Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 02.01.2010, 11:40   #1
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Hallo, bitte um Hilfe.

Durch irgendeinen Mis-Klick (obwohl ich eigentlich dachte, gut aufzupassen) habe ich mir wohl was eingefangen. Der Computer arbeitet extrem langsam und einige Programme (wie Norton oder AV Antivirus) lassen sich beispielsweise gar nicht mehr aufrufen. Im Task Manager tut sich manches, was ich nicht interpretieren kann.

Nun hab' ich Windows 7, und dafür ist lt. Chip HijackThis gar nicht kompatibel. Aber einen Logfile konnte ich dennoch erstellen. Vielleicht kann mir jemand einen heißen Tipp geben? Danke im Voraus!

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:10, on 02.01.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files (x86)\ICQ6.5\ICQ.exe
C:\Program Files (x86)\WISO\Sparbuch 2010\meinsparbuchheute.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\FreePDF_XP\fpassist.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\downloader.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.faz.net/s/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\MinBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Save Tube Video - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\SaveTubeVideo.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~2\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: WISO Mein Sparbuch heute.lnk = C:\Program Files (x86)\WISO\Sparbuch 2010\meinsparbuchheute.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files (x86)\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8614 bytes
         
verzweifelte Grüße vom Labbeduddel

Alt 02.01.2010, 18:19   #2
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Keine Antwort - Keiner eine Idee? So kann's aber nicht bleiben, leider.

Ich bitte Euch alle noch einmal um Hilfe.

Grüße vom Labbeduddel
__________________


Alt 03.01.2010, 23:30   #3
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Hallo zusammen. Ich hatte in diesem Forum schon öfter um Hilfe gebeten und immer erhalten. Dass sich gar keiner meldet, ist mir noch nicht passiert. Liegt das an Windows 7?

In meiner Verzweiflung habe ich erstmal alle Dateien gesichert (da könnte der Bösewicht natürlich dabei sein) und dann das MAM ausprobiert. Hier das entsprechende Logfile. War das nun was? Darf ich hoffen, clean zu sein?

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3479
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

03.01.2010 23:21:19
mbam-log-2010-01-03 (23-21-19).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 479500
Laufzeit: 1 hour(s), 13 minute(s), 22 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\minbho.showbarobj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{27ba317e-7bbd-4ebe-a06a-47f076d9d6f7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2574231f-9d6f-4b0e-9041-5dd7484564ad} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minbho.showbarobj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kbbar.kbbarband (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kbbar.kbbarband.1 (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\MinBHO.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
         
Danke sehr für die Hilfe - falls sich jemand meldet.

Grüße vom Labbeduddel
__________________

Alt 04.01.2010, 12:05   #4
Chris4You
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Hi,

das HJ-Log ist bis auf 2SaveTubeVideo" unauffällig, und dem ist ja schon MAM zu leibe gerückt...
Sicherheitshalber kannst Du das Verzeichnis "C:\Program Files (x86)\Save Tube Video Company" löschen...

Brauche mehr Infos, daher:
RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.
* Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/)
* speichere es auf Deinem Desktop.
* Starte mit Doppelklick die RSIT.exe.
* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 04.01.2010, 20:02   #5
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Vielen Dank Chris, für Deine Hilfe.

Hier das RSIT Logfile. Der Vorgang wurde mit der Fehlermeldung (weißnichtmehrdengenauenText) irgendwie "nicht definierte Variable -1 wurde angesprochen" beendet.

Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by K**n S***r at 2010-01-04 19:50:51
Microsoft Windows 7 Ultimate  
System drive C: has 167 GB (18%) free of 954 GB
Total RAM: 4095 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:51, on 04.01.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files (x86)\ICQ6.5\ICQ.exe
C:\Program Files (x86)\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\WISO\Sparbuch 2010\meinsparbuchheute.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\FreePDF_XP\fpassist.exe
C:\Users\K**n S***r\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\K**n S***r.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.faz.net/s/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\MinBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Save Tube Video - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\SaveTubeVideo.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~2\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files (x86)\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: WISO Mein Sparbuch heute.lnk = C:\Program Files (x86)\WISO\Sparbuch 2010\meinsparbuchheute.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files (x86)\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8799 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~2\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312}]
ShowBarObj Class - C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\MinBHO.dll [2009-10-21 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - Save Tube Video - C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\SaveTubeVideo.dll [2009-10-21 692224]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"BlackBerryAutoUpdate"=C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-11-19 623960]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"FreePDF Assistant"=C:\Program Files (x86)\FreePDF_XP\fpassist.exe [2009-09-05 385024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"ICQ"=C:\PROGRA~2\ICQ6.5\ICQ.exe [2009-11-16 172792]
"Packard Bell Software Suite"=C:\Program Files (x86)\Packard Bell\Packard Bell Software Suite\Launcher.exe [2008-08-28 1934144]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WISO Mein Sparbuch heute.lnk - C:\Program Files (x86)\WISO\Sparbuch 2010\meinsparbuchheute.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shar
         
GMER arbeitet eine Weile und meldet dann den Fehler "C:\Windows\system32\config\system: Das System kann die angegebene Datei nicht finden.

Und nun?


Alt 04.01.2010, 20:21   #6
Chris4You
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Hi,

32 oder 64 Bit...
Das GMER nicht läuft ist ungut....
Versuche es mal im abgesicherten Modus zu starten (wenn es das bei Win7 gibt, da bin ich kein Spezialist für ;o)...

Bevor ich einen Schuß ins Blaue mit Avenger mache, probieren wir erstmal Dr. Web...
http://www.trojaner-board.de/59299-a...eb-cureit.html

Statt RSIT lass mal OTL laufen:

Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

__________________

chris
__________________
--> Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb

Geändert von Chris4You (04.01.2010 um 20:38 Uhr)

Alt 04.01.2010, 20:40   #7
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Nur damit ich hier nix falsches oder unvollständiges sage: Nach der Fehlermeldung fängt GMER trotzdem zu scannen an. Am Ende kommt die Meldung, dass er keine Manipulationen gefunden hat.

Und noch eins, die Viren, die MAM vorgeblich beseitigt hat, sind alle fröhlich wieder da. Ich habe jetzt - wie angeraten - das Verzeichnis "C:\Program Files (x86)\Save Tube Video Company" gelöscht. Das ist übrigens entweder gut getarnt, oder ich habe es mit dem System installiert. Es trägt dasselbe Datum (4.11.09) wie alle Systemdateien.

Ich probiere jetzt Dr. Web und berichte...

Alt 04.01.2010, 21:01   #8
Chris4You
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Hi,

GMER ist für Win 7 noch nicht freigegeben...
Lass ihm nach Rootkits suchen und poste dann mal das Log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 04.01.2010, 21:20   #9
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Also Dr. Web hat seinen Schnellscan im abgesicherten Modus (ja, gibt's bei WIN 7 wie vorher bei XP) absolviert und keinen Virus oder sonstwas gefunden. Den vollständigen Scan spare ich mir für später auf. Jetzt also nochmal GMER und dann OTL.

Alt 04.01.2010, 21:22   #10
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



P.S.: Jedes zweite Mal, wenn ich versuche hochzufahren (normal oder abgesichert), kriege ich die Meldung, dass hochfahren leider nicht geht. Dann repariert WIN 7 mit seiner System-Wiederherstellung selbständig. Vermutlich beseitigt das erst einmal den Virus und er kommt erst später wieder. Vielleicht nach einer Zeit, oder wenn ich versuche, in's Internet zu gehen.

Fazit - hoffentlich finden die Scanner alles, was zu finden ist. Wollen mal sehen...

Alt 04.01.2010, 22:24   #11
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Schwere Geburt - Absturz, aufgehängt, chkdsk, Systemwiederherstellung usw.

