Trojan.Win32.StartPage.adh

#1 Hallo und einen lieben Gruß an alle fleissigen Helfer hier.
Ich habe mir den im Betreff genannten Trojaner eingefangen. Ich habe hier reichlich Vorschläge zur Beseitigung gefunden, doch funktioniert hat leider keiner zu 100%. Wenn ich alles abgearbeitet habe und hinterher einen Scan mit PestPatrol mache wird er wieder gefunden. Teilweise läuft mein Browser wieder besser, ich kann wieder alle Seiten aufrufen und in der Taskleiste erscheint nicht mehr der nervige Aufruf "Your PC ist infected". Doch das dieses Mistding immer noch gefunden macht mich nun unsicher.

Ich habe folgenden Artikel gelesen und abgearbeitet: http://board.protecus.de/t20353.htm

Hierbei habe ich ein Problem festgestellt: Die Datei "mcor.reg" kann ich vom Desktop aus nicht ausführen, bekomme eine Fehlermeldung "Sie besitzen nicht ausreichend berechtigungen..."

In jedem anderem Ordner funktioniert sie. Bin auf XP Home als Admin angemeldet und habe die Zugriffsrechte kontroliert, alles in Ordnung...

Hier mal alle Textdateien nach meinen Versuchen:

Verzeichnis von C:\WINDOWS\system32

16.12.2005 12:09 192 ncompat.tlb
16.12.2005 11:02 35.874 vsconfig.xml
16.12.2005 11:00 24.064 ld7559.tmp
15.12.2005 12:48 36.864 intercept.dll
15.12.2005 10:01 9.784 mssearchnet.exe
15.12.2005 09:59 12.598 wpa.dbl
13.12.2005 14:50 14.536 mscornet.exe
12.12.2005 08:40 6.144 Thumbs.db
08.12.2005 16:25 2.723.680 MRT.exe
05.12.2005 21:17 381.890 perfh009.dat
05.12.2005 21:17 392.756 perfh007.dat
05.12.2005 21:17 53.634 perfc009.dat
05.12.2005 21:17 64.650 perfc007.dat
05.12.2005 21:17 877.260 PerfStringBackup.INI
05.12.2005 10:15 4.212 zllictbl.dat
03.12.2005 15:47 229.592 FNTCACHE.DAT
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 00:58 3.013.632 mshtml.dll
24.11.2005 00:58 1.022.464 browseui.dll
15.11.2005 00:51 71.440 zlcommdb.dll
15.11.2005 00:51 79.624 zlcomm.dll
15.11.2005 00:51 100.104 vsxml.dll
15.11.2005 00:51 382.728 vsutil.dll
15.11.2005 00:51 71.440 vsregexp.dll
15.11.2005 00:50 227.088 vspubapi.dll
15.11.2005 00:50 104.208 vsmonapi.dll
15.11.2005 00:50 141.064 vsinit.dll
15.11.2005 00:50 372.816 vsdatant.sys
15.11.2005 00:50 83.720 vsdata.dll
15.11.2005 00:34 54.960 vsutil_loc0407.dll
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 55.808 extmgr.dll
21.10.2005 04:40 152.064 cdfview.dll
21.10.2005 04:40 205.312 dxtrans.dll
21.10.2005 04:40 251.392 iepeers.dll
20.10.2005 23:25 1.094.144 esent.dll
13.10.2005 00:15 15.584 spmsg.dll
09.10.2005 09:14 1.536 TrueSoft.dat
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys
23.09.2005 04:06 8.491.520 shell32.dll
14.09.2005 20:17 53.248 pxhpinst.exe
10.09.2005 02:54 2.067.968 cdosys.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
30.08.2005 04:55 1.292.800 quartz.dll
28.08.2005 10:20 100 LuResult.txt
23.08.2005 04:39 124.416 umpnpmgr.dll
22.08.2005 19:31 197.632 netman.dll
03.08.2005 09:33 520.456 LegitCheckControl.DLL
-------------------------------------------------------------
Verzeichnis von C:\DOKUME~1\Andy\LOKALE~1\Temp

16.12.2005 11:59 32 PPGUID.txt
16.12.2005 11:01 32.768 ~DF62B0.tmp
16.12.2005 11:01 204 jusched.log
16.12.2005 10:41 32.768 ~DFE1B4.tmp
4 Datei(en) 65.772 Bytes
0 Verzeichnis(se), 5.152.583.680 Bytes frei
-----------------------------------------------------------------

