IE zeigt komplett weiße Seite an

Dieses Thema IE zeigt komplett weiße Seite an im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von audipaule, 4. Sep. 2008.

Thema: IE zeigt komplett weiße Seite an Hallo, habe seit kurzem ein Problem. Plötzlich ist der ganze Bildschirm weiß. Ich wusste mir erst gar nicht zu...

  1. Hallo,

    habe seit kurzem ein Problem. Plötzlich ist der ganze Bildschirm weiß. Ich wusste mir erst gar nicht zu helfen. Alle Funktionen schienen deaktiviert. Ich war total baff. Da fiel mir Strg+Alt+Entf wieder ein und siehe da: im Taskmanager erschien doch auf einmal Internet Explorer Leere Seite ist geöffnet. War aber keine normale IE-Seite. Wie gesagt, war kein normales IE-Browserfenster mit leerer Seite sondern nur der ganze Bildschirm war weiß und ohne Funktion. Noch lustiger fand ich, dass ich nur den Mozilla-Browser geöffnet hatte und nicht den Internet-Explorer. Nach dem Schließen über den Taskmanager ging es nicht mehr auf. Aber seitdem geht es immer nachdem Hochfahren wieder auf. Keine Ahnung was das sein könnte. Aber es nervt tierisch. Habe Windows Vista SP1. Malware Bytes und Spybot S & D, habe ich schon drüber laufen lassen, ohne Ergebnis.

    LG[br][br]Erstellt am: 04.09.08 um 14:46:46[hr][br]
    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:54:33, on 04.09.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Windows\system32\jusched.exe
    C:\Windows\ehome\ehmsas.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\real\AppData\Local\Temp\Temp2_HiJackThis.zip\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.fleaflicker.com/?leagueId=27799[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop[/url]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] C:\Windows\system32\jureg.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra->Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra->Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O13 - Gopher Prefix: 
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E305E4DB-2D68-401A-82BE-4A4CD45531A9}: NameServer = 217.237.148.102 217.237.151.115
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: T-Online Dialerschutz Dienst (DFSVC) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    
    --
    End of file - 9804 bytes
    
     
  2. und was soll die autom. Auswertung bringen?

    Arbeite bitte die Anleitung vorgehensweise bei schaedlingsbefall hier im Forum ab.

    gruss

    schrauber
     
  3. Was wohl, großer Guru?

    Mit Hilfe der automatischen Auswertung soll der Benutzer bei der Auswertung unterstützt werden.

    Wenn wir dich nicht hätten....................... ::)
     
  4. na prima, du offensichtlicher antiguru

    es kommt unter anderem ein hinweis wie diesen eintrag unbedingt fixen, er wird von unseren usern als gut bewertet. :? ?:)
     
  5. genau das meinte ich :D
     
  6. Hi,

    entweder bin ich zu doof oder das Tool Silent Runner kann ich nicht runterladen. Bekomme wenn ich auf Download klicke eine Seite mit ner Logfile angezeigt. Was mache ich falsch?
     
  7. Code:
    Silent Runners.vbs, revision 58, [url]http://www.silentrunners.org/[/url]
    Operating System: Windows Vista
    Output limited to non-default values, except where indicated by {++}
    
    
    Startup items buried in registry:
    ---------------------------------
    
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]
    ehTray.exe = C:\Windows\ehome\ehTray.exe [MS]
    MsnMsgr = C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background [MS]
    IncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe /c [IncrediMail, Ltd.]
    Magentic = C:\PROGRA~1\Magentic\bin\Magentic.exe /c [empty string]
    SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [Safer Networking Limited]
    
