| |
| |||||||
Log-Analyse und Auswertung: Probleme mit Taskleiste, Tastatur und Internet ExplorerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.07.2010, 17:17
| #1 |
 |  Probleme mit Taskleiste, Tastatur und Internet Explorer Hallo, Freunde, bevor ich meine Probleme schildere kommt erst mal der Log. Code:
ATTFilter Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21.07.2010 17:49:39
mbam-log-2010-07-21 (17-49-34).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 112762
Laufzeit: 10 minute(s), 54 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:33:56, on 21.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Samsung\Samsung EDS\EDSAgent.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Programme\Samsung\DisplayManager\DisplayManager.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\DOKUME~1\ANNEMA~1\LOKALE~1\Temp\Xdx.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Samsung\DisplayManager\dmhkcore.exe C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Programme\Lexmark X1100 Series\lxbkbmon.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Brother\ControlCenter3\brccMCtl.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe C:\Programme\Brother\Brmfcmon\BrMfcmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads\HiJackThis204.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.web.de/tab2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [DMHotKey] C:\Programme\Samsung\DisplayManager\DMLoader.exe O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DisplayManager.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2007_2008\TrayServer.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOKUME~1\ANNEMA~1\LOKALE~1\Temp\Xdx.exe O4 - HKCU\..\Run: [{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C}] C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Xayfub\eqna.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 7.0; Win32; WEB.DE); Mozilla/4.0 (compatible; MSIE 8.0; Win32; WEB.DE); (webde/1.1.0.21); .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: sisytj32.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - hxxp://www.schueler.cc/uploader/ImageUploader5.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20080128-1 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080125-1 O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - hxxp://www.lokalisten.de/iup/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Telefonie TapiSrvJavaQuickStarterService (TapiSrvJavaQuickStarterService) - Unknown owner - C:\WINDOWS\system32\aaaamono.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 17727 bytes |
|
22.07.2010, 15:42
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Probleme mit Taskleiste, Tastatur und Internet ExplorerZitat:
__________________ |
|
22.07.2010, 16:10
| #3 |
| | Probleme mit Taskleiste, Tastatur und Internet Explorer Natürlich:
__________________meine Taskleiste stürzt regelmäßig ab. Erst ist alles ganz normal und dann irgendwann laden meine Seiten in firefox nicht mehr, ich klick auf die Taskleiste und sie reagiert nicht. Das ist im Moment mein größtes Problem. Ich kann meinen Computer dann auch nicht mehr runterfahren. Ich drücke halt auf ausschalten (Windows XP) und er zeigt mir meinen Desktophintergrund an, fährt aber nicht runter. |
|
22.07.2010, 16:15
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Taskleiste, Tastatur und Internet ExplorerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.07.2010, 22:23
| #5 |
| | Probleme mit Taskleiste, Tastatur und Internet Explorer Nach 2 Stunden, 15 Minuten Scan und 7 infizierten Objekten ist die Taskleiste wieder abgestürzt, wo der Scanner drin war, den ich dann nicht mehr aufrufen konnte. Reicht auch der QuickScan? Eben ist etwas ganz komisches passiert, meine Fenter haben alle geflacktert, ich hab´ den Taskmanager aufgerufen, der hat was aus System 32 angezeigt, cmd.exe oder so ähnlich, und in der Taskleiste hat sich ein kleines :\C Symbol langsam nach rechts bewegt. Was ist das denn schon wieder? Und mal theoretisch wenn der Scan abgeschlossen ist, was mache ich dann eigentlich? |
|
22.07.2010, 22:39
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Taskleiste, Tastatur und Internet Explorer Dann mach erst den Quickscan aber mit aktuellen Signaturen.
__________________ --> Probleme mit Taskleiste, Tastatur und Internet Explorer |
|
23.07.2010, 15:32
| #7 |
| | Probleme mit Taskleiste, Tastatur und Internet Explorer Ich hab geupdatet und durchlaufen lassen, nun ist er fertig. Logdatei sieht so aus: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4340
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23.07.2010 16:31:09
mbam-log-2010-07-23 (16-31-09).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135392
Laufzeit: 14 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14
Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Temp\Xdx.exe (Trojan.FraudPack) -> No action taken.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FraudPack) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Temp\Xdx.exe (Trojan.FraudPack) -> No action taken.
C:\WINDOWS\system32\01.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\yicfphjgxa.exe (BackDoor.Bebloh) -> No action taken.
C:\WINDOWS\system32\drivers\mwkzo.sys (Rootkit.Bubnix) -> No action taken.
C:\WINDOWS\Xwifya.exe (Trojan.FraudPack) -> No action taken.
C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Temp\pdfupd.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\******\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\*******\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> No action taken.
C:\Dokumente und Einstellungen\*******\Startmenü\Programme\Autostart\sisytj32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4340
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23.07.2010 16:40:10
mbam-log-2010-07-23 (16-40-10).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135392
Laufzeit: 14 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14
Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Temp\Xdx.exe (Trojan.FraudPack) -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FraudPack) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\********\Lokale Einstellungen\Temp\Xdx.exe (Trojan.FraudPack) -> Delete on reboot.
C:\WINDOWS\system32\01.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yicfphjgxa.exe (BackDoor.Bebloh) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mwkzo.sys (Rootkit.Bubnix) -> Delete on reboot.