Verzeichnis von C:\WINDOWS

16.12.2005 11:00 1.747.769 WindowsUpdate.log
16.12.2005 11:00 159 wiadebug.log
16.12.2005 11:00 50 wiaservc.log
16.12.2005 10:59 0 0.log
16.12.2005 10:59 2.048 bootstat.dat
16.12.2005 10:58 32.574 SchedLgU.Txt
16.12.2005 10:49 215.628 setupact.log
16.12.2005 10:09 34.814 wmsetup.log
16.12.2005 09:50 918.242 ntbtlog.txt
16.12.2005 08:01 84.604 setupapi.log
16.12.2005 07:48 292 SYSTEM.INI
16.12.2005 07:48 1.452 WIN.INI
15.12.2005 13:32 0 PestPatrol5.INI
15.12.2005 12:48 36.864 intercept.dll
15.12.2005 10:57 4 num41.jbd
15.12.2005 10:57 4 data4711.bak
15.12.2005 10:57 4 info147.sys
15.12.2005 09:52 113.086 iis6.log
15.12.2005 09:52 264.051 comsetup.log
15.12.2005 09:52 169.037 ntdtcsetup.log
15.12.2005 09:52 327.623 tsoc.log
15.12.2005 09:52 1.393 imsins.log
15.12.2005 09:52 36.645 ocmsn.log
15.12.2005 09:52 17.815 KB905915.log
15.12.2005 09:52 494.868 ocgen.log
15.12.2005 09:52 42.015 msgsocm.log
15.12.2005 09:52 805.662 FaxSetup.log
15.12.2005 09:52 21.801 updspapi.log
15.12.2005 09:51 1.393 imsins.BAK
15.12.2005 09:51 7.231 KB910437.log
14.12.2005 08:13 6.656 Thumbs.db
12.12.2005 01:08 173 cdplayer.ini
05.12.2005 21:44 2.902 COM+.log
03.12.2005 15:27 11.839 KB896424.log
30.11.2005 22:31 2.312 discwriter.log
30.11.2005 22:31 0 OrangeBurn.log
06.11.2005 10:01 192 winamp.ini
06.11.2005 09:25 23.196 KB901017.log
06.11.2005 09:25 25.518 KB902400.log
06.11.2005 09:24 15.950 KB896688.log
06.11.2005 09:24 14.113 KB905414.log
06.11.2005 09:24 13.865 KB900725.log
06.11.2005 09:23 11.234 KB904706.log
06.11.2005 09:23 11.920 KB905749.log
06.11.2005 09:05 139 accessdll.log
06.11.2005 08:26 22.342 KB899587.log
06.11.2005 08:26 21.444 KB896422.log
06.11.2005 08:26 21.826 KB899591.log
06.11.2005 08:25 21.923 KB893756.log
06.11.2005 08:25 20.508 KB896423.log
06.11.2005 08:25 22.007 KB896727.log
06.11.2005 08:24 17.051 KB896358.log
06.11.2005 08:23 16.959 KB901214.log
06.11.2005 08:23 16.697 KB899588.log
06.11.2005 08:22 15.827 KB893086.log
06.11.2005 08:22 14.919 KB896428.log
06.11.2005 08:22 15.579 KB894391.log
06.11.2005 08:21 15.425 KB890859.log
06.11.2005 08:21 0 setuperr.log
06.11.2005 07:53 105 avmsysnet.log
06.11.2005 07:52 1.539 avmadd32.log
12.10.2005 17:54 147 RtlRack.ini
09.10.2005 09:43 16.906 ModemLog_HSP56 MR.txt
17.09.2005 07:58 659 3dstate.log
17.09.2005 07:56 6.029 card3d.txt
17.09.2005 07:56 42 error.log
-----------------------------------------------------------------------

