IE zeigt komplett weiße Seite an

  • #1
A

audipaule

Bekanntes Mitglied
Themenersteller
Dabei seit
06.01.2004
Beiträge
151
Reaktionspunkte
0
Ort
Leidersbach
Hallo,

habe seit kurzem ein Problem. Plötzlich ist der ganze Bildschirm weiß. Ich wusste mir erst gar nicht zu helfen. Alle Funktionen schienen deaktiviert. Ich war total baff. Da fiel mir Strg+Alt+Entf wieder ein und siehe da: im Taskmanager erschien doch auf einmal Internet Explorer Leere Seite ist geöffnet. War aber keine normale IE-Seite. Wie gesagt, war kein normales IE-Browserfenster mit leerer Seite sondern nur der ganze Bildschirm war weiß und ohne Funktion. Noch lustiger fand ich, dass ich nur den Mozilla-Browser geöffnet hatte und nicht den Internet-Explorer. Nach dem Schließen über den Taskmanager ging es nicht mehr auf. Aber seitdem geht es immer nachdem Hochfahren wieder auf. Keine Ahnung was das sein könnte. Aber es nervt tierisch. Habe Windows Vista SP1. Malware Bytes und Spybot S & D, habe ich schon drüber laufen lassen, ohne Ergebnis.

LG[br][br]Erstellt am: 04.09.08 um 14:46:46
[br]
Code: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:33, on 04.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Windows\system32\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\real\AppData\Local\Temp\Temp2_HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.fleaflicker.com/?leagueId=27799[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] C:\Windows\system32\jureg.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra->Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra->Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{E305E4DB-2D68-401A-82BE-4A4CD45531A9}: NameServer = 217.237.148.102 217.237.151.115
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: T-Online Dialerschutz Dienst (DFSVC) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 9804 bytes
 
  • #3
und was soll die autom. Auswertung bringen?

Arbeite bitte die Anleitung vorgehensweise bei schaedlingsbefall hier im Forum ab.

gruss

schrauber
 
  • #4
Was wohl, großer Guru?

Mit Hilfe der automatischen Auswertung soll der Benutzer bei der Auswertung unterstützt werden.

Wenn wir dich nicht hätten....................... ::)
 
  • #5
na prima, du offensichtlicher antiguru

es kommt unter anderem ein hinweis wie diesen eintrag unbedingt fixen, er wird von unseren usern als gut bewertet. :? ?:)
 
  • #6
genau das meinte ich :D
 
  • #7
Hi,

entweder bin ich zu doof oder das Tool Silent Runner kann ich nicht runterladen. Bekomme wenn ich auf Download klicke eine Seite mit ner Logfile angezeigt. Was mache ich falsch?
 
  • #9
Code: 
Silent Runners.vbs, revision 58, [url]http://www.silentrunners.org/[/url]
Operating System: Windows Vista
Output limited to non-default values, except where indicated by {++}