C:\WINDOWS\Xwifya.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Temp\pdfupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\*******\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\******\Startmenü\Programme\Autostart\sisytj32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Geändert von Annemie (23.07.2010 um 15:43 Uhr) |
|
23.07.2010, 17:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Taskleiste, Tastatur und Internet Explorer Dann probier mal jetzt den Vollscan.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.07.2010, 21:42
| #9 |
| | Probleme mit Taskleiste, Tastatur und Internet Explorer Ist soeben durch, bevor ich neustarte, hier der Bericht: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4342
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23.07.2010 22:41:17
mbam-log-2010-07-23 (22-41-17).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 286666
Laufzeit: 2 Stunde(n), 2 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\System Volume Information\_restore{8E883BB6-10EF-46BC-97A5-3B1F80F27160}\RP34\A0083688.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mwkzo.sys (Rootkit.Bubnix) -> Delete on reboot.
__________________ To-Do-Liste: • retten, was zu retten ist |
|
23.07.2010, 22:01
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Taskleiste, Tastatur und Internet Explorer Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.07.2010, 00:45
| #11 |
| | Probleme mit Taskleiste, Tastatur und Internet Explorer Geschehen: Code:
ATTFilter OTL Extras logfile created on: 24.07.2010 01:37:50 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 104,68 Gb Total Space | 45,65 Gb Free Space | 43,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANNEMARIE
Current User Name: Annemarie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"4274:TCP" = 4274:TCP:*:Enabled:sayzcxb
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"(T)Raumschiff Surprise Periode 1 - Bildschirmschoner" = (T)Raumschiff Surprise Periode 1 - Bildschirmschoner
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager
"{17CA6206-7109-4426-8EE0-1BD0BE54BCC9}" = Management Center
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}" = Moorhuhn Total
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Magic Doctor
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48118C84-264D-4D5F-BA66-A34920096995}" = Sven Kommt
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{513AEC24-3465-8C4F-87BA-652D6F491031}" = Nero 7 Demo
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5DC02603-6642-11D3-80AC-00C04F348408}" = Word in Works Suite-Add-In
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{6FF1763A-35B2-4DF5-AB57-AB5613AFBAE0}" = (T)Raumschiff Surprise - Periode 1 - XXL
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{796202A7-F026-4223-9737-F18EC591164B}" = FormatFactory
"{7A2FD295-38D2-4AAF-BF41-2C95EBB96126}" = Moorhuhn Kart 2 XXL
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9781A96F-71AC-4738-984B-5AB597DFE678}" = WER WIRD MILLIONÄR VIERTE EDITION
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter und der Feuerkelch™
"{9B2B0EAD-2CC7-4589-B3AA-D23BAB724065}" = CDRWIN
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter und der Gefangene von Askaban(TM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{B18B7901-4025-4BFF-9DA2-BCC45F594DE2}" = Atheros WLAN Client
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43131EA-D0F7-4E5B-81D8-E1BDD303639F}" = neoDVDstandard
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E12DA139-1E5B-46DB-BAEA-683DC9F27CBC}" = ATI Catalyst Control Center
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"3DJongg" = 3DJongg
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AmazingMahjongg3D" = AmazingMahjongg3D
"ATI Display Driver" = ATI Display Driver
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Azureus 3.0" = Azureus 3.0
"CCleaner" = CCleaner
"Chicken Shoot X-Mas Edition" = Chicken Shoot X-Mas Edition
"ChickenShoot 2" = ChickenShoot 2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"FileZilla Client" = FileZilla Client 3.2.8.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Updater" = Google Updater
"Harry Potter Lumos" = Harry Potter Lumos Screen Saver
"HijackThis" = HijackThis 2.0.2
"Hui Buh - Spuken bis die Zähne klappern" = HuiBuh
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"InstallShield_{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"InterActual Player" = InterActual Player
"JongiJongo" = JongiJongo
"JURA Roger Federer 2008_is1" = JURA Roger Federer 2008
"king.com" = king.com (remove only)
"Lexmark X1100 Series" = Lexmark X1100 Series
"Lissi" = Lissi
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Video deluxe 2007 2008 D" = MAGIX Video deluxe 2007 2008 7.0.0.26 (D)
"Mahjongg" = Mahjongg
"MahjonggDeluxe" = MahjonggDeluxe
"Mah-Jongger" = Mah-Jongger
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDMahjongg" = MDMahjongg
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.2-05-07-27-01" = OpenMG Limited Patch 4.2-05-07-27-01
"PCFriendly" = PCFriendly
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"RestoreIT!" = Recover Pro
"Schatzjäger" = Schatzjäger
"Spin Upload" = Spin Upload 1.0
"SPVOD Player1.8" = SPVOD Player1.8
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2kSetup" = Microsoft Works 2000-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.07.2010 16:39:49 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul version.dll, Version 5.1.2600.5512, Fehleradresse 0x000019ef.
Error - 22.07.2010 16:54:18 | Computer Name = ANNEMARIE | Source = EventSystem | ID = 4618
Description = Das COM+-Ereignissystem hat eine unerwartete Zugriffsverletzung bei
der Adresse 0x7C92168B ausgelöst, während es auf die Adresse 0x0000003C zuzugreifen
versuchte. Wenden Sie sich an den Microsoft-Produktsupport. ntdll!RtlInitializeCriticalSection+0x6e
ntdll!wcsncpy+0x2cd
ole32!ComPs_NdrDllCanUnloadNow+0xdb
OLEAUT32!SafeArrayCreateVector+0x17d
OLEAUT32!SystemTimeToVariantTime+0x3ca
OLEAUT32!SystemTimeToVariantTime+0x1a8
OLEAUT32!SystemTimeToVariantTime+0x31d
OLEAUT32!VariantChangeType+0x228
es!+0xfe3a
es!+0x13a96
es!+0x13b5d
es!+0x13bac
es!+0x13be6
ole32!FreePropVariantArray+0xf8
ole32!FreePropVariantArray+0xa0
es!+0x29198
es!+0x2b4d8
kernel32!GetModuleFileNameA+0x1ba
Error - 22.07.2010 17:17:22 | Computer Name = ANNEMARIE | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 22.07.2010 17:23:03 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 22.07.2010 17:23:38 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung xdx.exe, Version 0.0.0.0, fehlgeschlagenes
Modul xdx.exe, Version 0.0.0.0, Fehleradresse 0x0000e15d.