Verzeichnis von C:\

16.12.2005 12:13 0 sys.txt
16.12.2005 12:12 13.753 system.txt
16.12.2005 12:11 425 systemtemp.txt
16.12.2005 12:09 108.698 system32.txt
16.12.2005 10:59 534.302.720 hiberfil.sys
16.12.2005 10:59 805.306.368 pagefile.sys
16.12.2005 10:49 1.366 smitfiles.txt
16.12.2005 07:48 211 boot.ini
11.02.2005 08:22 5.120 Thumbs.db
08.02.2005 14:11 47.564 NTDETECT.COM
08.02.2005 14:11 251.184 ntldr
11.07.2004 16:18 13.030 PDOXUSRS.NET
02.05.2004 14:40 15 mandant.ini
29.09.2003 14:51 201 DMF2_WKLog.txt
29.01.2003 09:35 345 IPH.PH
29.01.2003 09:15 0 MSDOS.SYS
29.01.2003 09:15 0 CONFIG.SYS
29.01.2003 09:15 0 AUTOEXEC.BAT
29.01.2003 09:15 0 IO.SYS
29.08.2002 13:00 4.952 bootfont.bin
05.01.2002 03:40 487.424 msvcp70.dll
05.01.2002 03:37 344.064 msvcr70.dll
16.09.2001 16:39 1.024 b4

-----------------------------------------------------------------

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "mscornet.exe" [null data]
"kernel32.dll" = "C:\WINDOWS\system32\mssearchnet.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"PCTVOICE" = "pctspk.exe" [empty string]
"pdfFactory Pro Dispatcher v1" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" ["FinePrint Software, LLC"]
"REGSHAVE" = "C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
"PSDrvCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe" [empty string]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"AVGCtrl" = ""C:\Programme\Virenscanner\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"WinampAgent" = "C:\Programme\Audio\Winamp\winampa.exe" [null data]
"Zone Labs Client" = "C:\Programme\Firewall\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"WinAntiSpyware 2005" = "C:\Programme\WinAntiSpyware 2005\was5.exe" [file not found]
"eTrustPPAP" = ""C:\Programme\eTrust PestPatrol\PPActiveDetection.exe"" ["Computer Associates"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
\StubPath = "rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PACKER\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PACKER\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PACKER\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PACKER\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{49707377-6974-6368-2E4A-756E6F644A01}" = "WS_FTP Pro Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\Dokumente und Einstellungen\Andy\Webprogrammierung\Programme\FTP\WS_FTP\ftpproex.dll" ["Ipswitch, Inc. 81 Hartwell Ave, Lexington MA"]
"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{a90d5ea3-a1d7-11cf-8dc1-00805fc2353f}" = "FS Explorer Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ENCODI~1\fsexpext.dll" ["Funduc Software Inc. http://www.funduc.com"]
"{1C071B19-C260-41C8-BFC1-4B1353203678}" = "bxFP"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FOLDER~1\FPShell.dll" [file not found]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Virenscanner\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
FS Explorer Extensions\(Default) = "{a90d5ea3-a1d7-11cf-8dc1-00805fc2353f}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ENCODI~1\fsexpext.dll" ["Funduc Software Inc. http://www.funduc.com"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Packer\Powarc\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PACKER\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PACKER\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Virenscanner\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
FS Explorer Extensions\(Default) = "{a90d5ea3-a1d7-11cf-8dc1-00805fc2353f}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ENCODI~1\fsexpext.dll" ["Funduc Software Inc. http://www.funduc.com"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Packer\Powarc\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PACKER\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Startup items in "Andy" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\Andy\Startmenü\Programme\Autostart
"FRITZ!DSL Protect" -> shortcut to: "C:\Programme\FRITZ!DSL\FwebProt.exe" ["AVM Berlin"]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
" Gigaset WLAN Adapter Monitor" -> shortcut to: "C:\Programme\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe" [empty string]
"Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"FRITZ!DSL Startcenter" -> shortcut to: "C:\Programme\FRITZ!DSL\StCenter.exe" ["AVM Berlin"]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Programme\FRITZ!DSL\sarah.dll" ["AVM Berlin"]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Programme\FRITZ!DSL\sarah.dll ["AVM Berlin"], 01 - 03, 28
%SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 27
%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."]

{5A62567B-9F3A-468A-8200-E7D33EA8845B}\
"ButtonText" = "ArchiCrypt Stealth"
"Exec" = "C:\Programme\ArchiCrypt Stealth 3\ACStealth3.exe" ["Softwareentwicklung Remus"]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.tiscali.de

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\PROGRAMME\VIRENSCANNER\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\Virenscanner\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVM IGD CTRL Service, AVM IGD CTRL Service, "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" ["AVM Berlin"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
FPP1:\Driver = "fppmon1.dll" ["FinePrint Software, LLC"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 30 seconds, including 7 seconds for message boxes)

Hat jemand eine Idee wie ich dieses Problem lösen kann? Ich danke allen im voraus und viele Grüße