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]
ehTray.exe = C:\Windows\ehome\ehTray.exe [MS]
MsnMsgr = C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background [MS]
IncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe /c [IncrediMail, Ltd.]
Magentic = C:\PROGRA~1\Magentic\bin\Magentic.exe /c [empty string]
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [Safer Networking Limited]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
Windows Defender = C:\Program Files\Windows Defender\MSASCui.exe -hide
hpsysdrv = c:\hp\support\hpsysdrv.exe [Hewlett-Packard Company]
KBD = C:\HP\KBD\KbdStub.EXE [null data]
OsdMaestro = C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [OsdMaestro]
StartCCC = c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [null data]
RtHDVCpl = RtHDVCpl.exe [Realtek Semiconductor]
HP Health Check Scheduler = c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [null data]
SunJavaUpdateReg = C:\Windows\system32\jureg.exe [Sun Microsystems, Inc.]
HP Software Update = c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard Co.]
(Default) = (empty string) [file not found]
T-Online Dialerschutz-Software = C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [T-Systems Enterprise Services GmbH]
ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe [Symantec Corporation]
Monitor = C:\Windows\PixArt\PAC207\Monitor.exe [PixArt Imaging Incorporation]
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE [Logitech, Inc.]
QuickTime Task = C:\Program Files\QuickTime\qttask.exe -atboottime [Apple Computer, Inc.]
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [RealNetworks, Inc.]
Adobe Reader Speed Launcher = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [Adobe Systems Incorporated]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
Launcher = C:\Windows\SMINST\launcher.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
 -> {HKLM...CLSID} = Adobe PDF Reader
          \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
 -> {HKLM...CLSID} = RealPlayer Download and Record Plugin for Internet Explorer
          \InProcServer32\(Default) = C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
 -> {HKLM...CLSID} = Spybot-S&D IE Protection
          \InProcServer32\(Default) = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = NCO 2.0 IE BHO
 -> {HKLM...CLSID} = (no title provided)
          \InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [Symantec Corporation]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Symantec Intrusion Prevention
 -> {HKLM...CLSID} = Symantec Intrusion Prevention
          \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [Symantec Corporation]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
 -> {HKLM...CLSID} = SSVHelper Class
          \InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [Sun Microsystems, Inc.]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
 -> {HKLM...CLSID} = Windows Live Anmelde-Hilfsprogramm
          \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
 -> {HKLM...CLSID} = Google Toolbar Helper
          \InProcServer32\(Default) = c:\program files\google\googletoolbar2.dll [Google Germany GmbH]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
 -> {HKLM...CLSID} = Windows Live Toolbar Helper
          \InProcServer32\(Default) = C:\Program Files\Windows Live Toolbar\msntb.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
 -> {HKLM...CLSID} = SimpleShlExt Class
          \InProcServer32\(Default) = c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [empty string]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = ShellViewRTF
 -> {HKLM...CLSID} = ShellViewRTF
          \InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} = Messenger Sharing Folders
 -> {HKLM...CLSID} = Meine freigegebenen Ordner
          \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll [MS]
{0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler
 -> {HKLM...CLSID} = CLSID_WLMCMimeFilter
          \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} = Logitech Setpoint Extension
 -> {HKLM...CLSID} = KbLogiExt Class
          \InProcServer32\(Default) = C:\Program Files\Logitech\SetPoint\kbcplext.dll [Logitech, Inc.]
{B9B9F083-2B04-452A-8691-83694AC1037B} = Logitech Setpoint Extension
 -> {HKLM...CLSID} = LogiExt Class
          \InProcServer32\(Default) = C:\Program Files\Logitech\SetPoint\mcplext.dll [Logitech, Inc.]
{44440D00-FF19-4AFC-B765-9A0970567D97} = TuneUp Theme Extension
 -> {HKLM...CLSID} = TuneUp Theme Extension
          \InProcServer32\(Default) = C:\Windows\System32\uxtuneup.dll [TuneUp Software GmbH]
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = TuneUp Shredder Shell Extension
 -> {HKLM...CLSID} = TuneUp Shredder Shell Extension
          \InProcServer32\(Default) = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll [TuneUp Software GmbH]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
 -> {HKLM...CLSID} = (no title provided)
          \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
 -> {HKLM...CLSID} = (no title provided)
          \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
 -> {HKLM...CLSID} = (no title provided)
          \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
 -> {HKLM...CLSID} = (no title provided)
          \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
 -> {HKLM...CLSID} = RealOne Player Context Menu Class
          \InProcServer32\(Default) = C:\Program Files\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
 -> {HKLM...CLSID} = (no title provided)
          \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll [Sun Microsystems, Inc.]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
 -> {HKLM...CLSID} = PDF Shell Extension
          \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
 -> {HKLM...CLSID} = IEContextMenu Class
          \InProcServer32\(Default) = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll [Symantec Corporation]
TuneUp Shredder Shell Extension\(Default) = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
 -> {HKLM...CLSID} = TuneUp Shredder Shell Extension
          \InProcServer32\(Default) = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll [TuneUp Software GmbH]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder Shell Extension\(Default) = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
 -> {HKLM...CLSID} = TuneUp Shredder Shell Extension
          \InProcServer32\(Default) = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll [TuneUp Software GmbH]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 -> {HKLM...CLSID} = MBAMShlExt Class
          \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
 -> {HKLM...CLSID} = IEContextMenu Class
          \InProcServer32\(Default) = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll [Symantec Corporation]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 -> {HKLM...CLSID} = MBAMShlExt Class
          \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