Hier der erste OTL-Log extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 04.01.2010 22:04:06 - Run 1
OTL by OldTimer - Version 3.1.21.0     Folder = C:\Users\K*n S*r\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 162,55 Gb Free Space | 17,45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: K*n2009
Current User Name: K*n S*r
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IsoBuster_is1" = IsoBuster 2.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"N360" = Norton 360
"Packard Bell Software Suite" = Packard Bell Software Suite
"PartyPoker" = PartyPoker
"SaveTubeVideo_is1" = SaveTubeVideo 2.9 (20091026)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StarBurn_is1" = StarBurn Version 12r10 (Build 0x20091021)
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 04.01.2010, 22:25   #12
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



und hier OTL.txt:

Code:
ATTFilter
OTL logfile created on: 04.01.2010 22:04:06 - Run 1
OTL by OldTimer - Version 3.1.21.0     Folder = C:\Users\K*n S*r\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 162,55 Gb Free Space | 17,45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: K*n2009
Current User Name: K*n S*r
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\K*n S*r\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\WISO\Sparbuch 2010\meinsparbuchheute.exe ()
PRC - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Packard Bell Software Suite\Launcher.exe (Packard Bell BV)
PRC - C:\Program Files (x86)\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe (Packard Bell Services)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\K*n S*r\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Service1) -- C:\Program Files (x86)\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe (Packard Bell Services)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (acedrv08) -- C:\Windows\SysNative\drivers\acedrv08.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\symtdi.sys (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\symfw.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\symndisv.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (StarPortLite) StarPort Storage Controller (Lite) -- C:\Windows\SysNative\drivers\StarPortLite.sys (Rocket Division Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100104.004\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100104.004\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (acedrv08) -- C:\Windows\SysWOW64\acedrv08.dll ()
DRV - (CSC) -- C:\Windows\CSC [2009.11.04 21:05:23 | 00,000,000 | ---D | M]
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (NeroCd2k) -- C:\Windows\SysWOW64\drivers\NeroCD2k.sys (ahead Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.faz.net/s/homepage.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 E0 0C 64 8B 5D CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "h**p://www.faz.net/s/homepage.html"
FF - prefs.js..extensions.enabledItems: SearchToolbar@skywebsearch.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.12.19 18:02:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.12.19 18:02:44 | 00,000,000 | ---D | M]
 
