Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Probleme mit Taskleiste, Tastatur und Internet Explorer

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.07.2010, 17:17   #1
Annemie
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Hallo, Freunde,
bevor ich meine Probleme schildere kommt erst mal der Log.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
21.07.2010 17:49:39
mbam-log-2010-07-21 (17-49-34).txt
 
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 112762
Laufzeit: 10 minute(s), 54 second(s)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken.
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
         
Ich hab´ auch schon gegooglet, was bei mir nicht funktioniert und mir das auch durchgelesen, aber nicht allzu viel verstanden. Ich hoffe, ihr könnt was aus dem Kram da oben rauslesen und mir sagen, was schief läuft.

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:56, on 21.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\Samsung\DisplayManager\DisplayManager.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\DOKUME~1\ANNEMA~1\LOKALE~1\Temp\Xdx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Samsung\DisplayManager\dmhkcore.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Brother\ControlCenter3\brccMCtl.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Programme\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads\HiJackThis204.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.web.de/tab2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Programme\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DisplayManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2007_2008\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOKUME~1\ANNEMA~1\LOKALE~1\Temp\Xdx.exe
O4 - HKCU\..\Run: [{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C}] C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Xayfub\eqna.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 7.0; Win32; WEB.DE); Mozilla/4.0 (compatible; MSIE 8.0; Win32; WEB.DE); (webde/1.1.0.21); .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: sisytj32.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - hxxp://www.schueler.cc/uploader/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20080128-1
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080125-1
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - hxxp://www.lokalisten.de/iup/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Telefonie TapiSrvJavaQuickStarterService (TapiSrvJavaQuickStarterService) - Unknown owner - C:\WINDOWS\system32\aaaamono.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
 
--
End of file - 17727 bytes
         

Alt 22.07.2010, 15:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Zitat:
bevor ich meine Probleme schildere kommt erst mal der Log.
Kommt die genaue Beschreibung noch?
__________________

__________________

Alt 22.07.2010, 16:10   #3
Annemie
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Natürlich:
meine Taskleiste stürzt regelmäßig ab. Erst ist alles ganz normal und dann irgendwann laden meine Seiten in firefox nicht mehr, ich klick auf die Taskleiste und sie reagiert nicht. Das ist im Moment mein größtes Problem. Ich kann meinen Computer dann auch nicht mehr runterfahren. Ich drücke halt auf ausschalten (Windows XP) und er zeigt mir meinen Desktophintergrund an, fährt aber nicht runter.
__________________

Alt 22.07.2010, 16:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Zitat:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2010, 22:23   #5
Annemie
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Nach 2 Stunden, 15 Minuten Scan und 7 infizierten Objekten ist die Taskleiste wieder abgestürzt, wo der Scanner drin war, den ich dann nicht mehr aufrufen konnte. Reicht auch der QuickScan?

Eben ist etwas ganz komisches passiert, meine Fenter haben alle geflacktert, ich hab´ den Taskmanager aufgerufen, der hat was aus System 32 angezeigt, cmd.exe oder so ähnlich, und in der Taskleiste hat sich ein kleines :\C Symbol langsam nach rechts bewegt. Was ist das denn schon wieder?

Und mal theoretisch wenn der Scan abgeschlossen ist, was mache ich dann eigentlich?


Alt 22.07.2010, 22:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Dann mach erst den Quickscan aber mit aktuellen Signaturen.
__________________
--> Probleme mit Taskleiste, Tastatur und Internet Explorer

Alt 23.07.2010, 15:32   #7
Annemie
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Ich hab geupdatet und durchlaufen lassen, nun ist er fertig. Logdatei sieht so aus:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4340

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.07.2010 16:31:09
mbam-log-2010-07-23 (16-31-09).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135392
Laufzeit: 14 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Temp\Xdx.exe (Trojan.FraudPack) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FraudPack) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Temp\Xdx.exe (Trojan.FraudPack) -> No action taken.
C:\WINDOWS\system32\01.tmp (Worm.Conficker) -> No action taken.
C:\WINDOWS\system32\yicfphjgxa.exe (BackDoor.Bebloh) -> No action taken.
C:\WINDOWS\system32\drivers\mwkzo.sys (Rootkit.Bubnix) -> No action taken.
C:\WINDOWS\Xwifya.exe (Trojan.FraudPack) -> No action taken.
C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Temp\pdfupd.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\******\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\*******\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> No action taken.
C:\Dokumente und Einstellungen\*******\Startmenü\Programme\Autostart\sisytj32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
         
Okay, ich hab' gerade die Anleitung im Forum wiedergefunden, ich habe jetzt alles entfernt. Das ist dabei rausgekommen:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4340

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.07.2010 16:40:10
mbam-log-2010-07-23 (16-40-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135392
Laufzeit: 14 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Temp\Xdx.exe (Trojan.FraudPack) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FraudPack) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\********\Lokale Einstellungen\Temp\Xdx.exe (Trojan.FraudPack) -> Delete on reboot.
C:\WINDOWS\system32\01.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yicfphjgxa.exe (BackDoor.Bebloh) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mwkzo.sys (Rootkit.Bubnix) -> Delete on reboot.
C:\WINDOWS\Xwifya.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Temp\pdfupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\*******\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\******\Startmenü\Programme\Autostart\sisytj32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
         

Geändert von Annemie (23.07.2010 um 15:43 Uhr)

Alt 23.07.2010, 17:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Dann probier mal jetzt den Vollscan.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.07.2010, 21:42   #9
Annemie
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Ist soeben durch, bevor ich neustarte, hier der Bericht:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4342

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.07.2010 22:41:17
mbam-log-2010-07-23 (22-41-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 286666
Laufzeit: 2 Stunde(n), 2 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{8E883BB6-10EF-46BC-97A5-3B1F80F27160}\RP34\A0083688.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mwkzo.sys (Rootkit.Bubnix) -> Delete on reboot.
         