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    Windows Defender = C:\Program Files\Windows Defender\MSASCui.exe -hide
    hpsysdrv = c:\hp\support\hpsysdrv.exe [Hewlett-Packard Company]
    KBD = C:\HP\KBD\KbdStub.EXE [null data]
    OsdMaestro = C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [OsdMaestro]
    StartCCC = c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [null data]
    RtHDVCpl = RtHDVCpl.exe [Realtek Semiconductor]
    HP Health Check Scheduler = c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [null data]
    SunJavaUpdateReg = C:\Windows\system32\jureg.exe [Sun Microsystems, Inc.]
    HP Software Update = c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard Co.]
    (Default) = (empty string) [file not found]
    T-Online Dialerschutz-Software = C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [T-Systems Enterprise Services GmbH]
    ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe [Symantec Corporation]
    Monitor = C:\Windows\PixArt\PAC207\Monitor.exe [PixArt Imaging Incorporation]
    Kernel and Hardware Abstraction Layer = KHALMNPR.EXE [Logitech, Inc.]
    QuickTime Task = C:\Program Files\QuickTime\qttask.exe -atboottime [Apple Computer, Inc.]
    TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [RealNetworks, Inc.]
    Adobe Reader Speed Launcher = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [Adobe Systems Incorporated]
    
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
    Launcher = C:\Windows\SMINST\launcher.exe
    
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
     -> {HKLM...CLSID} = Adobe PDF Reader
              \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]
    {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
     -> {HKLM...CLSID} = RealPlayer Download and Record Plugin for Internet Explorer
              \InProcServer32\(Default) = C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
     -> {HKLM...CLSID} = Spybot-S&D IE Protection
              \InProcServer32\(Default) = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]
    {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = NCO 2.0 IE BHO
     -> {HKLM...CLSID} = (no title provided)
              \InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [Symantec Corporation]
    {6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Symantec Intrusion Prevention
     -> {HKLM...CLSID} = Symantec Intrusion Prevention
              \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [Symantec Corporation]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
     -> {HKLM...CLSID} = SSVHelper Class
              \InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [Sun Microsystems, Inc.]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
     -> {HKLM...CLSID} = Windows Live Anmelde-Hilfsprogramm
              \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
     -> {HKLM...CLSID} = Google Toolbar Helper
              \InProcServer32\(Default) = c:\program files\google\googletoolbar2.dll [Google Germany GmbH]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
     -> {HKLM...CLSID} = Windows Live Toolbar Helper
              \InProcServer32\(Default) = C:\Program Files\Windows Live Toolbar\msntb.dll [MS]
    
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
     -> {HKLM...CLSID} = SimpleShlExt Class
              \InProcServer32\(Default) = c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [empty string]
    {7F67036B-66F1-411A-AD85-759FB9C5B0DB} = ShellViewRTF
     -> {HKLM...CLSID} = ShellViewRTF
              \InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]
    {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} = Messenger Sharing Folders
     -> {HKLM...CLSID} = Meine freigegebenen Ordner
              \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll [MS]
    {0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler
     -> {HKLM...CLSID} = CLSID_WLMCMimeFilter
              \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]
    {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} = Logitech Setpoint Extension
     -> {HKLM...CLSID} = KbLogiExt Class
              \InProcServer32\(Default) = C:\Program Files\Logitech\SetPoint\kbcplext.dll [Logitech, Inc.]
    {B9B9F083-2B04-452A-8691-83694AC1037B} = Logitech Setpoint Extension
     -> {HKLM...CLSID} = LogiExt Class
              \InProcServer32\(Default) = C:\Program Files\Logitech\SetPoint\mcplext.dll [Logitech, Inc.]
    {44440D00-FF19-4AFC-B765-9A0970567D97} = TuneUp Theme Extension
     -> {HKLM...CLSID} = TuneUp Theme Extension
              \InProcServer32\(Default) = C:\Windows\System32\uxtuneup.dll [TuneUp Software GmbH]
    {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = TuneUp Shredder Shell Extension
     -> {HKLM...CLSID} = TuneUp Shredder Shell Extension
              \InProcServer32\(Default) = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll [TuneUp Software GmbH]
    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
     -> {HKLM...CLSID} = (no title provided)
              \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
    {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
     -> {HKLM...CLSID} = (no title provided)
              \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
    {63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
     -> {HKLM...CLSID} = (no title provided)
              \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
    {3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
     -> {HKLM...CLSID} = (no title provided)
              \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
    {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
     -> {HKLM...CLSID} = RealOne Player Context Menu Class
              \InProcServer32\(Default) = C:\Program Files\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.]
    