[2009.11.05 20:29:25 | 00,000,000 | ---D | M] -- C:\Users\K*n S*r\AppData\Roaming\mozilla\Extensions
[2009.11.05 21:06:03 | 00,000,000 | ---D | M] -- C:\Users\K*n S*r\AppData\Roaming\mozilla\Firefox\Profiles\msnozftx.default\extensions
[2010.01.01 11:39:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll (IE Toolbar)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\MinBHO.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Save Tube Video) - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\SaveTubeVideo.dll (Save Tube Video Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme (x86)\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [Packard Bell Software Suite] C:\Program Files (x86)\Packard Bell\Packard Bell Software Suite\Launcher.exe (Packard Bell BV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.01.04 21:50:11 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\K*n S*r\Desktop\OTL.exe
[2010.01.04 20:52:35 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\DoctorWeb
[2010.01.04 19:50:30 | 00,000,000 | ---D | C] -- C:\rsit
[2010.01.02 16:51:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.01.02 16:51:26 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.01.02 15:14:38 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\AppData\Roaming\Malwarebytes
[2010.01.02 15:14:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.01.02 15:14:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.01.02 11:26:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009.12.30 12:32:32 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\Music
[2009.12.18 08:17:13 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\AppData\Local\FreePDF_XP
[2009.12.18 08:15:56 | 00,000,000 | ---D | C] -- C:\ProgramData\FreePDF
[2009.12.18 08:13:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FreePDF_XP
[2009.12.18 08:13:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2009.12.18 08:07:42 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\AppData\Local\Symantec
[2009.12.13 16:31:20 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\.jordan
[2009.12.12 18:00:40 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\AppData\Roaming\Buhl Data Service
[2009.12.12 17:58:58 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\AppData\Local\Buhl
[2009.12.12 17:58:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WISO
[2009.12.12 17:57:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2009.12.12 17:57:35 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\AppData\Local\Buhl Data Service
[2009.12.12 17:49:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2009.12.10 08:09:32 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009.12.10 08:09:31 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009.12.06 16:19:25 | 00,000,000 | ---D | C] -- C:\Users\K*n S*r\Desktop\itunes 12923
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.01.04 22:07:47 | 01,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.01.04 22:07:47 | 00,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.01.04 22:07:47 | 00,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.01.04 22:07:47 | 00,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.01.04 22:07:47 | 00,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.01.04 22:07:31 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.04 22:07:30 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.04 22:02:21 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{664891e0-f974-11de-a460-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 22:02:21 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{664891e0-f974-11de-a460-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 22:02:21 | 00,065,536 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{664891e0-f974-11de-a460-00261826a28b}.TM.blf
[2010.01.04 22:02:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.04 22:02:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.04 22:02:11 | 32,205,78304 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.04 21:52:24 | 01,287,183 | -H-- | M] () -- C:\Users\K*n S*r\AppData\Local\IconCache.db
[2010.01.04 21:47:23 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{49ee00ea-f972-11de-bb06-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 21:47:23 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{49ee00ea-f972-11de-bb06-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 21:47:22 | 00,065,536 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{49ee00ea-f972-11de-bb06-00261826a28b}.TM.blf
[2010.01.04 21:38:41 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{0b57e5e6-f971-11de-a45e-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 21:38:41 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{0b57e5e6-f971-11de-a45e-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 21:38:41 | 00,065,536 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{0b57e5e6-f971-11de-a45e-00261826a28b}.TM.blf
[2010.01.04 21:23:51 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{030830e1-f96f-11de-a42c-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 21:23:51 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{030830e1-f96f-11de-a42c-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 21:23:51 | 00,065,536 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{030830e1-f96f-11de-a42c-00261826a28b}.TM.blf
[2010.01.04 21:23:38 | 24,828,2698 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.01.04 21:22:38 | 02,359,296 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat
[2010.01.04 20:56:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\K*n S*r\Desktop\OTL.exe