__________________
To-Do-Liste:
• retten, was zu retten ist

Alt 23.07.2010, 22:01   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.07.2010, 00:45   #11
Annemie
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Geschehen:

Code:
ATTFilter
OTL Extras logfile created on: 24.07.2010 01:37:50 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 104,68 Gb Total Space | 45,65 Gb Free Space | 43,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ANNEMARIE
Current User Name: Annemarie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"4274:TCP" = 4274:TCP:*:Enabled:sayzcxb
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"(T)Raumschiff Surprise Periode 1 - Bildschirmschoner" = (T)Raumschiff Surprise Periode 1 - Bildschirmschoner
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager
"{17CA6206-7109-4426-8EE0-1BD0BE54BCC9}" = Management Center
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}" = Moorhuhn Total
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Magic Doctor
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48118C84-264D-4D5F-BA66-A34920096995}" = Sven Kommt
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{513AEC24-3465-8C4F-87BA-652D6F491031}" = Nero 7 Demo
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5DC02603-6642-11D3-80AC-00C04F348408}" = Word in Works Suite-Add-In
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{6FF1763A-35B2-4DF5-AB57-AB5613AFBAE0}" = (T)Raumschiff Surprise - Periode 1 - XXL
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{796202A7-F026-4223-9737-F18EC591164B}" = FormatFactory
"{7A2FD295-38D2-4AAF-BF41-2C95EBB96126}" = Moorhuhn Kart 2 XXL
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9781A96F-71AC-4738-984B-5AB597DFE678}" = WER WIRD MILLIONÄR VIERTE EDITION
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter und der Feuerkelch™
"{9B2B0EAD-2CC7-4589-B3AA-D23BAB724065}" = CDRWIN
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter und der Gefangene von Askaban(TM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{B18B7901-4025-4BFF-9DA2-BCC45F594DE2}" = Atheros WLAN Client
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe  1.4.67.1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43131EA-D0F7-4E5B-81D8-E1BDD303639F}" = neoDVDstandard
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E12DA139-1E5B-46DB-BAEA-683DC9F27CBC}" = ATI Catalyst Control Center
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"3DJongg" = 3DJongg
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AmazingMahjongg3D" = AmazingMahjongg3D
"ATI Display Driver" = ATI Display Driver
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Azureus 3.0" = Azureus 3.0
"CCleaner" = CCleaner
"Chicken Shoot X-Mas Edition" = Chicken Shoot X-Mas Edition
"ChickenShoot 2" = ChickenShoot 2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"FileZilla Client" = FileZilla Client 3.2.8.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Updater" = Google Updater
"Harry Potter Lumos" = Harry Potter Lumos Screen Saver
"HijackThis" = HijackThis 2.0.2
"Hui Buh - Spuken bis die Zähne klappern" = HuiBuh
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"InstallShield_{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"InterActual Player" = InterActual Player
"JongiJongo" = JongiJongo
"JURA Roger Federer 2008_is1" = JURA Roger Federer 2008
"king.com" = king.com (remove only)
"Lexmark X1100 Series" = Lexmark X1100 Series
"Lissi" = Lissi
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Video deluxe 2007 2008 D" = MAGIX Video deluxe 2007 2008 7.0.0.26 (D)
"Mahjongg" = Mahjongg
"MahjonggDeluxe" = MahjonggDeluxe
"Mah-Jongger" = Mah-Jongger
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDMahjongg" = MDMahjongg
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.2-05-07-27-01" = OpenMG Limited Patch 4.2-05-07-27-01
"PCFriendly" = PCFriendly
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"RestoreIT!" = Recover Pro
"Schatzjäger" = Schatzjäger
"Spin Upload" = Spin Upload 1.0
"SPVOD Player1.8" = SPVOD Player1.8
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2kSetup" = Microsoft Works 2000-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.07.2010 16:39:49 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul version.dll, Version 5.1.2600.5512, Fehleradresse 0x000019ef.
 
Error - 22.07.2010 16:54:18 | Computer Name = ANNEMARIE | Source = EventSystem | ID = 4618
Description = Das COM+-Ereignissystem hat eine unerwartete Zugriffsverletzung bei
 der Adresse 0x7C92168B ausgelöst, während es auf die Adresse 0x0000003C zuzugreifen
 versuchte. Wenden Sie sich an den Microsoft-Produktsupport.  ntdll!RtlInitializeCriticalSection+0x6e
ntdll!wcsncpy+0x2cd
ole32!ComPs_NdrDllCanUnloadNow+0xdb
OLEAUT32!SafeArrayCreateVector+0x17d
OLEAUT32!SystemTimeToVariantTime+0x3ca
OLEAUT32!SystemTimeToVariantTime+0x1a8
OLEAUT32!SystemTimeToVariantTime+0x31d
OLEAUT32!VariantChangeType+0x228
es!+0xfe3a
es!+0x13a96
es!+0x13b5d
es!+0x13bac
es!+0x13be6
ole32!FreePropVariantArray+0xf8
ole32!FreePropVariantArray+0xa0
es!+0x29198
es!+0x2b4d8
kernel32!GetModuleFileNameA+0x1ba
 
Error - 22.07.2010 17:17:22 | Computer Name = ANNEMARIE | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 22.07.2010 17:23:03 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 22.07.2010 17:23:38 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung xdx.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul xdx.exe, Version 0.0.0.0, Fehleradresse 0x0000e15d.
 
Error - 22.07.2010 18:13:39 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 22.07.2010 18:14:12 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung xdx.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul xdx.exe, Version 0.0.0.0, Fehleradresse 0x0000e15d.
 