Error - 22.07.2010 18:13:39 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 22.07.2010 18:14:12 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung xdx.exe, Version 0.0.0.0, fehlgeschlagenes
Modul xdx.exe, Version 0.0.0.0, Fehleradresse 0x0000e15d.
Error - 23.07.2010 10:24:55 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 23.07.2010 10:24:55 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 23.07.2010 19:40:49 | Computer Name = ANNEMARIE | Source = EventSystem | ID = 4618
Description = Das COM+-Ereignissystem hat eine unerwartete Zugriffsverletzung bei
der Adresse 0x7C921689 ausgelöst, während es auf die Adresse 0x00000014 zuzugreifen
versuchte. Wenden Sie sich an den Microsoft-Produktsupport. ntdll!RtlInitializeCriticalSection+0x6c
ntdll!wcsncpy+0x2cd
ole32!ComPs_NdrDllCanUnloadNow+0xdb
ole32!CoTaskMemFree+0x13
es!DllGetClassObject+0x1aab
es!DllGetClassObject+0x1b90
es!+0x292dd
es!+0x2a43c
es!+0x13a4f
es!+0x13b5d
es!+0x13bac
es!+0x13be6
ole32!FreePropVariantArray+0xf8
ole32!FreePropVariantArray+0xa0
es!+0x29198
es!+0x2b4d8
kernel32!GetModuleFileNameA+0x1ba
[ System Events ]
Error - 23.07.2010 14:34:28 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 23.07.2010 14:34:31 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 23.07.2010 14:35:27 | Computer Name = ANNEMARIE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Support Windows" wurde mit folgendem Fehler beendet: %%1114
Error - 23.07.2010 14:35:27 | Computer Name = ANNEMARIE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Center Config" wurde mit folgendem Fehler beendet: %%1114
Error - 23.07.2010 15:21:01 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 23.07.2010 15:25:08 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 23.07.2010 16:45:34 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 23.07.2010 16:45:38 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 23.07.2010 16:46:02 | Computer Name = ANNEMARIE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Support Windows" wurde mit folgendem Fehler beendet: %%1114
Error - 23.07.2010 16:46:02 | Computer Name = ANNEMARIE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Center Config" wurde mit folgendem Fehler beendet: %%1114
< End of report >
Code:
ATTFilter OTL logfile created on: 24.07.2010 01:37:50 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 104,68 Gb Total Space | 45,65 Gb Free Space | 43,61% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANNEMARIE Current User Name: Annemarie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSETMGR.EXE (Symantec Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCAPP.EXE (Symantec Corporation) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) PRC - C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe () PRC - C:\Programme\Samsung\DisplayManager\DisplayManager.exe (SAMSUNG ELECTRONICS) PRC - C:\Programme\Samsung\DisplayManager\dmhkcore.exe (SAMSUNG) PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () PRC - C:\Programme\Samsung\Samsung EDS\EDSAgent.exe () PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation) PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (T-Online International AG, Marmiko IT-Solutions GmbH) PRC - C:\Programme\Norton AntiVirus\IWP\NPFMNTOR.EXE (Symantec Corporation) PRC - C:\Programme\Sony\SonicStage\SSAAD.exe () PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe () PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3725.dll () SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (vvdsvc) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (南京纳加软件有限公司) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (SSDPSRVCryptSvc) -- C:\WINDOWS\System32\aaaamonk.exe () SRV - (TapiSrvJavaQuickStarterService) -- C:\WINDOWS\System32\aaaamono.exe () SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccPwdSvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (navapsvc) -- C:\Programme\Norton AntiVirus\navapsvc.exe (Symantec Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (T-Online International AG, Marmiko IT-Solutions GmbH) SRV - (SBService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation) SRV - (NPFMntor) -- C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (SAVScan) -- C:\Programme\Norton AntiVirus\SAVScan.exe (Symantec Corporation) SRV - (SPBBCSvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (oavaclaku) -- C:\WINDOWS\System32\019.tmp File not found DRV - (MACNDIS5) -- C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS File not found DRV - (InCDRm) -- C:\WINDOWS\System32\drivers\InCDRm.sys File not found DRV - (InCDPass) -- C:\WINDOWS\System32\drivers\InCDPass.sys File not found DRV - (InCDFs) -- C:\WINDOWS\System32\drivers\InCDFs.sys File not found DRV - (bpdletu) -- C:\WINDOWS\System32\01.tmp File not found DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\ids-diskless\20100128.001\symidsco.sys (Symantec Corporation) DRV - (ACEDRV09) -- C:\WINDOWS\system32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20071017.018\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20071017.018\NAVENG.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (SSHDRV84) -- C:\WINDOWS\system32\drivers\SSHDRV84.sys () DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking) DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AWISp50) -- C:\WINDOWS\system32\drivers\AWISp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (SSB2413) -- C:\WINDOWS\system32\drivers\SSB2413.sys (Atheros Communications, Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung) DRV - (SAVRTPEL) -- C:\Programme\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation) DRV - (SAVRT) -- C:\Programme\Norton AntiVirus\SAVRT.SYS (Symantec Corporation) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (RITCPT) -- C:\WINDOWS\System32\drivers\RITCPT.SYS () DRV - (FBAPI) -- C:\WINDOWS\system32\drivers\FBAPI.sys () DRV - (PrecSim) -- C:\WINDOWS\system32\DRIVERS\precsim.sys (Engelmann GmbH) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.web.dego.web.de/homeabout:blank [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = go.web.de/tab2 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledItems: Hotbar@Hotbar.com:10.2.232.0 FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010.03.19 23:17:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.21 01:26:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.21 01:26:04 | 000,000,000 | ---D | M] [2010.01.23 00:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Extensions [2010.04.17 13:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions [2010.04.17 13:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.17 13:40:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions\staged-xpis [2010.07.21 23:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions [2010.03.13 20:13:37 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9} [2010.01.23 00:22:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.22 20:17:22 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.05.29 19:18:34 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2010.06.08 01:06:29 | 000,000,000 | ---D | M] (Media Converter) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010.07.21 23:39:47 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.01.23 20:00:37 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010.07.12 20:17:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.01.25 20:03:34 | 000,000,000 | ---D | M] (Interclue) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd} [2010.02.20 22:58:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.01.23 20:06:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\dictionary-switcher@design-noir.de [2010.01.23 00:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010.01.23 14:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\en-US@dictionaries.addons.mozilla.org [2010.02.23 18:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\openmedspel@e-medtools.com [2010.04.10 19:16:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\qtl.co.il@gmail.com [2010.07.22 22:44:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.28 00:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe () O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DisplayManager.exe (SAMSUNG ELECTRONICS) O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\DisplayManager\DMLoader.exe (SAMSUNG) O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe () O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort11reminder] C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RestoreIT!] C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE (FarStone Tech. Inc.) O4 - HKLM..