[2010.01.04 20:17:03 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{b52f7661-f961-11de-b3e8-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 20:17:03 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{b52f7661-f961-11de-b3e8-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 20:17:03 | 00,065,536 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{b52f7661-f961-11de-b3e8-00261826a28b}.TM.blf
[2010.01.04 19:46:36 | 00,293,376 | ---- | M] () -- C:\Users\K*n S*r\Desktop\w71fg6o3.exe
[2010.01.04 19:45:14 | 00,781,909 | ---- | M] () -- C:\Users\K*n S*r\Desktop\RSIT.exe
[2010.01.04 19:40:17 | 00,006,688 | ---- | M] () -- C:\bootsqm.dat
[2010.01.03 23:22:15 | 00,027,648 | ---- | M] () -- C:\Users\K*n S*r\Desktop\Malwarebytes Logfile.doc
[2010.01.02 16:51:46 | 00,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.02 16:47:33 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{158b3a63-f7b6-11de-a441-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.02 16:47:33 | 00,524,288 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{158b3a63-f7b6-11de-a441-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.02 16:47:33 | 00,065,536 | -HS- | M] () -- C:\Users\K*n S*r\ntuser.dat{158b3a63-f7b6-11de-a441-00261826a28b}.TM.blf
[2009.12.30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.30 14:55:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009.12.29 08:51:21 | 00,007,603 | ---- | M] () -- C:\Users\K*n S*r\AppData\Local\Resmon.ResmonCfg
[2009.12.12 18:03:04 | 00,000,460 | ---- | M] () -- C:\Windows\wiso.ini
[2009.12.12 18:00:03 | 00,002,149 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
[2009.12.12 18:00:02 | 00,002,068 | ---- | M] () -- C:\Users\Public\Desktop\WISO Sparbuch 2010.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.01.04 22:02:21 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{664891e0-f974-11de-a460-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 22:02:21 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{664891e0-f974-11de-a460-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 22:02:21 | 00,065,536 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{664891e0-f974-11de-a460-00261826a28b}.TM.blf
[2010.01.04 21:47:23 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{49ee00ea-f972-11de-bb06-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 21:47:23 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{49ee00ea-f972-11de-bb06-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 21:47:22 | 00,065,536 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{49ee00ea-f972-11de-bb06-00261826a28b}.TM.blf
[2010.01.04 21:38:41 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{0b57e5e6-f971-11de-a45e-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 21:38:41 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{0b57e5e6-f971-11de-a45e-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 21:38:41 | 00,065,536 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{0b57e5e6-f971-11de-a45e-00261826a28b}.TM.blf
[2010.01.04 21:23:51 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{030830e1-f96f-11de-a42c-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 21:23:51 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{030830e1-f96f-11de-a42c-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 21:23:51 | 00,065,536 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{030830e1-f96f-11de-a42c-00261826a28b}.TM.blf
[2010.01.04 19:49:54 | 00,781,909 | ---- | C] () -- C:\Users\K*n S*r\Desktop\RSIT.exe
[2010.01.04 19:49:54 | 00,293,376 | ---- | C] () -- C:\Users\K*n S*r\Desktop\w71fg6o3.exe
[2010.01.04 19:48:32 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{b52f7661-f961-11de-b3e8-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 19:48:32 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{b52f7661-f961-11de-b3e8-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 19:48:31 | 00,065,536 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{b52f7661-f961-11de-b3e8-00261826a28b}.TM.blf
[2010.01.04 19:40:17 | 00,006,688 | ---- | C] () -- C:\bootsqm.dat
[2010.01.03 23:22:15 | 00,027,648 | ---- | C] () -- C:\Users\K*n S*r\Desktop\Malwarebytes Logfile.doc
[2010.01.02 16:51:46 | 00,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.02 16:47:33 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{158b3a63-f7b6-11de-a441-00261826a28b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.02 16:47:33 | 00,524,288 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{158b3a63-f7b6-11de-a441-00261826a28b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.02 16:47:33 | 00,065,536 | -HS- | C] () -- C:\Users\K*n S*r\ntuser.dat{158b3a63-f7b6-11de-a441-00261826a28b}.TM.blf
[2009.12.18 08:13:42 | 00,119,152 | ---- | C] () -- C:\Windows\SysNative\redmon.hlp
[2009.12.18 08:13:42 | 00,087,040 | ---- | C] () -- C:\Windows\SysNative\redmonnt.dll
[2009.12.18 08:13:42 | 00,046,080 | ---- | C] () -- C:\Windows\SysNative\unredmon.exe
[2009.12.12 18:00:37 | 00,000,460 | ---- | C] () -- C:\Windows\wiso.ini
[2009.12.12 18:00:03 | 00,002,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
[2009.12.12 18:00:02 | 00,002,068 | ---- | C] () -- C:\Users\Public\Desktop\WISO Sparbuch 2010.lnk
[2009.11.23 07:38:07 | 00,007,603 | ---- | C] () -- C:\Users\K*n S*r\AppData\Local\Resmon.ResmonCfg
[2009.11.08 13:48:17 | 00,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrv08.dll
[2009.11.08 13:48:13 | 00,000,145 | ---- | C] () -- C:\Windows\Lilli.ini
[2009.11.08 13:48:13 | 00,000,000 | ---- | C] () -- C:\Windows\Lado.ini
[2009.11.05 21:37:45 | 00,000,385 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.11.05 21:33:15 | 00,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009.11.05 00:40:43 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.11.04 23:55:44 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003.02.20 17:53:42 | 00,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
< End of report >
         