Error - 23.07.2010 10:24:55 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 23.07.2010 10:24:55 | Computer Name = ANNEMARIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 23.07.2010 19:40:49 | Computer Name = ANNEMARIE | Source = EventSystem | ID = 4618
Description = Das COM+-Ereignissystem hat eine unerwartete Zugriffsverletzung bei
 der Adresse 0x7C921689 ausgelöst, während es auf die Adresse 0x00000014 zuzugreifen
 versuchte. Wenden Sie sich an den Microsoft-Produktsupport.  ntdll!RtlInitializeCriticalSection+0x6c
ntdll!wcsncpy+0x2cd
ole32!ComPs_NdrDllCanUnloadNow+0xdb
ole32!CoTaskMemFree+0x13
es!DllGetClassObject+0x1aab
es!DllGetClassObject+0x1b90
es!+0x292dd
es!+0x2a43c
es!+0x13a4f
es!+0x13b5d
es!+0x13bac
es!+0x13be6
ole32!FreePropVariantArray+0xf8
ole32!FreePropVariantArray+0xa0
es!+0x29198
es!+0x2b4d8
kernel32!GetModuleFileNameA+0x1ba
 
[ System Events ]
Error - 23.07.2010 14:34:28 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 23.07.2010 14:34:31 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 23.07.2010 14:35:27 | Computer Name = ANNEMARIE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Support Windows" wurde mit folgendem Fehler beendet:   %%1114
 
Error - 23.07.2010 14:35:27 | Computer Name = ANNEMARIE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Center Config" wurde mit folgendem Fehler beendet:   %%1114
 
Error - 23.07.2010 15:21:01 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 23.07.2010 15:25:08 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 23.07.2010 16:45:34 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 23.07.2010 16:45:38 | Computer Name = ANNEMARIE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 23.07.2010 16:46:02 | Computer Name = ANNEMARIE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Support Windows" wurde mit folgendem Fehler beendet:   %%1114
 
Error - 23.07.2010 16:46:02 | Computer Name = ANNEMARIE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Center Config" wurde mit folgendem Fehler beendet:   %%1114
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 24.07.2010 01:37:50 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 104,68 Gb Total Space | 45,65 Gb Free Space | 43,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ANNEMARIE
Current User Name: Annemarie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCAPP.EXE (Symantec Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe ()
PRC - C:\Programme\Samsung\DisplayManager\DisplayManager.exe (SAMSUNG ELECTRONICS)
PRC - C:\Programme\Samsung\DisplayManager\dmhkcore.exe (SAMSUNG)
PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Programme\Samsung\Samsung EDS\EDSAgent.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (T-Online International AG, Marmiko IT-Solutions GmbH)
PRC - C:\Programme\Norton AntiVirus\IWP\NPFMNTOR.EXE (Symantec Corporation)
PRC - C:\Programme\Sony\SonicStage\SSAAD.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3725.dll ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (vvdsvc) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (南京纳加软件有限公司)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (SSDPSRVCryptSvc) -- C:\WINDOWS\System32\aaaamonk.exe ()
SRV - (TapiSrvJavaQuickStarterService) -- C:\WINDOWS\System32\aaaamono.exe ()
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (navapsvc) -- C:\Programme\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (T-Online International AG, Marmiko IT-Solutions GmbH)
SRV - (SBService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)
SRV - (NPFMntor) -- C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe ()
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (SAVScan) -- C:\Programme\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (oavaclaku) -- C:\WINDOWS\System32\019.tmp File not found
DRV - (MACNDIS5) -- C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS File not found
DRV - (InCDRm) -- C:\WINDOWS\System32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- C:\WINDOWS\System32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- C:\WINDOWS\System32\drivers\InCDFs.sys File not found
DRV - (bpdletu) -- C:\WINDOWS\System32\01.tmp File not found
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\ids-diskless\20100128.001\symidsco.sys (Symantec Corporation)
DRV - (ACEDRV09) -- C:\WINDOWS\system32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20071017.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20071017.018\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SSHDRV84) -- C:\WINDOWS\system32\drivers\SSHDRV84.sys ()
DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking)
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AWISp50) -- C:\WINDOWS\system32\drivers\AWISp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (SSB2413) -- C:\WINDOWS\system32\drivers\SSB2413.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung)
DRV - (SAVRTPEL) -- C:\Programme\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Programme\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (RITCPT) -- C:\WINDOWS\System32\drivers\RITCPT.SYS ()
DRV - (FBAPI) -- C:\WINDOWS\system32\drivers\FBAPI.sys ()
DRV - (PrecSim) -- C:\WINDOWS\system32\DRIVERS\precsim.sys (Engelmann GmbH)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.sys (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.web.dego.web.de/homeabout:blank [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = go.web.de/tab2
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: Hotbar@Hotbar.com:10.2.232.0
 
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010.03.19 23:17:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.21 01:26:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.21 01:26:04 | 000,000,000 | ---D | M]
 
