einen verdächtigen Eintrag.

    1. Bitte diese Datei bei VirusTotal überprüfen lassen:
    virustotal.com/de/

    "C:\Dokumente und Einstellungen\Lars\Lokale Einstellungen\Temp\nro.tmp\"

    Das Log dann hier rein kopieren.

    2. Lade dir Malwarebytes runter und führe einen "Full Scan" durch. "Remove All" Infektione löschen und das Log dann hier posten.
    malwarebytes.org/

    :tup: GAV.
    Hallo!

    Danke für die Antwort...

    Der verdächtige Eintrag ist nachdem ich Nero 9 deinstalliert habe fast verschwunden Habe den Rest mit Virustotal überprüft, hier der Log:
    File size: 6067496 bytes
    MD5...: 96bea1232c8b5e043476a75c6fd0ca60
    SHA1..: d3254edc468a06e8d4daef3f7d2e943ee678db7b
    SHA256: f4af0e6e5a0d9c621adcdb0155d90ad9f95c857bf96021b481cf71e451d1de38
    ssdeep: 49152:yczP9KJ2WxfUILPYWNNB/KmfxsE7OKEZW8SrSaSa2aT13W+WMv0BMZrrpR
    Z/5:1gJf1NB/KmpN7OvZWJSrbCL
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set
    -
    sigcheck:
    publisher....: Nero AG
    copyright....: Copyright 2009 Nero AG and its licensors
    product......: Nero Installer
    description..: Nero Installer
    original name: SetupX.exe
    internal name: SetupX.exe
    file version.: 4, 4, 18, 108
    comments.....: n/a
    signers......: Nero AG
    VeriSign Class 3 Code Signing 2004 CA
    Class 3 Public Primary Certification Authority
    signing date.: 2:55 PM 10/2/2009
    verified.....: -
    pdfid.: -
    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)

    Habe Hijjacklog nochmals durchgeführt, hier der Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:39:43, on 11.01.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir Desktop\sched.exe
    C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Avira\AntiVir Desktop\avguard.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Programme\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Dokumente und Einstellungen\Lars\Lokale Einstellungen\Temp\nro.tmp\"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsup…eb_site.cab?1262888061359
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Update Service (gupdate1ca3e1f583c8530) (gupdate1ca3e1f583c8530) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

    --
    End of file - 5220 bytes
    den malwar log mache ich gerade dat dauert noch nen bisschen, poste ich später hier rein...
    Hier nun der Malware Bericht:

    Malwarebytes' Anti-Malware 1.44
    Datenbank Version: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11.01.2010 18:46:16
    mbam-log-2010-01-11 (18-46-16).txt

    Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|)
    Durchsuchte Objekte: 241030
    Laufzeit: 1 hour(s), 7 minute(s), 30 second(s)

    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 0
    Infizierte Registrierungswerte: 0
    Infizierte Dateiobjekte der Registrierung: 3
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 0

    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungsschlüssel:
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungswerte:
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateiobjekte der Registrierung:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)
    *Edit by tomex030*

    Du kannst nicht ohne weiteres empfehlen alle Dienste und alles im Systemstart zu deaktivieren, unter Systemstart wird in der Regel z.B. die Firewall mitgeladen so wie das AV Programm.

    Ähnliches bei den Diensten, wenn der Rechner im Netzwerk läuft sind einige von denen wie NLA (Network Location Awareness), Server, SSDP-Suchdienst, Computerbrowser, Anmelde-Dienst für die Durchsatz-Authentifizierung z.B. äusserst wichtig, ähnliches bei Diensten wie Systemwiederherstellung, Terminaldienst, Windows Verwaltungsinstrumentation und die Verwaltung logischer Datenträger um nur einige zu nennen!
    Original von bln_eddie
    Hallo!

    Der verdächtige Eintrag ist nachdem ich Nero 9 deinstalliert habe fast verschwunden Habe den Rest mit Virustotal überprüft, hier der Log:
    .


    Hallo,

    die verdächtige Datei ist nicht "verschwunden". Der Log von VirusTotal ist unvollständig. Bitte das ganze Log posten.