    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
     -> {HKLM...CLSID} = (no title provided)
              \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
     -> {HKLM...CLSID} = PDF Shell Extension
              \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
    
    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
     -> {HKLM...CLSID} = IEContextMenu Class
              \InProcServer32\(Default) = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll [Symantec Corporation]
    TuneUp Shredder Shell Extension\(Default) = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
     -> {HKLM...CLSID} = TuneUp Shredder Shell Extension
              \InProcServer32\(Default) = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll [TuneUp Software GmbH]
    
    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
    TuneUp Shredder Shell Extension\(Default) = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
     -> {HKLM...CLSID} = TuneUp Shredder Shell Extension
              \InProcServer32\(Default) = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll [TuneUp Software GmbH]
    
    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
    MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     -> {HKLM...CLSID} = MBAMShlExt Class
              \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
     -> {HKLM...CLSID} = IEContextMenu Class
              \InProcServer32\(Default) = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll [Symantec Corporation]
    
    HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
    MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     -> {HKLM...CLSID} = MBAMShlExt Class
              \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
    
    
    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------
    
    Note: detected settings may not have any effect.
    
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
    
    ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
    
    ConsentPromptBehaviorUser = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Behavior Of The Elevation Prompt For Standard Users}
    
    EnableInstallerDetection = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Detect Application Installations And Prompt For Elevation}
    
    EnableLUA = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Run All Administrators In Admin Approval Mode}
    
    EnableSecureUIAPaths = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Only elevate UIAccess applications that are installed in secure locations}
    
    EnableVirtualization = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Virtualize file and registry write failures to per-user locations}
    
    PromptOnSecureDesktop = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Switch to the secure desktop when prompting for elevation}
    
    shutdownwithoutlogon = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}
    
    undockwithoutlogon = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}
    
    FilterAdministratorToken = (REG_DWORD) dword:0x00000000
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Admin Approval Mode for the Built-in Administrator Account}
    
    EnableUIADesktopToggle = (REG_DWORD) dword:0x00000000
    {unrecognized setting}
    
    
    Active Desktop and Wallpaper:
    -----------------------------
    
    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
    
    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    Wallpaper = C:\Windows\web\wallpaper\img24.jpg
    
    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    Wallpaper = C:\Users\real\AppData\Local\Magentic\Runtime\Magentic Wallpaper.bmp
    
    [br][br]Erstellt am: 11.09.08 um 02:54:44[hr][br]
    Code:
    Enabled Screen Saver:
    ---------------------
    
    HKCU\Control Panel\Desktop\
    SCRNSAVE.EXE = C:\WINDOWS\System32\MAGENT~1.SCR (Magentic Screensaver.scr) [IncrediMail LTD.]
    
    
    Windows Portable Device AutoPlay Handlers
    -----------------------------------------
    
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
    
    ASHAshampoo_Burning_Studio_2008_AdvancedBURNONARRIVAL\
    Provider = Ashampoo Burning Studio 2008 Advanced
    InvokeProgID = Ashampoo.BurningStudio2008Advanced
    InvokeVerb = autoplay-burn
    HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2008Advanced\shell\autoplay-burn\Command\(Default) = C:\Program Files\Ashampoo\Ashampoo Burning Studio 2008 Advanced\burningstudio.exe -autoplay -selectdrive %l [ashampoo Technology GmbH & Co. KG]
    
    ASHAshampoo_Burning_Studio_2008_AdvancedCOPYONARRIVAL\
    Provider = Ashampoo Burning Studio 2008 Advanced
    InvokeProgID = Ashampoo.BurningStudio2008Advanced
    InvokeVerb = autoplay-copy
    HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2008Advanced\shell\autoplay-copy\Command\(Default) = C:\Program Files\Ashampoo\Ashampoo Burning Studio 2008 Advanced\burningstudio.exe -autoplay -selectdrive %l -copy [file not found]
    