[2010.01.23 00:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Extensions
[2010.04.17 13:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions
[2010.04.17 13:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.17 13:40:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\extensions\staged-xpis
[2010.07.21 23:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions
[2010.03.13 20:13:37 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010.01.23 00:22:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.22 20:17:22 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.05.29 19:18:34 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.06.08 01:06:29 | 000,000,000 | ---D | M] (Media Converter) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.07.21 23:39:47 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.01.23 20:00:37 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.07.12 20:17:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.25 20:03:34 | 000,000,000 | ---D | M] (Interclue) -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2010.02.20 22:58:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.01.23 20:06:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\dictionary-switcher@design-noir.de
[2010.01.23 00:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.01.23 14:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.02.23 18:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\openmedspel@e-medtools.com
[2010.04.10 19:16:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\Mozilla\Firefox\Profiles\x7bmrpru.default\extensions\qtl.co.il@gmail.com
[2010.07.22 22:44:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.28 00:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe ()
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DisplayManager.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\DisplayManager\DMLoader.exe (SAMSUNG)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RestoreIT!] C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE (FarStone Tech. Inc.)
O4 - HKLM..\Run: [SsAAD.exe] C:\Programme\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Programme\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2007_2008\Trayserver.exe (MAGIX AG)
O4 - HKCU..\Run: [{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C}] C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih\elofe.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; Mozilla\4.0 (compatible; MSIE 7.0; Win32; WEB.DE); Mozilla\4.0 (compatible; MSIE 8.0; Win32; WEB.DE); (webde\1.1.0 File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\spacklsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\spacklsp.dll ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.schueler.cc/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20080128-1 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080125-1 (Image Uploader Control)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (c:\windows\resources\logon\logonui.exe) - c:\windows\resources\logon\logonui.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Annemarie\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Annemarie\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.13 20:14:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a94c04c0-3c29-11db-ac3c-00137704d9f7}\Shell\AutoRun\command - "" = E:\inre.bat -- File not found
O33 - MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.23 16:49:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Logs
[2010.07.22 23:28:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Annemarie\Anwendungsdaten\SUPERAntiSpyware.com
[2010.07.22 23:28:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.07.22 23:27:48 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.07.22 19:25:41 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[228 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[215 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.24 01:41:59 | 000,565,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\mwkzo.sys
[2010.07.24 01:34:19 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F3F40A83-189F-49E8-89AE-D0F9235C0B97}.job
[2010.07.24 01:21:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.24 01:00:00 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.07.23 22:45:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.07.23 22:45:50 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.07.23 22:45:49 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.07.23 22:45:48 | 000,000,032 | --S- | M] () -- C:\WINDOWS\System32\2666068836.dat
[2010.07.23 22:45:36 | 000,000,073 | -HS- | M] () -- C:\cj.ini
[2010.07.23 22:45:34 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.23 22:45:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.23 22:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.23 22:45:21 | 2011,344,896 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.23 22:44:03 | 006,815,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\ntuser.dat
[2010.07.23 22:44:03 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Annemarie\ntuser.ini
[2010.07.23 20:01:20 | 000,000,576 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - Annemarie.job
[2010.07.22 22:17:21 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Farben für twitter.doc
[2010.07.22 01:40:27 | 000,000,006 | ---- | M] () -- C:\WINDOWS\.exe
[2010.07.22 01:40:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.21 16:58:41 | 001,078,566 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.21 16:58:41 | 000,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.21 16:58:41 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.21 16:58:41 | 000,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.21 16:58:41 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.14 22:50:22 | 000,037,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Signasatz.doc
[2010.07.14 22:50:18 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Signasatz2.doc
[2010.07.13 09:54:57 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Lebenslauf Annemarie Schüüt.doc
[2010.07.05 18:13:36 | 000,113,156 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\onlineantrag1278346354041906115151.pdf
[2010.07.05 01:51:17 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Hey1.doc
[2010.06.27 23:24:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.27 23:24:13 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Annemarie\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[228 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[215 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.22 01:40:27 | 000,000,006 | ---- | C] () -- C:\WINDOWS\.exe
[2010.07.21 16:55:55 | 000,565,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwkzo.sys
[2010.07.21 01:01:08 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\2666068836.dat
[2010.07.13 09:54:57 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Lebenslauf Annemarie Schüüt.doc
[2010.07.05 18:13:36 | 000,113,156 | ---- | C] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\onlineantrag1278346354041906115151.pdf
[2010.07.05 01:51:16 | 000,022,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Annemarie\Eigene Dateien\Hey1.doc
[2009.12.26 18:00:21 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.12.26 18:00:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.12.26 17:50:37 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009.09.15 00:57:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.01.08 16:17:13 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.09.19 17:30:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.09.19 15:38:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.09.19 15:38:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.04.15 16:37:17 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007.11.16 19:23:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.09.10 19:30:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007.05.29 16:01:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\spacklsp.dll
[2007.05.05 10:50:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2007.05.05 10:50:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2007.05.05 10:49:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2007.04.14 14:30:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007.03.16 20:28:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2007.02.26 22:32:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007.02.26 17:46:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.01.24 18:56:00 | 000,000,270 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007.01.20 18:19:36 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV84.sys
[2007.01.17 22:23:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\MDMahjongg.ini
[2006.11.03 18:29:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2006.10.27 17:22:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006.10.20 17:01:27 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006.10.14 15:56:08 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.10.03 21:45:22 | 000,001,753 | ---- | C] () -- C:\WINDOWS\System32\Annemarie_KBD.ini
[2006.09.09 12:21:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.06.14 04:52:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.06.14 04:51:22 | 001,081,344 | RHS- | C] () -- C:\WINDOWS\System32\rdtxdg.dll
[2006.06.13 20:39:22 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2006.06.13 20:39:22 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2006.06.13 20:30:08 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS
[2006.06.13 20:30:03 | 000,005,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2006.06.13 20:29:57 | 000,001,755 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini
[2006.06.13 20:29:57 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2006.06.13 20:29:55 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2006.06.13 20:29:55 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2006.06.13 20:29:55 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2006.06.13 20:29:55 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2006.06.13 20:29:55 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2006.06.13 20:29:55 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2006.06.13 20:29:55 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2006.06.13 20:29:55 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2006.06.13 20:29:55 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2006.06.13 20:29:55 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2006.06.13 20:29:55 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2006.06.13 20:29:55 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2006.06.13 20:29:55 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2006.06.13 20:29:55 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2006.06.13 20:29:55 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2006.06.13 20:29:55 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2006.06.13 20:29:55 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2006.06.13 20:27:29 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006.06.13 20:27:22 | 000,000,508 | ---- | C] () -- C:\WINDOWS\SamsungBluetooth.ini
[2006.06.13 20:26:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.06.13 20:19:55 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2006.01.25 15:00:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll
[2006.01.25 15:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998.10.11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
< End of report >
         