    - Boote in den abgesicherten Modus, indem du beim Restart mehrmals die F8 Taste drückst. Im abgesicherten Modus scanne mit Hijackthis und fixe dann folgenden Eintrag: (Kästchen vor dem Eintrag ankreuzen und auf "fix checked" klicken)

    O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Dokumente und Einstellungen\Lars\Lokale Einstellungen\Temp\nro.tmp\"

    - Reboote in den norm. Modus und scanne dein System online mit Panda. Poste das Log.

    pandasecurity.com/activescan/i…ck=1&Lang=en-US&IdPais=63

    GAV.
    Hallo...

    Also habe alles so gemacht wie Du gesagt hast mit Hijack, dies ist der Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:19:21, on 15.01.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir Desktop\sched.exe
    C:\Programme\Google\Update\GoogleUpdate.exe
    C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Avira\AntiVir Desktop\avguard.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Programme\Google\Update\GoogleUpdate.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Programme\CyberLink\Shared Files\RichVideo.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe
    C:\Programme\Google\Update\GoogleUpdate.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsup…eb_site.cab?1262888061359
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Update Service (gupdate1ca3e1f583c8530) (gupdate1ca3e1f583c8530) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

    --
    End of file - 4984 bytes

    Die besagte Datei ist aber nicht mehr da.......
    Den Panda scan mache ich gerade, der dauert noch, poste dann das Log...
    Hier der Pandascan:

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2010-01-15 20:20:36
    PROTECTIONS: 1
    MALWARE: 2
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    AntiVir Desktop 9.0.1.32 Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\dokumente und einstellungen\lars\cookies\lars@doubleclick[1].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\dokumente und einstellungen\lars\cookies\lars@tradedoubler[1].txt
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    Yes f:\programme\zuma deluxe\zuma.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    Hey...

    Habe ich gemacht, hier der Logreport:

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2010/01/16 19:31
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: ACEDRV07.sys
    Image Path: C:\WINDOWS\system32\drivers\ACEDRV07.sys
    Address: 0xB878A000 Size: 401408 File Visible: - Signed: -
    Status: -

    Name: ACPI.sys
    Image Path: ACPI.sys
    Address: 0xF7357000 Size: 188800 File Visible: - Signed: -
    Status: -

    Name: ACPI_HAL
    Image Path: \Driver\ACPI_HAL
    Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
    Status: -

    Name: afd.sys
    Image Path: C:\WINDOWS\System32\drivers\afd.sys
    Address: 0xEBE82000 Size: 138496 File Visible: - Signed: -
    Status: -

    Name: atapi.sys
    Image Path: atapi.sys
    Address: 0xF72E9000 Size: 96512 File Visible: - Signed: -
    Status: -

    Name: atksgt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys
    Address: 0xB84DA000 Size: 274432 File Visible: - Signed: -
    Status: -

    Name: ATMFD.DLL
    Image Path: C:\WINDOWS\System32\ATMFD.DLL
    Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
    Status: -

    Name: audstub.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
    Address: 0xF7B97000 Size: 3072 File Visible: - Signed: -
    Status: -

    Name: avgio.sys
    Image Path: C:\Programme\Avira\AntiVir Desktop\avgio.sys
    Address: 0xF7A2D000 Size: 6144 File Visible: - Signed: -
    Status: -

    Name: avgntflt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    Address: 0xB87EC000 Size: 81920 File Visible: - Signed: -
    Status: -

    Name: avipbb.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
    Address: 0xEB6FA000 Size: 114688 File Visible: - Signed: -
    Status: -

    Name: Beep.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
    Address: 0xF7A17000 Size: 4224 File Visible: - Signed: -
    Status: -

    Name: BOOTVID.dll
    Image Path: C:\WINDOWS\system32\BOOTVID.dll
    Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
    Status: -

    Name: Cdfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
    Address: 0xEB986000 Size: 63744 File Visible: - Signed: -
    Status: -

    Name: cdrom.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
    Address: 0xF7507000 Size: 62976 File Visible: - Signed: -
    Status: -

    Name: CLASSPNP.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    Address: 0xF74C7000 Size: 53248 File Visible: - Signed: -
    Status: -

    Name: disk.sys
    Image Path: disk.sys
    Address: 0xF74B7000 Size: 36352 File Visible: - Signed: -
    Status: -