ConsentPromptBehaviorUser = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

EnableInstallerDetection = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

EnableLUA = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

EnableSecureUIAPaths = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

EnableVirtualization = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

PromptOnSecureDesktop = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

shutdownwithoutlogon = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

undockwithoutlogon = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

FilterAdministratorToken = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

EnableUIADesktopToggle = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\Windows\web\wallpaper\img24.jpg

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\real\AppData\Local\Magentic\Runtime\Magentic Wallpaper.bmp
[br][br]Erstellt am: 11.09.08 um 02:54:44
[br]
Code: 
Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\System32\MAGENT~1.SCR (Magentic Screensaver.scr) [IncrediMail LTD.]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ASHAshampoo_Burning_Studio_2008_AdvancedBURNONARRIVAL\
Provider = Ashampoo Burning Studio 2008 Advanced
InvokeProgID = Ashampoo.BurningStudio2008Advanced
InvokeVerb = autoplay-burn
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2008Advanced\shell\autoplay-burn\Command\(Default) = C:\Program Files\Ashampoo\Ashampoo Burning Studio 2008 Advanced\burningstudio.exe -autoplay -selectdrive %l [ashampoo Technology GmbH & Co. KG]

ASHAshampoo_Burning_Studio_2008_AdvancedCOPYONARRIVAL\
Provider = Ashampoo Burning Studio 2008 Advanced
InvokeProgID = Ashampoo.BurningStudio2008Advanced
InvokeVerb = autoplay-copy
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2008Advanced\shell\autoplay-copy\Command\(Default) = C:\Program Files\Ashampoo\Ashampoo Burning Studio 2008 Advanced\burningstudio.exe -autoplay -selectdrive %l -copy [file not found]

ASHAshampoo_Burning_Studio_2008_AdvancedRIPONARRIVAL\
Provider = Ashampoo Burning Studio 2008 Advanced
InvokeProgID = Ashampoo.BurningStudio2008Advanced
InvokeVerb = autoplay-rip
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2008Advanced\shell\autoplay-rip\Command\(Default) = C:\Program Files\Ashampoo\Ashampoo Burning Studio 2008 Advanced\burningstudio.exe -autoplay -selectdrive %l -rip [ashampoo Technology GmbH & Co. KG]

FunMultiMediaHandler\
Provider = MultiMedia Manager
ProgID = FUNBOX.Autoplay
HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = {DF866F1F-10DF-4694-94A9-7F526FC8800A}
 -> {HKLM...CLSID} = FUNBOX Autoplay Sample 2
          \LocalServer32\(Default) = C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe [TODO: <** **> (unwritable string)]

HPAutoplayPSE\
Provider = HP Photosmart Essential 2.01
InvokeProgID = HpqPSApl.Autoplay
InvokeVerb = Play
HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = {A6873065-D632-4615-A3A9-C5F05EE109C1}
 -> {HKLM...CLSID} = (no title provided)
          \LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe [Hewlett-Packard]

LightScribeOnArrivalAP\
Provider = LightScribe Direct Disc Labeling
InvokeProgID = LightScribe.AutoPlayHandler
InvokeVerb = LabelLightScribeDisc
HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = c:\Program Files\Common Files\LightScribe\LsLauncher.exe [Hewlett-Packard Company]

MediaCapture9Music\
Provider = Media Import
InvokeProgID = RoxioMediaCapture9
InvokeVerb = Audio
HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Audio\command\(Default) = c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -audio %L [Sonic Solutions]

MediaCapture9Photos\
Provider = Media Import
InvokeProgID = RoxioMediaCapture9
InvokeVerb = Photo
HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Photo\command\(Default) = c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -photo %L [Sonic Solutions]

MediaCapture9VideoCamera\
Provider = Media Import
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
 -> {HKLM...CLSID} = Shell Execute Hardware Event Handler
          \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

MediaCapture9Videos\
Provider = Media Import
InvokeProgID = RoxioMediaCapture9
InvokeVerb = Video
HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Video\command\(Default) = c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe -video %L [Sonic Solutions]