__________________
To-Do-Liste:
• retten, was zu retten ist

Alt 24.07.2010, 00:54   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - (SSDPSRVCryptSvc) -- C:\WINDOWS\System32\aaaamonk.exe ()
SRV - (TapiSrvJavaQuickStarterService) -- C:\WINDOWS\System32\aaaamono.exe ()
DRV - (oavaclaku) -- C:\WINDOWS\System32\019.tmp File not found
DRV - (MACNDIS5) -- C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS File not found
DRV - (bpdletu) -- C:\WINDOWS\System32\01.tmp File not found
O4 - HKCU..\Run: [{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C}] C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih\elofe.exe ()
O33 - MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a94c04c0-3c29-11db-ac3c-00137704d9f7}\Shell\AutoRun\command - "" = E:\inre.bat -- File not found
O33 - MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\Shell\AutoRun - "" = Auto&Play
[2010.07.22 01:40:27 | 000,000,006 | ---- | C] () -- C:\WINDOWS\.exe
[2010.07.21 16:55:55 | 000,565,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwkzo.sys
[2010.07.23 22:45:36 | 000,000,073 | -HS- | M] () -- C:\cj.ini
[2010.07.21 01:01:08 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\2666068836.dat

:Files
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih
C:\WINDOWS\System32\aaaamonk.exe
C:\WINDOWS\System32\aaaamono.exe
C:\WINDOWS\.exe
C:\WINDOWS\System32\drivers\mwkzo.sys
C:\WINDOWS\System32\rdtxdg.dll
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp

:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.07.2010, 15:30   #13
Annemie
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Bisschen unheimlich war das je jetzt schon. XD Ein Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Service SSDPSRVCryptSvc stopped successfully!
Service SSDPSRVCryptSvc deleted successfully!
File move failed. C:\WINDOWS\system32\aaaamonk.exe scheduled to be moved on reboot.
Service TapiSrvJavaQuickStarterService stopped successfully!
Service TapiSrvJavaQuickStarterService deleted successfully!
C:\WINDOWS\system32\aaaamono.exe moved successfully.
Service oavaclaku stopped successfully!
Service oavaclaku deleted successfully!
File  C:\WINDOWS\System32\019.tmp File not found not found.
Service MACNDIS5 stopped successfully!
Service MACNDIS5 deleted successfully!
File  C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS File not found not found.
Service bpdletu stopped successfully!
Service bpdletu deleted successfully!
File  C:\WINDOWS\System32\01.tmp File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD5DC5E0-FB5D-82F3-E15C-694F12D7180C}\ not found.
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih\elofe.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e7702d4-7c01-11dc-98e9-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e7702d4-7c01-11dc-98e9-001377074e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e7702d4-7c01-11dc-98e9-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d4f60ec-15ac-11df-9e4e-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a94c04c0-3c29-11db-ac3c-00137704d9f7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a94c04c0-3c29-11db-ac3c-00137704d9f7}\ not found.
File E:\inre.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c58a13a2-a4a5-11db-97c5-001377074e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c58a13a2-a4a5-11db-97c5-001377074e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c58a13a2-a4a5-11db-97c5-001377074e4d}\ not found.
C:\WINDOWS\.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\mwkzo.sys scheduled to be moved on reboot.
C:\cj.ini moved successfully.
File move failed. C:\WINDOWS\system32\2666068836.dat scheduled to be moved on reboot.
========== FILES ==========
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Owbaih folder moved successfully.
File move failed. C:\WINDOWS\System32\aaaamonk.exe scheduled to be moved on reboot.
File\Folder C:\WINDOWS\System32\aaaamono.exe not found.
File\Folder C:\WINDOWS\.exe not found.
File move failed. C:\WINDOWS\System32\drivers\mwkzo.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\rdtxdg.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET10.tmp moved successfully.
C:\WINDOWS\System32\SET100.tmp moved successfully.
C:\WINDOWS\System32\SET101.tmp moved successfully.
C:\WINDOWS\System32\SET102.tmp moved successfully.
C:\WINDOWS\System32\SET103.tmp moved successfully.
C:\WINDOWS\System32\SET104.tmp moved successfully.
C:\WINDOWS\System32\SET105.tmp moved successfully.
C:\WINDOWS\System32\SET106.tmp moved successfully.
C:\WINDOWS\System32\SET107.tmp moved successfully.
C:\WINDOWS\System32\SET108.tmp moved successfully.
C:\WINDOWS\System32\SET109.tmp moved successfully.
C:\WINDOWS\System32\SET10A.tmp moved successfully.
C:\WINDOWS\System32\SET10B.tmp moved successfully.
C:\WINDOWS\System32\SET10C.tmp moved successfully.
C:\WINDOWS\System32\SET10D.tmp moved successfully.
C:\WINDOWS\System32\SET10E.tmp moved successfully.
C:\WINDOWS\System32\SET10F.tmp moved successfully.
C:\WINDOWS\System32\SET11.tmp moved successfully.
C:\WINDOWS\System32\SET110.tmp moved successfully.
C:\WINDOWS\System32\SET111.tmp moved successfully.
C:\WINDOWS\System32\SET112.tmp moved successfully.
C:\WINDOWS\System32\SET113.tmp moved successfully.
C:\WINDOWS\System32\SET114.tmp moved successfully.
C:\WINDOWS\System32\SET115.tmp moved successfully.
C:\WINDOWS\System32\SET116.tmp moved successfully.
C:\WINDOWS\System32\SET117.tmp moved successfully.
C:\WINDOWS\System32\SET118.tmp moved successfully.
C:\WINDOWS\System32\SET119.tmp moved successfully.
C:\WINDOWS\System32\SET11A.tmp moved successfully.
C:\WINDOWS\System32\SET11B.tmp moved successfully.
C:\WINDOWS\System32\SET11C.tmp moved successfully.
C:\WINDOWS\System32\SET11D.tmp moved successfully.
C:\WINDOWS\System32\SET11E.tmp moved successfully.
C:\WINDOWS\System32\SET12.tmp moved successfully.
C:\WINDOWS\System32\SET13.tmp moved successfully.
C:\WINDOWS\System32\SET14.tmp moved successfully.
C:\WINDOWS\System32\SET15.tmp moved successfully.
C:\WINDOWS\System32\SET16.tmp moved successfully.
C:\WINDOWS\System32\SET17.tmp moved successfully.
C:\WINDOWS\System32\SET18.tmp moved successfully.
C:\WINDOWS\System32\SET19.tmp moved successfully.
C:\WINDOWS\System32\SET1A.tmp moved successfully.
C:\WINDOWS\System32\SET1B.tmp moved successfully.
C:\WINDOWS\System32\SET1C.tmp moved successfully.
C:\WINDOWS\System32\SET1D.tmp moved successfully.
C:\WINDOWS\System32\SET1E.tmp moved successfully.
C:\WINDOWS\System32\SET1F.tmp moved successfully.
C:\WINDOWS\System32\SET20.tmp moved successfully.
C:\WINDOWS\System32\SET21.tmp moved successfully.
C:\WINDOWS\System32\SET22.tmp moved successfully.
C:\WINDOWS\System32\SET23.tmp moved successfully.
C:\WINDOWS\System32\SET24.tmp moved successfully.
C:\WINDOWS\System32\SET25.tmp moved successfully.
C:\WINDOWS\System32\SET26.tmp moved successfully.
C:\WINDOWS\System32\SET27.tmp moved successfully.
C:\WINDOWS\System32\SET28.tmp moved successfully.
C:\WINDOWS\System32\SET29.tmp moved successfully.
C:\WINDOWS\System32\SET2A.tmp moved successfully.
C:\WINDOWS\System32\SET2B.tmp moved successfully.
C:\WINDOWS\System32\SET2C.tmp moved successfully.
C:\WINDOWS\System32\SET2D.tmp moved successfully.
C:\WINDOWS\System32\SET2E.tmp moved successfully.
C:\WINDOWS\System32\SET2F.tmp moved successfully.
C:\WINDOWS\System32\SET30.tmp moved successfully.
C:\WINDOWS\System32\SET31.tmp moved successfully.
C:\WINDOWS\System32\SET32.tmp moved successfully.
C:\WINDOWS\System32\SET33.tmp moved successfully.
C:\WINDOWS\System32\SET34.tmp moved successfully.
C:\WINDOWS\System32\SET35.tmp moved successfully.
C:\WINDOWS\System32\SET36.tmp moved successfully.
C:\WINDOWS\System32\SET37.tmp moved successfully.
C:\WINDOWS\System32\SET38.tmp moved successfully.
C:\WINDOWS\System32\SET39.tmp moved successfully.
C:\WINDOWS\System32\SET3A.tmp moved successfully.
C:\WINDOWS\System32\SET3B.tmp moved successfully.
C:\WINDOWS\System32\SET3C.tmp moved successfully.
C:\WINDOWS\System32\SET3D.tmp moved successfully.
C:\WINDOWS\System32\SET3E.tmp moved successfully.
C:\WINDOWS\System32\SET3F.tmp moved successfully.
C:\WINDOWS\System32\SET40.tmp moved successfully.
C:\WINDOWS\System32\SET41.tmp moved successfully.
C:\WINDOWS\System32\SET42.tmp moved successfully.
C:\WINDOWS\System32\SET43.tmp moved successfully.
C:\WINDOWS\System32\SET44.tmp moved successfully.
C:\WINDOWS\System32\SET45.tmp moved successfully.
C:\WINDOWS\System32\SET46.tmp moved successfully.
C:\WINDOWS\System32\SET47.tmp moved successfully.
C:\WINDOWS\System32\SET48.tmp moved successfully.
C:\WINDOWS\System32\SET49.tmp moved successfully.
C:\WINDOWS\System32\SET4A.tmp moved successfully.