Dr. Web Fullscan noch machen?

Gruß und Dank vom Labbeduddel

Alt 05.01.2010, 09:54   #13
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Hier das Ergebnis des Dr. Web-Fullscans:

Code:
ATTFilter
eMule44b-v16-webcache.exe\{app}\emule.exe;C:\$Recycle.Bin\S-1-5-21-2957578560-3958132288-733529207-1001\$RDTNZ8K\ADA-HAS - Dateien von zuhause\2005\eMule44b-v16-webcache;BackDoor.Emule.44;;
eMule44b-v16-webcache.exe;C:\$Recycle.Bin\S-1-5-21-2957578560-3958132288-733529207-1001\$RDTNZ8K\ADA-HAS - Dateien von zuhause\2005;Archiv enthält infizierte Objekte;Verschoben.;
eMule44b-v16-webcache.exe\{app}\emule.exe;C:\Dokumente und Einstellungen\k*n S*r\DoctorWeb\Quarantine\eMule44b-v16-webcache.exe;BackDoor.Emule.44;;
eMule44b-v16-webcache.exe;C:\Dokumente und Einstellungen\k*n S*r\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.;
eMule44b-v16-webcache.exe\{app}\emule.exe;C:\Dokumente und Einstellungen\k*n S*r\Documents\_Archiv ADA-HAS\ADA-HAS - Dateien von zuhause\2005\eMule44b-v16-web;BackDoor.Emule.44;;
eMule44b-v16-webcache.exe;C:\Dokumente und Einstellungen\k*n S*r\Documents\_Archiv ADA-HAS\ADA-HAS - Dateien von zuhause\2005;Archiv enthält infizierte Objekte;Verschoben.;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Dokumente und Einstellungen\k*n S*r\Downloads\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Dokumente und Einstellungen\k*n S*r\Downloads\SmitfraudFix.exe;Tool.ShutDown.14;;
SmitfraudFix.exe;C:\Dokumente und Einstellungen\k*n S*r\Downloads;Archiv enthält infizierte Objekte;Verschoben.;
Process.exe;C:\Dokumente und Einstellungen\k*n S*r\Downloads\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Dokumente und Einstellungen\k*n S*r\Downloads\SmitfraudFix;Tool.ShutDown.14;;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Sicherung alte ACER 80 GB Festplatte\Downloads\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Sicherung alte ACER 80 GB Festplatte\Downloads\SmitfraudFix.exe;Tool.ShutDown.14;;
SmitfraudFix.exe;C:\Sicherung alte ACER 80 GB Festplatte\Downloads;Archiv enthält infizierte Objekte;Verschoben.;
Process.exe;C:\Sicherung alte ACER 80 GB Festplatte\Downloads\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Sicherung alte ACER 80 GB Festplatte\Downloads\SmitfraudFix;Tool.ShutDown.14;;
Process.exe;C:\Users\k*n S*r\Downloads\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Users\k*n S*r\Downloads\SmitfraudFix;Tool.ShutDown.14;;
Answer (live).mp3;C:\Zusatzsicherung alter Dateien - wird nicht nochmals gesichert\S*n\s\Sarah Mc Lachlan\Afterglow Bonus Live EP;Modifikation von BAT.XPEH.144;Verschoben.;
Building A Mystery (live).mp3;C:\Zusatzsicherung alter Dateien - wird nicht nochmals gesichert\S*n\s\Sarah Mc Lachlan\Afterglow Bonus Live EP;Modifikation von BAT.XPEH.144;Verschoben.;
Dirty Little Secret (live).mp3;C:\Zusatzsicherung alter Dateien - wird nicht nochmals gesichert\S*n\s\Sarah Mc Lachlan\Afterglow Bonus Live EP;Modifikation von BAT.XPEH.144;Verschoben.;
         
Das Programm SmitfraudFix habe ich mal auf Empfehlung hier aus dem Forum heruntergeladen, dann aber seit Jahren nicht genutzt. Das kann eigentlich nicht das Problem sein.

Was nun?

Gruß und Dank vom Labbeduddel

Alt 05.01.2010, 10:24   #14
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Eins noch - ich habe GMER noch einmal probiert. Es kommt dieselbe Fehlermeldung, danach macht er trotzdem den "Full Scan" und meldet, dass er nichts gefunden hat. Mir scheint, dass er dann auch kein Logfile speichert (hab keins gefunden).

ciao!