    Name: dmio.sys
    Image Path: dmio.sys
    Address: 0xF7301000 Size: 154112 File Visible: - Signed: -
    Status: -

    Name: dmload.sys
    Image Path: dmload.sys
    Address: 0xF798B000 Size: 5888 File Visible: - Signed: -
    Status: -

    Name: drmk.sys
    Image Path: C:\WINDOWS\system32\drivers\drmk.sys
    Address: 0xF432E000 Size: 61440 File Visible: - Signed: -
    Status: -

    Name: dump_diskdump.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
    Address: 0xED07B000 Size: 16384 File Visible: No Signed: -
    Status: -

    Name: dump_nvgts.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_nvgts.sys
    Address: 0xEB6B3000 Size: 118784 File Visible: No Signed: -
    Status: -

    Name: Dxapi.sys
    Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
    Address: 0xECEBB000 Size: 12288 File Visible: - Signed: -
    Status: -

    Name: dxg.sys
    Image Path: C:\WINDOWS\System32\drivers\dxg.sys
    Address: 0xBD000000 Size: 73728 File Visible: - Signed: -
    Status: -

    Name: dxgthk.sys
    Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
    Address: 0xF7AB2000 Size: 4096 File Visible: - Signed: -
    Status: -

    Name: ElbyCDFL.sys
    Image Path: C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
    Address: 0xF7827000 Size: 27392 File Visible: - Signed: -
    Status: -

    Name: ElbyCDIO.sys
    Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
    Address: 0xEEAE3000 Size: 18688 File Visible: - Signed: -
    Status: -

    Name: fdc.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
    Address: 0xF77FF000 Size: 27392 File Visible: - Signed: -
    Status: -

    Name: Fips.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
    Address: 0xEEB4D000 Size: 44672 File Visible: - Signed: -
    Status: -

    Name: flpydisk.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    Address: 0xF070E000 Size: 20480 File Visible: - Signed: -
    Status: -

    Name: fltmgr.sys
    Image Path: fltmgr.sys
    Address: 0xF7294000 Size: 129792 File Visible: - Signed: -
    Status: -

    Name: Fs_Rec.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
    Address: 0xF7A15000 Size: 7936 File Visible: - Signed: -
    Status: -

    Name: ftdisk.sys
    Image Path: ftdisk.sys
    Address: 0xF7327000 Size: 126336 File Visible: - Signed: -
    Status: -

    Name: hal.dll
    Image Path: C:\WINDOWS\system32\hal.dll
    Address: 0x806E5000 Size: 134400 File Visible: - Signed: -
    Status: -

    Name: HDAudBus.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    Address: 0xF6DFF000 Size: 163840 File Visible: - Signed: -
    Status: -

    Name: HIDCLASS.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
    Address: 0xEBD57000 Size: 36864 File Visible: - Signed: -
    Status: -

    Name: HIDPARSE.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
    Address: 0xEF119000 Size: 28672 File Visible: - Signed: -
    Status: -

    Name: hidusb.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
    Address: 0xED68A000 Size: 10368 File Visible: - Signed: -
    Status: -

    Name: HPZid412.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    Address: 0xEBD47000 Size: 50848 File Visible: - Signed: -
    Status: -

    Name: HPZipr12.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    Address: 0xED097000 Size: 16224 File Visible: - Signed: -
    Status: -

    Name: HPZius12.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    Address: 0xED7D2000 Size: 21472 File Visible: - Signed: -
    Status: -

    Name: HTTP.sys
    Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
    Address: 0xB7F1F000 Size: 265728 File Visible: - Signed: -
    Status: -

    Name: i8042prt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    Address: 0xF76E7000 Size: 52992 File Visible: - Signed: -
    Status: -

    Name: imapi.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
    Address: 0xF74F7000 Size: 42112 File Visible: - Signed: -
    Status: -

    Name: ipnat.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
    Address: 0xEBEA4000 Size: 152832 File Visible: - Signed: -
    Status: -

    Name: ipsec.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
    Address: 0xEBFA4000 Size: 75264 File Visible: - Signed: -
    Status: -

    Name: isapnp.sys
    Image Path: isapnp.sys
    Address: 0xF7487000 Size: 37632 File Visible: - Signed: -
    Status: -

    Name: kbdclass.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    Address: 0xF7807000 Size: 25216 File Visible: - Signed: -
    Status: -