    ASHAshampoo_Burning_Studio_2008_AdvancedRIPONARRIVAL\
    Provider = Ashampoo Burning Studio 2008 Advanced
    InvokeProgID = Ashampoo.BurningStudio2008Advanced
    InvokeVerb = autoplay-rip
    HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2008Advanced\shell\autoplay-rip\Command\(Default) = C:\Program Files\Ashampoo\Ashampoo Burning Studio 2008 Advanced\burningstudio.exe -autoplay -selectdrive %l -rip [ashampoo Technology GmbH & Co. KG]
    
    FunMultiMediaHandler\
    Provider = MultiMedia Manager
    ProgID = FUNBOX.Autoplay
    HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = {DF866F1F-10DF-4694-94A9-7F526FC8800A}
     -> {HKLM...CLSID} = FUNBOX Autoplay Sample 2
              \LocalServer32\(Default) = C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe [TODO: <** **> (unwritable string)]
    
    HPAutoplayPSE\
    Provider = HP Photosmart Essential 2.01
    InvokeProgID = HpqPSApl.Autoplay
    InvokeVerb = Play
    HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = {A6873065-D632-4615-A3A9-C5F05EE109C1}
     -> {HKLM...CLSID} = (no title provided)
              \LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe [Hewlett-Packard]
    
    LightScribeOnArrivalAP\
    Provider = LightScribe Direct Disc Labeling
    InvokeProgID = LightScribe.AutoPlayHandler
    InvokeVerb = LabelLightScribeDisc
    HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = c:\Program Files\Common Files\LightScribe\LsLauncher.exe [Hewlett-Packard Company]
    
    MediaCapture9Music\
    Provider = Media Import
    InvokeProgID = RoxioMediaCapture9
    InvokeVerb = Audio
    HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Audio\command\(Default) = c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -audio %L [Sonic Solutions]
    
    MediaCapture9Photos\
    Provider = Media Import
    InvokeProgID = RoxioMediaCapture9
    InvokeVerb = Photo
    HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Photo\command\(Default) = c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -photo %L [Sonic Solutions]
    
    MediaCapture9VideoCamera\
    Provider = Media Import
    ProgID = Shell.HWEventHandlerShellExecute
    InitCmdLine = c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe
    HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
     -> {HKLM...CLSID} = Shell Execute Hardware Event Handler
              \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
    
    MediaCapture9Videos\
    Provider = Media Import
    InvokeProgID = RoxioMediaCapture9
    InvokeVerb = Video
    HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Video\command\(Default) = c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -video %L [Sonic Solutions]
    
    PictureProject\
    Provider = PictureProject
    InvokeProgID = PictureProject
    InvokeVerb = open
    HKLM\SOFTWARE\Classes\PictureProject\shell\open\command\(Default) = C:\Program Files\Nikon\PictureProject\NkbTransfer.exe /D=%L [Nikon Corporation]
    
    RoxioSCAudioCDTask33\
    Provider = Roxio Creator Audio
    InvokeProgID = Roxio.RoxioCentral33
    InvokeVerb = AudioCDTask
    HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B} [null data]
    
    RoxioSCCopyCD33\
    Provider = Roxio Creator Copy
    InvokeProgID = Roxio.RoxioCentral33
    InvokeVerb = ExactCopyJob
    HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA} [null data]
    
    RoxioSCCopyDisc33\
    Provider = Roxio Creator Copy
    InvokeProgID = Roxio.RoxioCentral33
    InvokeVerb = ExactCopyJob
    HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA} [null data]
    
    RoxioSCDataProject33\
    Provider = Roxio Creator Data
    InvokeProgID = Roxio.RoxioCentral33
    InvokeVerb = DataGuide
    HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch Data [null data]
    
    RoxioSCDataTask33\
    Provider = Roxio Creator Data
    InvokeProgID = Roxio.RoxioCentral33
    InvokeVerb = DataTask
    HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54} [null data]
    
    RPCDBurningOnArrival\
    Provider = RealPlayer
    InvokeProgID = RealPlayer.CDBurn.6
    InvokeVerb = open
    HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /burn %1 [RealNetworks, Inc.]
    