Alt 05.01.2010, 10:35   #15
Labbeduddel
 
Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Standard

Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb



Und hier der neue MAM-Bericht von heute morgen. Alles unverändert, wir sind noch nicht recht weiter gekommen:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3479
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

05.01.2010 10:33:04
mbam-log-2010-01-05 (10-33-04).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 482639
Laufzeit: 1 hour(s), 10 minute(s), 11 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\minbho.showbarobj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{27ba317e-7bbd-4ebe-a06a-47f076d9d6f7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2574231f-9d6f-4b0e-9041-5dd7484564ad} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minbho.showbarobj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kbbar.kbbarband (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kbbar.kbbarband.1 (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files (x86)\Save Tube Video Company\SaveTubeVideo\MinBHO.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
         

Antwort

Themen zu Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb
adobe, antivirus, aufrufe, bho, computer, excel, explorer, extrem langsam, firefox, hijack, hijackthis, icq, internet, internet explorer, intrusion prevention, langsam, langsamer rechner, logfile, lsass.exe, microsoft, mozilla, packard bell, plug-in, programme, software, sparbuch, symantec, syswow64, windows, wiso, wmp



Ähnliche Themen: Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb


  1. Windows 7, 64 Bit, langsamer Rechner, Malwarebytes 128 Funde, Avira gestoppt
    Log-Analyse und Auswertung - 28.10.2015 (36)
  2. Extremst langsamer Rechner, Windows 7, 64 bit
    Plagegeister aller Art und deren Bekämpfung - 12.10.2015 (5)
  3. Windows 7: Rechner läuft etwas langsamer
    Log-Analyse und Auswertung - 03.06.2015 (7)
  4. Windows 7 Rechner wird immer langsamer Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.10.2014 (12)
  5. Windows 7 / DHL Trojaner / Langsamer Rechner
    Log-Analyse und Auswertung - 26.04.2014 (18)
  6. Windows 7: Langsamer Rechner, Umleitung auf search.softonic
    Log-Analyse und Auswertung - 26.01.2014 (1)
  7. Windows 7: Fedpol CH Trojaner, Norton hängt sich auf beim Scanen, langsamer beim Browsen.
    Log-Analyse und Auswertung - 11.01.2014 (7)
  8. Windows 7 - extrem viel Werbung - Rechner immer langsamer!
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (9)
  9. weißer Bildschirm, Rechner nicht bedienbar außer shutdown
    Log-Analyse und Auswertung - 16.06.2013 (13)
  10. Blacklist NJABL geht außer Betrieb
    Nachrichten - 11.03.2013 (0)
  11. langsamer Systemabsturz/Einfrierung nach zum Teil langem Betrieb (>1h)in XP
    Log-Analyse und Auswertung - 01.10.2012 (4)
  12. langsamer Systemabsturz/Einfrierung nach zum Teil langem Betrieb (>10h)
    Netzwerk und Hardware - 28.09.2012 (19)
  13. Antivir, Firewall und Sicherheitscenter außer Betrieb, einschalten unmöglich
    Log-Analyse und Auswertung - 06.09.2012 (5)
  14. zu langsamer Laptop trotz Norton 360 hijack this auswertung -
    Log-Analyse und Auswertung - 05.06.2010 (2)
  15. regelmäßiges Einfrieren und Fn-Tasten außer betrieb.
    Alles rund um Windows - 08.04.2010 (6)
  16. Virenscanner + Firewall außer Betrieb
    Log-Analyse und Auswertung - 17.12.2009 (4)
  17. Langsamer Rechner, Infekt Windows Antivirus Pro, Total Secure
    Plagegeister aller Art und deren Bekämpfung - 06.09.2009 (12)

Zum Thema Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb - Hallo, bitte um Hilfe. Durch irgendeinen Mis-Klick (obwohl ich eigentlich dachte, gut aufzupassen) habe ich mir wohl was eingefangen. Der Computer arbeitet extrem langsam und einige Programme (wie Norton oder - Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb...
Archiv
Du betrachtest: Systemstörung in Windows 7 - langsamer Rechner und Norton außer Betrieb auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.