    Name: kbdhid.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    Address: 0xED672000 Size: 14720 File Visible: - Signed: -
    Status: -

    Name: KDCOM.DLL
    Image Path: C:\WINDOWS\system32\KDCOM.DLL
    Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
    Status: -

    Name: kmixer.sys
    Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
    Address: 0xB5F06000 Size: 172416 File Visible: - Signed: -
    Status: -

    Name: ks.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
    Address: 0xF6DC4000 Size: 143360 File Visible: - Signed: -
    Status: -

    Name: KSecDD.sys
    Image Path: KSecDD.sys
    Address: 0xF726B000 Size: 92928 File Visible: - Signed: -
    Status: -

    Name: lirsgt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
    Address: 0xF7777000 Size: 18560 File Visible: - Signed: -
    Status: -

    Name: mchInjDrv.sys
    Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
    Address: 0xF7B56000 Size: 2560 File Visible: No Signed: -
    Status: -

    Name: mnmdd.SYS
    Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
    Address: 0xF7A19000 Size: 4224 File Visible: - Signed: -
    Status: -

    Name: mouclass.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
    Address: 0xF780F000 Size: 23552 File Visible: - Signed: -
    Status: -

    Name: mouhid.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
    Address: 0xED66E000 Size: 12288 File Visible: - Signed: -
    Status: -

    Name: MountMgr.sys
    Image Path: MountMgr.sys
    Address: 0xF7497000 Size: 42368 File Visible: - Signed: -
    Status: -

    Name: mrxsmb.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    Address: 0xEBDE7000 Size: 455296 File Visible: - Signed: -
    Status: -

    Name: Msfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
    Address: 0xEF109000 Size: 19072 File Visible: - Signed: -
    Status: -

    Name: msgpc.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
    Address: 0xF7567000 Size: 35072 File Visible: - Signed: -
    Status: -

    Name: mssmbios.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    Address: 0xF6E6F000 Size: 15488 File Visible: - Signed: -
    Status: -

    Name: Mup.sys
    Image Path: Mup.sys
    Address: 0xF7197000 Size: 105344 File Visible: - Signed: -
    Status: -

    Name: NDIS.sys
    Image Path: NDIS.sys
    Address: 0xF71B1000 Size: 182656 File Visible: - Signed: -
    Status: -

    Name: ndistapi.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    Address: 0xF7153000 Size: 10112 File Visible: - Signed: -
    Status: -

    Name: ndisuio.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    Address: 0xEB7B7000 Size: 14592 File Visible: - Signed: -
    Status: -

    Name: ndiswan.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    Address: 0xF64CE000 Size: 91520 File Visible: - Signed: -
    Status: -

    Name: NDProxy.SYS
    Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
    Address: 0xF431E000 Size: 40576 File Visible: - Signed: -
    Status: -

    Name: netbios.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
    Address: 0xEEB5D000 Size: 34688 File Visible: - Signed: -
    Status: -

    Name: netbt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
    Address: 0xEBED4000 Size: 162816 File Visible: - Signed: -
    Status: -

    Name: Npfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
    Address: 0xEF101000 Size: 30848 File Visible: - Signed: -
    Status: -

    Name: Ntfs.sys
    Image Path: Ntfs.sys
    Address: 0xF71DE000 Size: 574976 File Visible: - Signed: -
    Status: -

    Name: ntkrnlpa.exe
    Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
    Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
    Status: -

    Name: Null.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
    Address: 0xEFBCA000 Size: 2944 File Visible: - Signed: -
    Status: -

    Name: nv4_disp.dll
    Image Path: C:\WINDOWS\System32\nv4_disp.dll
    Address: 0xBD012000 Size: 5898240 File Visible: - Signed: -
    Status: -

    Name: nv4_mini.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    Address: 0xF64F9000 Size: 8055584 File Visible: - Signed: -
    Status: -

    Name: NVENETFD.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    Address: 0xF2583000 Size: 57856 File Visible: - Signed: -
    Status: -

    Name: nvgts.sys
    Image Path: nvgts.sys
    Address: 0xF72CC000 Size: 118784 File Visible: - Signed: -
    Status: -

    Name: nvnetbus.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    Address: 0xF7527000 Size: 40960 File Visible: - Signed: -
    Status: -