\Run: [SsAAD.exe] C:\Programme\Sony\SonicStage\SSAAD.exe () O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Programme\SymNetDrv\SNDMon.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2007_2008\Trayserver.exe (MAGIX AG) O4 - HKCU..\Run: [{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C}] C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih\elofe.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; Mozilla\4.0 (compatible; MSIE 7.0; Win32; WEB.DE); Mozilla\4.0 (compatible; MSIE 8.0; Win32; WEB.DE); (webde\1.1.0 File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\spacklsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\spacklsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\spacklsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\spacklsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\spacklsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\spacklsp.dll () O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.schueler.cc/uploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20080128-1 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080125-1 (Image Uploader Control) O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (c:\windows\resources\logon\logonui.exe) - c:\windows\resources\logon\logonui.exe File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Annemarie\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Annemarie\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.06.13 20:14:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\Shell - "" = AutoRun O33 - MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\Shell - "" = AutoRun O33 - MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a94c04c0-3c29-11db-ac3c-00137704d9f7}\Shell\AutoRun\command - "" = E:\inre.bat -- File not found O33 - MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\Shell - "" = AutoRun O33 - MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.23 16:49:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Logs [2010.07.22 23:28:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\SUPERAntiSpyware.com [2010.07.22 23:28:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.07.22 23:27:48 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.07.22 19:25:41 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [228 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [215 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.24 01:41:59 | 000,565,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\mwkzo.sys [2010.07.24 01:34:19 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F3F40A83-189F-49E8-89AE-D0F9235C0B97}.job [2010.07.24 01:21:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.24 01:00:00 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.07.23 22:45:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.07.23 22:45:50 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.07.23 22:45:49 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.07.23 22:45:48 | 000,000,032 | --S- | M] () -- C:\WINDOWS\System32\2666068836.dat [2010.07.23 22:45:36 | 000,000,073 | -HS- | M] () -- C:\cj.ini [2010.07.23 22:45:34 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.23 22:45:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.23 22:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.23 22:45:21 | 2011,344,896 | -HS- | M] () -- C:\hiberfil.sys [2010.07.23 22:44:03 | 006,815,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\ntuser.dat [2010.07.23 22:44:03 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Annemarie\ntuser.ini [2010.07.23 20:01:20 | 000,000,576 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - Annemarie.job [2010.07.22 22:17:21 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Farben für twitter.doc [2010.07.22 01:40:27 | 000,000,006 | ---- | M] () -- C:\WINDOWS\.exe [2010.07.22 01:40:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.07.21 16:58:41 | 001,078,566 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.21 16:58:41 | 000,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.21 16:58:41 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.21 16:58:41 | 000,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.21 16:58:41 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.14 22:50:22 | 000,037,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Signasatz.doc [2010.07.14 22:50:18 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Signasatz2.doc [2010.07.13 09:54:57 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Lebenslauf Annemarie Schüüt.doc [2010.07.05 18:13:36 | 000,113,156 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\onlineantrag1278346354041906115151.pdf [2010.07.05 01:51:17 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Hey1.doc [2010.06.27 23:24:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.06.27 23:24:13 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [228 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [215 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.22 01:40:27 | 000,000,006 | ---- | C] () -- C:\WINDOWS\.exe [2010.07.21 16:55:55 | 000,565,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwkzo.sys [2010.07.21 01:01:08 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\2666068836.dat [2010.07.13 09:54:57 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Lebenslauf Annemarie Schüüt.doc [2010.07.05 18:13:36 | 000,113,156 | ---- | C] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\onlineantrag1278346354041906115151.pdf [2010.07.05 01:51:16 | 000,022,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Hey1.doc [2009.12.26 18:00:21 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009.12.26 18:00:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.12.26 17:50:37 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009.09.15 00:57:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.01.08 16:17:13 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008.09.19 17:30:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.09.19 15:38:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.09.19 15:38:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.04.15 16:37:17 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2007.11.16 19:23:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.09.10 19:30:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007.05.29 16:01:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\spacklsp.dll [2007.05.05 10:50:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll [2007.05.05 10:50:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL [2007.05.05 10:49:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini [2007.04.14 14:30:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2007.03.16 20:28:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI [2007.02.26 22:32:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2007.02.26 17:46:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.01.24 18:56:00 | 000,000,270 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2007.01.20 18:19:36 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV84.sys [2007.01.17 22:23:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\MDMahjongg.ini [2006.11.03 18:29:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI [2006.10.27 17:22:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2006.10.20 17:01:27 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll [2006.10.14 15:56:08 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.10.03 21:45:22 | 000,001,753 | ---- | C] () -- C:\WINDOWS\System32\Annemarie_KBD.ini [2006.09.09 12:21:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.06.14 04:52:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.06.14 04:51:22 | 001,081,344 | RHS- | C] () -- C:\WINDOWS\System32\rdtxdg.dll [2006.06.13 20:39:22 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini [2006.06.13 20:39:22 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini [2006.06.13 20:30:08 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS [2006.06.13 20:30:03 | 000,005,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys [2006.06.13 20:29:57 | 000,001,755 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini [2006.06.13 20:29:57 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2006.06.13 20:29:55 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2006.06.13 20:29:55 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2006.06.13 20:29:55 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2006.06.13 20:29:55 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2006.06.13 20:29:55 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2006.06.13 20:29:55 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2006.06.13 20:29:55 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2006.06.13 20:29:55 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2006.06.13 20:29:55 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI [2006.06.13 20:29:55 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2006.06.13 20:29:55 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2006.06.13 20:29:55 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI [2006.06.13 20:29:55 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2006.06.13 20:29:55 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI [2006.06.13 20:29:55 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI [2006.06.13 20:29:55 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2006.06.13 20:29:55 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2006.06.13 20:27:29 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006.06.13 20:27:22 | 000,000,508 | ---- | C] () -- C:\WINDOWS\SamsungBluetooth.ini [2006.06.13 20:26:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.06.13 20:19:55 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2006.01.25 15:00:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll [2006.01.25 15:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1998.10.11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll < End of report >
__________________ To-Do-Liste: • retten, was zu retten ist |
|
24.07.2010, 00:54
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Taskleiste, Tastatur und Internet Explorer Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (SSDPSRVCryptSvc) -- C:\WINDOWS\System32\aaaamonk.exe ()
SRV - (TapiSrvJavaQuickStarterService) -- C:\WINDOWS\System32\aaaamono.exe ()
DRV - (oavaclaku) -- C:\WINDOWS\System32\019.tmp File not found
DRV - (MACNDIS5) -- C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS File not found
DRV - (bpdletu) -- C:\WINDOWS\System32\01.tmp File not found
O4 - HKCU..\Run: [{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C}] C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih\elofe.exe ()
O33 - MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a94c04c0-3c29-11db-ac3c-00137704d9f7}\Shell\AutoRun\command - "" = E:\inre.bat -- File not found
O33 - MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\Shell\AutoRun - "" = Auto&Play
[2010.07.22 01:40:27 | 000,000,006 | ---- | C] () -- C:\WINDOWS\.exe
[2010.07.21 16:55:55 | 000,565,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwkzo.sys
[2010.07.23 22:45:36 | 000,000,073 | -HS- | M] () -- C:\cj.ini
[2010.07.21 01:01:08 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\2666068836.dat
:Files
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih
C:\WINDOWS\System32\aaaamonk.exe
C:\WINDOWS\System32\aaaamono.exe
C:\WINDOWS\.exe
C:\WINDOWS\System32\drivers\mwkzo.sys
C:\WINDOWS\System32\rdtxdg.dll
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.07.2010, 15:30
| #13 |
| | Probleme mit Taskleiste, Tastatur und Internet Explorer Bisschen unheimlich war das je jetzt schon. XD Ein Log: Code:
ATTFilter All processes killed
========== OTL ==========
Service SSDPSRVCryptSvc stopped successfully!
Service SSDPSRVCryptSvc deleted successfully!
File move failed. C:\WINDOWS\system32\aaaamonk.exe scheduled to be moved on reboot.
Service TapiSrvJavaQuickStarterService stopped successfully!
Service TapiSrvJavaQuickStarterService deleted successfully!
C:\WINDOWS\system32\aaaamono.exe moved successfully.
Service oavaclaku stopped successfully!
Service oavaclaku deleted successfully!
File C:\WINDOWS\System32\019.tmp File not found not found.
Service MACNDIS5 stopped successfully!
Service MACNDIS5 deleted successfully!
File C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS File not found not found.
Service bpdletu stopped successfully!
Service bpdletu deleted successfully!
File C:\WINDOWS\System32\01.tmp File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C}\ not found.
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih\elofe.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e7702d4-7c01-11dc-98e9-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e7702d4-7c01-11dc-98e9-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a94c04c0-3c29-11db-ac3c-00137704d9f7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a94c04c0-3c29-11db-ac3c-00137704d9f7}\ not found.
File E:\inre.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c58a13a2-a4a5-11db-97c5-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c58a13a2-a4a5-11db-97c5-001377074e4d}\ not found.
C:\WINDOWS\.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\mwkzo.sys scheduled to be moved on reboot.
C:\cj.ini moved successfully.
File move failed. C:\WINDOWS\system32\2666068836.dat scheduled to be moved on reboot.
========== FILES ==========
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih folder moved successfully.
File move failed. C:\WINDOWS\System32\aaaamonk.exe scheduled to be moved on reboot.
File\Folder C:\WINDOWS\System32\aaaamono.exe not found.
File\Folder C:\WINDOWS\.exe not found.
File move failed. C:\WINDOWS\System32\drivers\mwkzo.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\rdtxdg.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET10.tmp moved successfully.