    RPDeviceOnArrival\
    Provider = RealPlayer
    ProgID = RealPlayer.HWEventHandler
    HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2}
     -> {HKLM...CLSID} = RealNetworks Scheduler
              \LocalServer32\(Default) = C:\Program Files\Common Files\Real\Update_OB\realsched.exe -autoplay [RealNetworks, Inc.]
    
    RPPlayCDAudioOnArrival\
    Provider = RealPlayer
    InvokeProgID = RealPlayer.AudioCD.6
    InvokeVerb = play
    HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /play %1  [RealNetworks, Inc.]
    
    RPPlayDVDMovieOnArrival\
    Provider = RealPlayer
    InvokeProgID = RealPlayer.DVD.6
    InvokeVerb = play
    HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /dvd %1  [RealNetworks, Inc.]
    
    RPPlayMediaOnArrival\
    Provider = RealPlayer
    InvokeProgID = RealPlayer.AutoPlay.6
    InvokeVerb = open
    HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /autoplay %1 [RealNetworks, Inc.]
    
    VLCPlayCDAudioOnArrival\
    Provider = VideoLAN VLC media player
    InvokeProgID = VLC.CDAudio
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1 [VideoLAN Team]
    
    VLCPlayDVDMovieOnArrival\
    Provider = VideoLAN VLC media player
    InvokeProgID = VLC.DVDMovie
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1 [VideoLAN Team]
    
    WIA_{1CC46AFD-9D19-44BC-9751-D59B0FAFACC8}\
    Provider = PictureProject
    CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
    InitCmdLine = /WiaCmd;C:\Program Files\Nikon\PictureProject\NkbTransfer.exe;
     -> {HKLM...CLSID} = WPDShextAutoplay
              \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
    
    
    DESKTOP.INI DLL launch in local fixed drive directories:
    --------------------------------------------------------
    
    D:\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
     -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]
    
    D:\boot\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
     -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]
    
    D:\hp\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
     -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]
    
    D:\PC-Doctor 5 for Win PE\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
     -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]
    
    D:\PRELOAD\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
     -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]
    
    D:\SOURCES\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
     -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]
    
    D:\Windows\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
     -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]
    
    
    Startup items in real & All Users startup folders:
    ------------------------------------------------------
    
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Logitech SetPoint -> shortcut to: C:\Program Files\Logitech\SetPoint\SetPoint.exe [Logitech, Inc.]
    NkbMonitor.exe -> shortcut to: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [Nikon Corporation]
    
    
    Winsock2 Service Provider DLLs:
    -------------------------------
    
    Namespace Service Providers
    
    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
    000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
    000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
    000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
    000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
    000000000006\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000007\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
    
    Transport Service Providers
    
    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 31
    
    
    Toolbars, Explorer Bars, Extensions:
    ------------------------------------
    
    Toolbars
    
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
     -> {HKLM...CLSID} = &Google
              \InProcServer32\(Default) = c:\program files\google\googletoolbar2.dll [Google Germany GmbH]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
     -> {HKLM...CLSID} = Norton-Symbolleiste anzeigen
              \InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [Symantec Corporation]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
     -> {HKLM...CLSID} = Windows Live Toolbar
              \InProcServer32\(Default) = C:\Program Files\Windows Live Toolbar\msntb.dll [MS]
    
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = NCO Toolbar 2.0
     -> {HKLM...CLSID} = Norton-Symbolleiste anzeigen
              \InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [Symantec Corporation]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = (no title provided)
     -> {HKLM...CLSID} = Windows Live Toolbar
              \InProcServer32\(Default) = C:\Program Files\Windows Live Toolbar\msntb.dll [MS]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
     -> {HKLM...CLSID} = &Google
              \InProcServer32\(Default) = c:\program files\google\googletoolbar2.dll [Google Germany GmbH]
    
    Extensions (Tools menu items, main toolbar menu buttons)
    
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    MenuText = Sun Java Konsole
    CLSIDExtension = {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
     -> {HKLM...CLSID} = Java Plug-in 1.6.0_01
              \InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [Sun Microsystems, Inc.]
    