C:\WINDOWS\System32\SET4B.tmp moved successfully.
C:\WINDOWS\System32\SET4C.tmp moved successfully.
C:\WINDOWS\System32\SET4D.tmp moved successfully.
C:\WINDOWS\System32\SET4E.tmp moved successfully.
C:\WINDOWS\System32\SET4F.tmp moved successfully.
C:\WINDOWS\System32\SET50.tmp moved successfully.
C:\WINDOWS\System32\SET51.tmp moved successfully.
C:\WINDOWS\System32\SET52.tmp moved successfully.
C:\WINDOWS\System32\SET53.tmp moved successfully.
C:\WINDOWS\System32\SET54.tmp moved successfully.
C:\WINDOWS\System32\SET55.tmp moved successfully.
C:\WINDOWS\System32\SET56.tmp moved successfully.
C:\WINDOWS\System32\SET57.tmp moved successfully.
C:\WINDOWS\System32\SET58.tmp moved successfully.
C:\WINDOWS\System32\SET59.tmp moved successfully.
C:\WINDOWS\System32\SET5A.tmp moved successfully.
C:\WINDOWS\System32\SET5B.tmp moved successfully.
C:\WINDOWS\System32\SET5C.tmp moved successfully.
C:\WINDOWS\System32\SET5D.tmp moved successfully.
C:\WINDOWS\System32\SET5E.tmp moved successfully.
C:\WINDOWS\System32\SET5F.tmp moved successfully.
C:\WINDOWS\System32\SET60.tmp moved successfully.
C:\WINDOWS\System32\SET61.tmp moved successfully.
C:\WINDOWS\System32\SET62.tmp moved successfully.
C:\WINDOWS\System32\SET63.tmp moved successfully.
C:\WINDOWS\System32\SET64.tmp moved successfully.
C:\WINDOWS\System32\SET65.tmp moved successfully.
C:\WINDOWS\System32\SET66.tmp moved successfully.
C:\WINDOWS\System32\SET67.tmp moved successfully.
C:\WINDOWS\System32\SET68.tmp moved successfully.
C:\WINDOWS\System32\SET69.tmp moved successfully.
C:\WINDOWS\System32\SET6A.tmp moved successfully.
C:\WINDOWS\System32\SET6B.tmp moved successfully.
C:\WINDOWS\System32\SET6C.tmp moved successfully.
C:\WINDOWS\System32\SET6D.tmp moved successfully.
C:\WINDOWS\System32\SET6E.tmp moved successfully.
C:\WINDOWS\System32\SET6F.tmp moved successfully.
C:\WINDOWS\System32\SET7.tmp moved successfully.
C:\WINDOWS\System32\SET70.tmp moved successfully.
C:\WINDOWS\System32\SET71.tmp moved successfully.
C:\WINDOWS\System32\SET72.tmp moved successfully.
C:\WINDOWS\System32\SET73.tmp moved successfully.
C:\WINDOWS\System32\SET74.tmp moved successfully.
C:\WINDOWS\System32\SET75.tmp moved successfully.
C:\WINDOWS\System32\SET76.tmp moved successfully.
C:\WINDOWS\System32\SET77.tmp moved successfully.
C:\WINDOWS\System32\SET78.tmp moved successfully.
C:\WINDOWS\System32\SET79.tmp moved successfully.
C:\WINDOWS\System32\SET7A.tmp moved successfully.
C:\WINDOWS\System32\SET7B.tmp moved successfully.
C:\WINDOWS\System32\SET7C.tmp moved successfully.
C:\WINDOWS\System32\SET7D.tmp moved successfully.
C:\WINDOWS\System32\SET7E.tmp moved successfully.
C:\WINDOWS\System32\SET7F.tmp moved successfully.
C:\WINDOWS\System32\SET80.tmp moved successfully.
C:\WINDOWS\System32\SET81.tmp moved successfully.
C:\WINDOWS\System32\SET82.tmp moved successfully.
C:\WINDOWS\System32\SET83.tmp moved successfully.
C:\WINDOWS\System32\SET84.tmp moved successfully.
C:\WINDOWS\System32\SET85.tmp moved successfully.
C:\WINDOWS\System32\SET86.tmp moved successfully.
C:\WINDOWS\System32\SET87.tmp moved successfully.
C:\WINDOWS\System32\SET88.tmp moved successfully.
C:\WINDOWS\System32\SET89.tmp moved successfully.
C:\WINDOWS\System32\SET8A.tmp moved successfully.
C:\WINDOWS\System32\SET8B.tmp moved successfully.
C:\WINDOWS\System32\SET8C.tmp moved successfully.
C:\WINDOWS\System32\SET8D.tmp moved successfully.
C:\WINDOWS\System32\SET8E.tmp moved successfully.
C:\WINDOWS\System32\SET8F.tmp moved successfully.
C:\WINDOWS\System32\SET9.tmp moved successfully.
C:\WINDOWS\System32\SET90.tmp moved successfully.
C:\WINDOWS\System32\SET91.tmp moved successfully.
C:\WINDOWS\System32\SET92.tmp moved successfully.
C:\WINDOWS\System32\SET93.tmp moved successfully.
C:\WINDOWS\System32\SET94.tmp moved successfully.
C:\WINDOWS\System32\SET95.tmp moved successfully.
C:\WINDOWS\System32\SET96.tmp moved successfully.
C:\WINDOWS\System32\SET97.tmp moved successfully.
C:\WINDOWS\System32\SET98.tmp moved successfully.
C:\WINDOWS\System32\SET99.tmp moved successfully.
C:\WINDOWS\System32\SET9A.tmp moved successfully.
C:\WINDOWS\System32\SET9B.tmp moved successfully.
C:\WINDOWS\System32\SET9C.tmp moved successfully.
C:\WINDOWS\System32\SET9E.tmp moved successfully.
C:\WINDOWS\System32\SET9F.tmp moved successfully.
C:\WINDOWS\System32\SETA.tmp moved successfully.
C:\WINDOWS\System32\SETA0.tmp moved successfully.
C:\WINDOWS\System32\SETA1.tmp moved successfully.
C:\WINDOWS\System32\SETA2.tmp moved successfully.
C:\WINDOWS\System32\SETA3.tmp moved successfully.
C:\WINDOWS\System32\SETA4.tmp moved successfully.
C:\WINDOWS\System32\SETA5.tmp moved successfully.
C:\WINDOWS\System32\SETA6.tmp moved successfully.
C:\WINDOWS\System32\SETA7.tmp moved successfully.
C:\WINDOWS\System32\SETA8.tmp moved successfully.
C:\WINDOWS\System32\SETA9.tmp moved successfully.
C:\WINDOWS\System32\SETAA.tmp moved successfully.
C:\WINDOWS\System32\SETAB.tmp moved successfully.
C:\WINDOWS\System32\SETAC.tmp moved successfully.
C:\WINDOWS\System32\SETAD.tmp moved successfully.
C:\WINDOWS\System32\SETAE.tmp moved successfully.
C:\WINDOWS\System32\SETAF.tmp moved successfully.
C:\WINDOWS\System32\SETB.tmp moved successfully.
C:\WINDOWS\System32\SETB0.tmp moved successfully.
C:\WINDOWS\System32\SETB1.tmp moved successfully.
C:\WINDOWS\System32\SETB2.tmp moved successfully.
C:\WINDOWS\System32\SETB3.tmp moved successfully.
C:\WINDOWS\System32\SETB4.tmp moved successfully.
C:\WINDOWS\System32\SETB5.tmp moved successfully.
C:\WINDOWS\System32\SETB6.tmp moved successfully.
C:\WINDOWS\System32\SETB7.tmp moved successfully.
C:\WINDOWS\System32\SETB8.tmp moved successfully.
C:\WINDOWS\System32\SETB9.tmp moved successfully.
C:\WINDOWS\System32\SETBA.tmp moved successfully.
C:\WINDOWS\System32\SETBB.tmp moved successfully.
C:\WINDOWS\System32\SETBC.tmp moved successfully.
C:\WINDOWS\System32\SETBD.tmp moved successfully.
C:\WINDOWS\System32\SETBE.tmp moved successfully.
C:\WINDOWS\System32\SETC.tmp moved successfully.
C:\WINDOWS\System32\SETD.tmp moved successfully.
C:\WINDOWS\System32\SETE.tmp moved successfully.
C:\WINDOWS\System32\SETF.tmp moved successfully.
C:\WINDOWS\System32\SETF1.tmp moved successfully.
C:\WINDOWS\System32\SETF2.tmp moved successfully.
C:\WINDOWS\System32\SETF3.tmp moved successfully.
C:\WINDOWS\System32\SETF4.tmp moved successfully.
C:\WINDOWS\System32\SETF5.tmp moved successfully.
C:\WINDOWS\System32\SETF6.tmp moved successfully.
C:\WINDOWS\System32\SETF7.tmp moved successfully.
C:\WINDOWS\System32\SETF8.tmp moved successfully.
C:\WINDOWS\System32\SETF9.tmp moved successfully.
C:\WINDOWS\System32\SETFA.tmp moved successfully.
C:\WINDOWS\System32\SETFB.tmp moved successfully.
C:\WINDOWS\System32\SETFC.tmp moved successfully.
C:\WINDOWS\System32\SETFE.tmp moved successfully.
C:\WINDOWS\System32\SETFF.tmp moved successfully.
C:\WINDOWS\002925_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Annemarie
->Temp folder emptied: 320626487 bytes
->Temporary Internet Files folder emptied: 196675287 bytes
->Java cache emptied: 408059 bytes
->FireFox cache emptied: 95544283 bytes
->Flash cache emptied: 117776 bytes
 