C:\WINDOWS\System32\SET100.tmp moved successfully.
C:\WINDOWS\System32\SET101.tmp moved successfully.
C:\WINDOWS\System32\SET102.tmp moved successfully.
C:\WINDOWS\System32\SET103.tmp moved successfully.
C:\WINDOWS\System32\SET104.tmp moved successfully.
C:\WINDOWS\System32\SET105.tmp moved successfully.
C:\WINDOWS\System32\SET106.tmp moved successfully.
C:\WINDOWS\System32\SET107.tmp moved successfully.
C:\WINDOWS\System32\SET108.tmp moved successfully.
C:\WINDOWS\System32\SET109.tmp moved successfully.
C:\WINDOWS\System32\SET10A.tmp moved successfully.
C:\WINDOWS\System32\SET10B.tmp moved successfully.
C:\WINDOWS\System32\SET10C.tmp moved successfully.
C:\WINDOWS\System32\SET10D.tmp moved successfully.
C:\WINDOWS\System32\SET10E.tmp moved successfully.
C:\WINDOWS\System32\SET10F.tmp moved successfully.
C:\WINDOWS\System32\SET11.tmp moved successfully.
C:\WINDOWS\System32\SET110.tmp moved successfully.
C:\WINDOWS\System32\SET111.tmp moved successfully.
C:\WINDOWS\System32\SET112.tmp moved successfully.
C:\WINDOWS\System32\SET113.tmp moved successfully.
C:\WINDOWS\System32\SET114.tmp moved successfully.
C:\WINDOWS\System32\SET115.tmp moved successfully.
C:\WINDOWS\System32\SET116.tmp moved successfully.
C:\WINDOWS\System32\SET117.tmp moved successfully.
C:\WINDOWS\System32\SET118.tmp moved successfully.
C:\WINDOWS\System32\SET119.tmp moved successfully.
C:\WINDOWS\System32\SET11A.tmp moved successfully.
C:\WINDOWS\System32\SET11B.tmp moved successfully.
C:\WINDOWS\System32\SET11C.tmp moved successfully.
C:\WINDOWS\System32\SET11D.tmp moved successfully.
C:\WINDOWS\System32\SET11E.tmp moved successfully.
C:\WINDOWS\System32\SET12.tmp moved successfully.
C:\WINDOWS\System32\SET13.tmp moved successfully.
C:\WINDOWS\System32\SET14.tmp moved successfully.
C:\WINDOWS\System32\SET15.tmp moved successfully.
C:\WINDOWS\System32\SET16.tmp moved successfully.
C:\WINDOWS\System32\SET17.tmp moved successfully.
C:\WINDOWS\System32\SET18.tmp moved successfully.
C:\WINDOWS\System32\SET19.tmp moved successfully.
C:\WINDOWS\System32\SET1A.tmp moved successfully.
C:\WINDOWS\System32\SET1B.tmp moved successfully.
C:\WINDOWS\System32\SET1C.tmp moved successfully.
C:\WINDOWS\System32\SET1D.tmp moved successfully.
C:\WINDOWS\System32\SET1E.tmp moved successfully.
C:\WINDOWS\System32\SET1F.tmp moved successfully.
C:\WINDOWS\System32\SET20.tmp moved successfully.
C:\WINDOWS\System32\SET21.tmp moved successfully.
C:\WINDOWS\System32\SET22.tmp moved successfully.
C:\WINDOWS\System32\SET23.tmp moved successfully.
C:\WINDOWS\System32\SET24.tmp moved successfully.
C:\WINDOWS\System32\SET25.tmp moved successfully.
C:\WINDOWS\System32\SET26.tmp moved successfully.
C:\WINDOWS\System32\SET27.tmp moved successfully.
C:\WINDOWS\System32\SET28.tmp moved successfully.
C:\WINDOWS\System32\SET29.tmp moved successfully.
C:\WINDOWS\System32\SET2A.tmp moved successfully.
C:\WINDOWS\System32\SET2B.tmp moved successfully.
C:\WINDOWS\System32\SET2C.tmp moved successfully.
C:\WINDOWS\System32\SET2D.tmp moved successfully.
C:\WINDOWS\System32\SET2E.tmp moved successfully.
C:\WINDOWS\System32\SET2F.tmp moved successfully.
C:\WINDOWS\System32\SET30.tmp moved successfully.
C:\WINDOWS\System32\SET31.tmp moved successfully.
C:\WINDOWS\System32\SET32.tmp moved successfully.
C:\WINDOWS\System32\SET33.tmp moved successfully.
C:\WINDOWS\System32\SET34.tmp moved successfully.
C:\WINDOWS\System32\SET35.tmp moved successfully.
C:\WINDOWS\System32\SET36.tmp moved successfully.
C:\WINDOWS\System32\SET37.tmp moved successfully.
C:\WINDOWS\System32\SET38.tmp moved successfully.
C:\WINDOWS\System32\SET39.tmp moved successfully.
C:\WINDOWS\System32\SET3A.tmp moved successfully.
C:\WINDOWS\System32\SET3B.tmp moved successfully.
C:\WINDOWS\System32\SET3C.tmp moved successfully.
C:\WINDOWS\System32\SET3D.tmp moved successfully.
C:\WINDOWS\System32\SET3E.tmp moved successfully.
C:\WINDOWS\System32\SET3F.tmp moved successfully.
C:\WINDOWS\System32\SET40.tmp moved successfully.
C:\WINDOWS\System32\SET41.tmp moved successfully.
C:\WINDOWS\System32\SET42.tmp moved successfully.
C:\WINDOWS\System32\SET43.tmp moved successfully.
C:\WINDOWS\System32\SET44.tmp moved successfully.