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
    MenuText = Spybot - Search && Destroy Configuration
    CLSIDExtension = {53707962-6F74-2D53-2644-206D7942484F}
     -> {HKLM...CLSID} = Spybot-S&D IE Protection
              \InProcServer32\(Default) = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]
    
    {E59EB121-F339-4851-A3BA-FE49C35617C2}\
    ButtonText = ICQ6
    MenuText = ICQ6
    Exec = C:\Program Files\ICQ6\ICQ.exe [ICQ, Inc.]
    
    
    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------
    
    Ati External Event Utility, Ati External Event Utility, C:\Windows\system32\Ati2evxx.exe [ATI Technologies Inc.]
    Automatisches LiveUpdate - Scheduler, Automatic LiveUpdate Scheduler, C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [Symantec Corporation]
    Bluetooth-Unterstützungsdienst, BthServ, C:\Windows\system32\svchost.exe -k bthsvcs {C:\Windows\System32\bthserv.dll [MS]}
    Computerbrowser, Browser, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\browser.dll [MS]}
    HP Health Check Service, HP Health Check Service, c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [null data]
    LightScribeService Direct Disc Labeling Service, LightScribeService, c:\Program Files\Common Files\LightScribe\LSSrvc.exe [Hewlett-Packard Company]
    LiveUpdate Notice, LiveUpdate Notice, C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [Symantec Corporation]
    Messenger USN Journal Reader-Service für freigegebene Ordner, usnjsvc, C:\Program Files\Windows Live\Messenger\usnsvc.exe [MS]
    SSTP-Dienst, SstpSvc, C:\Windows\system32\svchost.exe -k LocalService {C:\Windows\system32\sstpsvc.dll [MS]}
    Symantec Core LC, Symantec Core LC, C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [Symantec Corporation]
    Symantec Event Manager, ccEvtMgr, C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [Symantec Corporation]
    Symantec Lic NetConnect service, CLTNetCnService, C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [Symantec Corporation]
    Symantec Settings Manager, ccSetMgr, C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [Symantec Corporation]
    T-Online Dialerschutz Dienst, DFSVC, C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [T-Systems Enterprise Services GmbH]
    TuneUp Designerweiterung, UxTuneUp, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\uxtuneup.dll [TuneUp Software GmbH]}
    Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\WUDFSvc.dll [MS]}
    Windows-Bilderfassung, stisvc, C:\Windows\system32\svchost.exe -k imgsvc {C:\Windows\System32\wiaservc.dll [MS]}
    
    
    ---------- (launch time: 2008-09-11 02:39:50)
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
     launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
     took 68 seconds.
    ---------- (total run time: 133 seconds)
    [br][br]Erstellt am: 11.09.08 um 02:57:14[hr][br]Sorry mußte das auf 2 Antworten aufteilen. Bekam immer ne Meldung das der Beitrag die maximalen Zeichen überschritten hätte. Das Problem besteht immer noch. Wäre nett wenn mir einer bei der Beseitigung helfen könnte. Vielen Dank!
     
  8. http://www.wintotal-forum.de/index.php/topic,147847.0.html

    von dieser seite befolge bitte die anweisungen für:

    malwarebytes
    combofix

    und poste die logs.


    gruß

    schrauber
     
Die Seite wird geladen...

IE zeigt komplett weiße Seite an - Ähnliche Themen

Forum Datum
IE11 zeigt komplettes eBay nur als Text-Seite!!!??? Virus? Web-Browser 26. Dez. 2013
Videos werden nicht komplett angezeigt Audio, Video und Brennen 26. Feb. 2007
Software zeigt nicht komplett an. Windows XP Forum 1. Sep. 2005
Task Symbole , Bildsymbole werden nicht mehr angezeigt Windows 8 Forum 25. Okt. 2016
Schriften werden nicht angezeigt im Browser Windows 10 Forum 18. Juli 2016