    Name: NVNRM.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
    Address: 0xF6CA8000 Size: 1163264 File Visible: - Signed: -
    Status: -

    Name: parport.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
    Address: 0xF6E4B000 Size: 80384 File Visible: - Signed: -
    Status: -

    Name: PartMgr.sys
    Image Path: PartMgr.sys
    Address: 0xF770F000 Size: 19712 File Visible: - Signed: -
    Status: -

    Name: ParVdm.SYS
    Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
    Address: 0xED15D000 Size: 7040 File Visible: - Signed: -
    Status: -

    Name: pavboot.sys
    Image Path: pavboot.sys
    Address: 0xF7717000 Size: 21888 File Visible: - Signed: -
    Status: -

    Name: pci.sys
    Image Path: pci.sys
    Address: 0xF7346000 Size: 68224 File Visible: - Signed: -
    Status: -

    Name: pciide.sys
    Image Path: pciide.sys
    Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
    Status: -

    Name: PCIIDEX.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
    Status: -

    Name: pcouffin.sys
    Image Path: C:\WINDOWS\System32\Drivers\pcouffin.sys
    Address: 0xF7577000 Size: 47360 File Visible: - Signed: -
    Status: -

    Name: PCTCore.sys
    Image Path: C:\WINDOWS\system32\drivers\PCTCore.sys
    Address: 0xB6887000 Size: 143360 File Visible: No Signed: -
    Status: -

    Name: PnpManager
    Image Path: \Driver\PnpManager
    Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
    Status: -

    Name: portcls.sys
    Image Path: C:\WINDOWS\system32\drivers\portcls.sys
    Address: 0xEF4C5000 Size: 147456 File Visible: - Signed: -
    Status: -

    Name: processr.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
    Address: 0xF76D7000 Size: 39936 File Visible: - Signed: -
    Status: -

    Name: psched.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
    Address: 0xF64BD000 Size: 69120 File Visible: - Signed: -
    Status: -

    Name: ptilink.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
    Address: 0xF7837000 Size: 17792 File Visible: - Signed: -
    Status: -

    Name: rasacd.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
    Address: 0xEF996000 Size: 8832 File Visible: - Signed: -
    Status: -

    Name: rasl2tp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    Address: 0xF7537000 Size: 51328 File Visible: - Signed: -
    Status: -

    Name: raspppoe.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    Address: 0xF7547000 Size: 41472 File Visible: - Signed: -
    Status: -

    Name: raspptp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
    Address: 0xF7557000 Size: 48384 File Visible: - Signed: -
    Status: -

    Name: raspti.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
    Address: 0xF783F000 Size: 16512 File Visible: - Signed: -
    Status: -

    Name: RAW
    Image Path: \FileSystem\RAW
    Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
    Status: -

    Name: rdbss.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
    Address: 0xEBE57000 Size: 175744 File Visible: - Signed: -
    Status: -

    Name: RDPCDD.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
    Address: 0xF7A1B000 Size: 4224 File Visible: - Signed: -
    Status: -

    Name: rdpdr.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    Address: 0xF648D000 Size: 196224 File Visible: - Signed: -
    Status: -

    Name: redbook.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
    Address: 0xF7517000 Size: 57728 File Visible: - Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xB8258000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: RtkHDAud.sys
    Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
    Address: 0xEF4E9000 Size: 4804608 File Visible: - Signed: -
    Status: -

    Name: SCSIPORT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    Address: 0xF72B4000 Size: 98304 File Visible: - Signed: -
    Status: -

    Name: serenum.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
    Address: 0xF715F000 Size: 15744 File Visible: - Signed: -
    Status: -

    Name: serial.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
    Address: 0xF76F7000 Size: 65536 File Visible: - Signed: -
    Status: -

    Name: sr.sys
    Image Path: sr.sys
    Address: 0xF7282000 Size: 73472 File Visible: - Signed: -
    Status: -

    Name: srv.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
    Address: 0xB8410000 Size: 333952 File Visible: - Signed: -
    Status: -

    Name: ssmdrv.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    Address: 0xEF0F9000 Size: 23040 File Visible: - Signed: -
    Status: -

    Name: swenum.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
    Address: 0xF79BF000 Size: 4352 File Visible: - Signed: -
    Status: -