C:\WINDOWS\System32\SET45.tmp moved successfully.
C:\WINDOWS\System32\SET46.tmp moved successfully.
C:\WINDOWS\System32\SET47.tmp moved successfully.
C:\WINDOWS\System32\SET48.tmp moved successfully.
C:\WINDOWS\System32\SET49.tmp moved successfully.
C:\WINDOWS\System32\SET4A.tmp moved successfully.
C:\WINDOWS\System32\SET4B.tmp moved successfully.
C:\WINDOWS\System32\SET4C.tmp moved successfully.
C:\WINDOWS\System32\SET4D.tmp moved successfully.
C:\WINDOWS\System32\SET4E.tmp moved successfully.
C:\WINDOWS\System32\SET4F.tmp moved successfully.
C:\WINDOWS\System32\SET50.tmp moved successfully.
C:\WINDOWS\System32\SET51.tmp moved successfully.
C:\WINDOWS\System32\SET52.tmp moved successfully.
C:\WINDOWS\System32\SET53.tmp moved successfully.
C:\WINDOWS\System32\SET54.tmp moved successfully.
C:\WINDOWS\System32\SET55.tmp moved successfully.
C:\WINDOWS\System32\SET56.tmp moved successfully.
C:\WINDOWS\System32\SET57.tmp moved successfully.
C:\WINDOWS\System32\SET58.tmp moved successfully.
C:\WINDOWS\System32\SET59.tmp moved successfully.
C:\WINDOWS\System32\SET5A.tmp moved successfully.
C:\WINDOWS\System32\SET5B.tmp moved successfully.
C:\WINDOWS\System32\SET5C.tmp moved successfully.
C:\WINDOWS\System32\SET5D.tmp moved successfully.
C:\WINDOWS\System32\SET5E.tmp moved successfully.
C:\WINDOWS\System32\SET5F.tmp moved successfully.
C:\WINDOWS\System32\SET60.tmp moved successfully.
C:\WINDOWS\System32\SET61.tmp moved successfully.
C:\WINDOWS\System32\SET62.tmp moved successfully.
C:\WINDOWS\System32\SET63.tmp moved successfully.
C:\WINDOWS\System32\SET64.tmp moved successfully.
C:\WINDOWS\System32\SET65.tmp moved successfully.
C:\WINDOWS\System32\SET66.tmp moved successfully.
C:\WINDOWS\System32\SET67.tmp moved successfully.
C:\WINDOWS\System32\SET68.tmp moved successfully.
C:\WINDOWS\System32\SET69.tmp moved successfully.
C:\WINDOWS\System32\SET6A.tmp moved successfully.
C:\WINDOWS\System32\SET6B.tmp moved successfully.
C:\WINDOWS\System32\SET6C.tmp moved successfully.
C:\WINDOWS\System32\SET6D.tmp moved successfully.
C:\WINDOWS\System32\SET6E.tmp moved successfully.
C:\WINDOWS\System32\SET6F.tmp moved successfully.
C:\WINDOWS\System32\SET7.tmp moved successfully.
C:\WINDOWS\System32\SET70.tmp moved successfully.
C:\WINDOWS\System32\SET71.tmp moved successfully.
C:\WINDOWS\System32\SET72.tmp moved successfully.
C:\WINDOWS\System32\SET73.tmp moved successfully.
C:\WINDOWS\System32\SET74.tmp moved successfully.
C:\WINDOWS\System32\SET75.tmp moved successfully.
C:\WINDOWS\System32\SET76.tmp moved successfully.
C:\WINDOWS\System32\SET77.tmp moved successfully.
C:\WINDOWS\System32\SET78.tmp moved successfully.
C:\WINDOWS\System32\SET79.tmp moved successfully.
C:\WINDOWS\System32\SET7A.tmp moved successfully.
C:\WINDOWS\System32\SET7B.tmp moved successfully.
C:\WINDOWS\System32\SET7C.tmp moved successfully.
C:\WINDOWS\System32\SET7D.tmp moved successfully.
C:\WINDOWS\System32\SET7E.tmp moved successfully.
C:\WINDOWS\System32\SET7F.tmp moved successfully.
C:\WINDOWS\System32\SET80.tmp moved successfully.
C:\WINDOWS\System32\SET81.tmp moved successfully.
C:\WINDOWS\System32\SET82.tmp moved successfully.
C:\WINDOWS\System32\SET83.tmp moved successfully.
C:\WINDOWS\System32\SET84.tmp moved successfully.
C:\WINDOWS\System32\SET85.tmp moved successfully.
C:\WINDOWS\System32\SET86.tmp moved successfully.
C:\WINDOWS\System32\SET87.tmp moved successfully.
C:\WINDOWS\System32\SET88.tmp moved successfully.
C:\WINDOWS\System32\SET89.tmp moved successfully.
C:\WINDOWS\System32\SET8A.tmp moved successfully.
C:\WINDOWS\System32\SET8B.tmp moved successfully.
C:\WINDOWS\System32\SET8C.tmp moved successfully.
C:\WINDOWS\System32\SET8D.tmp moved successfully.
C:\WINDOWS\System32\SET8E.tmp moved successfully.
C:\WINDOWS\System32\SET8F.tmp moved successfully.
C:\WINDOWS\System32\SET9.tmp moved successfully.
C:\WINDOWS\System32\SET90.tmp moved successfully.
C:\WINDOWS\System32\SET91.tmp moved successfully.
C:\WINDOWS\System32\SET92.tmp moved successfully.
C:\WINDOWS\System32\SET93.tmp moved successfully.
C:\WINDOWS\System32\SET94.tmp moved successfully.
C:\WINDOWS\System32\SET95.tmp moved successfully.