User: Default User
->Temp folder emptied: 344064 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 41 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 114422600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79393748 bytes
RecycleBin emptied: 2131380 bytes
 
Total Files Cleaned = 772,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 07242010_161601

Files\Folders moved on Reboot...
C:\WINDOWS\system32\aaaamonk.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\mwkzo.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\2666068836.dat moved successfully.
File move failed. C:\WINDOWS\System32\rdtxdg.dll scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_828.dat not found!

Registry entries deleted on Reboot...
         
Ist es eigentlich normal, dass OTL nicht in meinen Programmen zu finden ist? Hab' die ausführbare Datei aus meinen firefox Downsloads wieder rausziehen müssen.^^
__________________
To-Do-Liste:
• retten, was zu retten ist

Alt 26.07.2010, 14:57   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Taskleiste, Tastatur und Internet Explorer - Standard

Probleme mit Taskleiste, Tastatur und Internet Explorer



Ja, OTL wird nicht installiert. Die OTL.exe wird einfach nur so ausgeführt.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Probleme mit Taskleiste, Tastatur und Internet Explorer
advanced, anti-malware, bösartige, code, dateien, dokumente, einstellungen, explorer, file, freunde, funktioniert, hkus\s-1-5-18, hoffe, image, interne, internet, internet explorer, malwarebytes, microsoft, minute, opera.exe, probleme, service, software, taskleiste, tastatur, version, windows internet



Ähnliche Themen: Probleme mit Taskleiste, Tastatur und Internet Explorer


  1. Internet Explorer, Seiten in Taskmanager die alle 3-4 sek wechseln,nicht in Taskleiste zu sehen.Starke Cpu Belastung
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (7)
  2. Tastatur geht im Internet Explorer nicht mehr - stark verzögert
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (20)
  3. Zahlreiche Probleme mit Win 7 Explorer, Booten, Maus, Tastatur - Malware-Verdacht
    Log-Analyse und Auswertung - 14.07.2014 (17)
  4. Probleme mit Win Explorer, Booten, Tastatur, Maus
    Alles rund um Windows - 27.06.2014 (4)
  5. Windows Internet Explorer Kein blaues E mehr in der Taskleiste
    Alles rund um Windows - 30.11.2013 (2)
  6. Probleme mit internet explorer: C:\Programm files\Internet Explorer\iexplorer.exe ist keine Win 32 A
    Log-Analyse und Auswertung - 19.09.2011 (1)
  7. Probleme mit Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 03.02.2010 (3)
  8. Internet Explorer hängt, Internet Probleme!
    Log-Analyse und Auswertung - 26.11.2008 (1)
  9. Internet-Explorer Probleme
    Mülltonne - 11.11.2008 (3)
  10. Internet Explorer 6 Probleme
    Mülltonne - 27.01.2008 (1)
  11. Probleme mit Internet Explorer
    Log-Analyse und Auswertung - 02.06.2007 (5)
  12. Probleme mit dem Internet Explorer
    Log-Analyse und Auswertung - 31.03.2006 (14)
  13. probleme mit internet explorer
    Log-Analyse und Auswertung - 26.01.2006 (6)
  14. Probleme mit dem Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 09.12.2005 (18)
  15. Internet Explorer Probleme
    Alles rund um Windows - 31.10.2005 (1)
  16. Probleme mit Internet Explorer
    Log-Analyse und Auswertung - 03.01.2005 (1)
  17. probleme mit internet explorer
    Plagegeister aller Art und deren Bekämpfung - 03.08.2004 (1)

Zum Thema Probleme mit Taskleiste, Tastatur und Internet Explorer - Hallo, Freunde, bevor ich meine Probleme schildere kommt erst mal der Log. Code: Alles auswählen Aufklappen ATTFilter Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer - Probleme mit Taskleiste, Tastatur und Internet Explorer...
Archiv
Du betrachtest: Probleme mit Taskleiste, Tastatur und Internet Explorer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.