    Name: sysaudio.sys
    Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
    Address: 0xF63FF000 Size: 60800 File Visible: - Signed: -
    Status: -

    Name: tcpip.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
    Address: 0xEBF4B000 Size: 361600 File Visible: - Signed: -
    Status: -

    Name: TDI.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
    Address: 0xF782F000 Size: 20480 File Visible: - Signed: -
    Status: -

    Name: termdd.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
    Address: 0xF7587000 Size: 40704 File Visible: - Signed: -
    Status: -

    Name: TuneUpUtilitiesDriver32.sys
    Image Path: C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
    Address: 0xED86D000 Size: 3328 File Visible: - Signed: -
    Status: -

    Name: update.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
    Address: 0xF642F000 Size: 384768 File Visible: - Signed: -
    Status: -

    Name: usbccgp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    Address: 0xECB3A000 Size: 32128 File Visible: - Signed: -
    Status: -

    Name: USBD.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
    Address: 0xF7A01000 Size: 8192 File Visible: - Signed: -
    Status: -

    Name: usbehci.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
    Address: 0xF781F000 Size: 30208 File Visible: - Signed: -
    Status: -

    Name: usbhub.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
    Address: 0xF25D3000 Size: 59520 File Visible: - Signed: -
    Status: -

    Name: usbohci.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
    Address: 0xF7817000 Size: 17152 File Visible: - Signed: -
    Status: -

    Name: USBPORT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
    Address: 0xF6E27000 Size: 147456 File Visible: - Signed: -
    Status: -

    Name: usbprint.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
    Address: 0xED7DA000 Size: 25856 File Visible: - Signed: -
    Status: -

    Name: USBSTOR.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    Address: 0xED7CA000 Size: 26368 File Visible: - Signed: -
    Status: -

    Name: vga.sys
    Image Path: C:\WINDOWS\System32\drivers\vga.sys
    Address: 0xEF111000 Size: 20992 File Visible: - Signed: -
    Status: -

    Name: VIDEOPRT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
    Address: 0xF64E5000 Size: 81920 File Visible: - Signed: -
    Status: -

    Name: VolSnap.sys
    Image Path: VolSnap.sys
    Address: 0xF74A7000 Size: 53760 File Visible: - Signed: -
    Status: -

    Name: wanarp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
    Address: 0xEEB6D000 Size: 34560 File Visible: - Signed: -
    Status: -

    Name: watchdog.sys
    Image Path: C:\WINDOWS\System32\watchdog.sys
    Address: 0xED7AA000 Size: 20480 File Visible: - Signed: -
    Status: -

    Name: wdmaud.sys
    Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
    Address: 0xB86FD000 Size: 83072 File Visible: - Signed: -
    Status: -

    Name: Win32k
    Image Path: \Driver\Win32k
    Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
    Status: -

    Name: win32k.sys
    Image Path: C:\WINDOWS\System32\win32k.sys
    Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
    Status: -

    Name: WMILIB.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
    Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
    Status: -

    Name: WMIxWDM
    Image Path: \Driver\WMIxWDM
    Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
    Status: -

    Ein Kumpel von mir meinte das es evtl. an der Funk-Maus/Tastatur liegen könnte, is da was dran??

    Vielen Dank für Deine Hilfe beim schreiben öffnete sich der Arbeitsplatz jetzt 4x.....
    Original von bln_eddie
    Hey...


    Ein Kumpel von mir meinte das es evtl. an der Funk-Maus/Tastatur liegen könnte, is da was dran??

    Vielen Dank für Deine Hilfe beim schreiben öffnete sich der Arbeitsplatz jetzt 4x.....


    Du hast hier nur die Drivers aufgelistet/gescannt. :sure:

    Das Problem hat aber, soweit ich das beurteilen kann, nichts mit Malware zu tun.
    Mache eine Systemwiederherstellung und stelle das System auf ein Datum zurück bevor diese Probleme auftauchten.
    Start/Alle Programme/Zubehör/Systemprogramme/Systemwiederherstellung.

    Kann ein Hardwarefehler sein,ja. Hast du dir irgendwelche neue Hardware/Software installiert bevor das Problem auftauchte? Wenn ja, kann es damit zusammenhängen.

    GAV.