C:\WINDOWS\System32\SET96.tmp moved successfully.
C:\WINDOWS\System32\SET97.tmp moved successfully.
C:\WINDOWS\System32\SET98.tmp moved successfully.
C:\WINDOWS\System32\SET99.tmp moved successfully.
C:\WINDOWS\System32\SET9A.tmp moved successfully.
C:\WINDOWS\System32\SET9B.tmp moved successfully.
C:\WINDOWS\System32\SET9C.tmp moved successfully.
C:\WINDOWS\System32\SET9E.tmp moved successfully.
C:\WINDOWS\System32\SET9F.tmp moved successfully.
C:\WINDOWS\System32\SETA.tmp moved successfully.
C:\WINDOWS\System32\SETA0.tmp moved successfully.
C:\WINDOWS\System32\SETA1.tmp moved successfully.
C:\WINDOWS\System32\SETA2.tmp moved successfully.
C:\WINDOWS\System32\SETA3.tmp moved successfully.
C:\WINDOWS\System32\SETA4.tmp moved successfully.
C:\WINDOWS\System32\SETA5.tmp moved successfully.
C:\WINDOWS\System32\SETA6.tmp moved successfully.
C:\WINDOWS\System32\SETA7.tmp moved successfully.
C:\WINDOWS\System32\SETA8.tmp moved successfully.
C:\WINDOWS\System32\SETA9.tmp moved successfully.
C:\WINDOWS\System32\SETAA.tmp moved successfully.
C:\WINDOWS\System32\SETAB.tmp moved successfully.
C:\WINDOWS\System32\SETAC.tmp moved successfully.
C:\WINDOWS\System32\SETAD.tmp moved successfully.
C:\WINDOWS\System32\SETAE.tmp moved successfully.
C:\WINDOWS\System32\SETAF.tmp moved successfully.
C:\WINDOWS\System32\SETB.tmp moved successfully.
C:\WINDOWS\System32\SETB0.tmp moved successfully.
C:\WINDOWS\System32\SETB1.tmp moved successfully.
C:\WINDOWS\System32\SETB2.tmp moved successfully.
C:\WINDOWS\System32\SETB3.tmp moved successfully.
C:\WINDOWS\System32\SETB4.tmp moved successfully.
C:\WINDOWS\System32\SETB5.tmp moved successfully.
C:\WINDOWS\System32\SETB6.tmp moved successfully.
C:\WINDOWS\System32\SETB7.tmp moved successfully.
C:\WINDOWS\System32\SETB8.tmp moved successfully.
C:\WINDOWS\System32\SETB9.tmp moved successfully.
C:\WINDOWS\System32\SETBA.tmp moved successfully.
C:\WINDOWS\System32\SETBB.tmp moved successfully.
C:\WINDOWS\System32\SETBC.tmp moved successfully.
C:\WINDOWS\System32\SETBD.tmp moved successfully.
C:\WINDOWS\System32\SETBE.tmp moved successfully.
C:\WINDOWS\System32\SETC.tmp moved successfully.
C:\WINDOWS\System32\SETD.tmp moved successfully.
C:\WINDOWS\System32\SETE.tmp moved successfully.
C:\WINDOWS\System32\SETF.tmp moved successfully.
C:\WINDOWS\System32\SETF1.tmp moved successfully.
C:\WINDOWS\System32\SETF2.tmp moved successfully.
C:\WINDOWS\System32\SETF3.tmp moved successfully.
C:\WINDOWS\System32\SETF4.tmp moved successfully.
C:\WINDOWS\System32\SETF5.tmp moved successfully.
C:\WINDOWS\System32\SETF6.tmp moved successfully.
C:\WINDOWS\System32\SETF7.tmp moved successfully.
C:\WINDOWS\System32\SETF8.tmp moved successfully.
C:\WINDOWS\System32\SETF9.tmp moved successfully.
C:\WINDOWS\System32\SETFA.tmp moved successfully.
C:\WINDOWS\System32\SETFB.tmp moved successfully.
C:\WINDOWS\System32\SETFC.tmp moved successfully.
C:\WINDOWS\System32\SETFE.tmp moved successfully.
C:\WINDOWS\System32\SETFF.tmp moved successfully.
C:\WINDOWS\002925_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Annemarie
->Temp folder emptied: 320626487 bytes
->Temporary Internet Files folder emptied: 196675287 bytes
->Java cache emptied: 408059 bytes
->FireFox cache emptied: 95544283 bytes
->Flash cache emptied: 117776 bytes
User: Default User
->Temp folder emptied: 344064 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 41 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 114422600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79393748 bytes
RecycleBin emptied: 2131380 bytes
Total Files Cleaned = 772,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 07242010_161601
Files\Folders moved on Reboot...
C:\WINDOWS\system32\aaaamonk.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\mwkzo.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\2666068836.dat moved successfully.
File move failed. C:\WINDOWS\System32\rdtxdg.dll scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_828.dat not found!
Registry entries deleted on Reboot...
__________________ To-Do-Liste: • retten, was zu retten ist |
|
26.07.2010, 14:57
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Taskleiste, Tastatur und Internet Explorer Ja, OTL wird nicht installiert. Die OTL.exe wird einfach nur so ausgeführt. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Probleme mit Taskleiste, Tastatur und Internet Explorer |
| advanced, anti-malware, bösartige, code, dateien, dokumente, einstellungen, explorer, file, freunde, funktioniert, hkus\s-1-5-18, hoffe, image, interne, internet, internet explorer, malwarebytes, microsoft, minute, opera.exe, plug-in, probleme, service, software, taskleiste, tastatur, version, windows internet |
Linear-Darstellung