PictureProject\
Provider = PictureProject
InvokeProgID = PictureProject
InvokeVerb = open
HKLM\SOFTWARE\Classes\PictureProject\shell\open\command\(Default) = C:\Program Files\Nikon\PictureProject\NkbTransfer.exe /D=%L [Nikon Corporation]

RoxioSCAudioCDTask33\
Provider = Roxio Creator Audio
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = AudioCDTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B} [null data]

RoxioSCCopyCD33\
Provider = Roxio Creator Copy
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA} [null data]

RoxioSCCopyDisc33\
Provider = Roxio Creator Copy
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA} [null data]

RoxioSCDataProject33\
Provider = Roxio Creator Data
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = DataGuide
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch Data [null data]

RoxioSCDataTask33\
Provider = Roxio Creator Data
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = DataTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54} [null data]

RPCDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.CDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /burn %1 [RealNetworks, Inc.]

RPDeviceOnArrival\
Provider = RealPlayer
ProgID = RealPlayer.HWEventHandler
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2}
 -> {HKLM...CLSID} = RealNetworks Scheduler
          \LocalServer32\(Default) = C:\Program Files\Common Files\Real\Update_OB\realsched.exe -autoplay [RealNetworks, Inc.]

RPPlayCDAudioOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AudioCD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /play %1  [RealNetworks, Inc.]

RPPlayDVDMovieOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /dvd %1  [RealNetworks, Inc.]

RPPlayMediaOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AutoPlay.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = C:\Program Files\Real\RealPlayer\RealPlay.exe /autoplay %1 [RealNetworks, Inc.]

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = play
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1 [VideoLAN Team]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = play
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1 [VideoLAN Team]

WIA_{1CC46AFD-9D19-44BC-9751-D59B0FAFACC8}\
Provider = PictureProject
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files\Nikon\PictureProject\NkbTransfer.exe;
 -> {HKLM...CLSID} = WPDShextAutoplay
          \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

D:\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
 -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]

D:\boot\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
 -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]

D:\hp\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
 -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]

D:\PC-Doctor 5 for Win PE\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
 -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]

D:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
 -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]

D:\SOURCES\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
 -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]

D:\Windows\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
 -> {HKLM...CLSID}\InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS]


Startup items in real & All Users startup folders:
------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint -> shortcut to: C:\Program Files\Logitech\SetPoint\SetPoint.exe [Logitech, Inc.]
NkbMonitor.exe -> shortcut to: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [Nikon Corporation]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000007\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 31


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
 -> {HKLM...CLSID} = &Google
          \InProcServer32\(Default) = c:\program files\google\googletoolbar2.dll [Google Germany GmbH]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
 -> {HKLM...CLSID} = Norton-Symbolleiste anzeigen
          \InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [Symantec Corporation]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
 -> {HKLM...CLSID} = Windows Live Toolbar
          \InProcServer32\(Default) = C:\Program Files\Windows Live Toolbar\msntb.dll [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = NCO Toolbar 2.0
 -> {HKLM...CLSID} = Norton-Symbolleiste anzeigen
          \InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [Symantec Corporation]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = (no title provided)
 -> {HKLM...CLSID} = Windows Live Toolbar
          \InProcServer32\(Default) = C:\Program Files\Windows Live Toolbar\msntb.dll [MS]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
 -> {HKLM...CLSID} = &Google
          \InProcServer32\(Default) = c:\program files\google\googletoolbar2.dll [Google Germany GmbH]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
MenuText = Sun Java Konsole
CLSIDExtension = {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
 -> {HKLM...CLSID} = Java Plug-in 1.6.0_01
          \InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [Sun Microsystems, Inc.]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
MenuText = Spybot - Search && Destroy Configuration
CLSIDExtension = {53707962-6F74-2D53-2644-206D7942484F}
 -> {HKLM...CLSID} = Spybot-S&D IE Protection
          \InProcServer32\(Default) = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
ButtonText = ICQ6
MenuText = ICQ6
Exec = C:\Program Files\ICQ6\ICQ.exe [ICQ, Inc.]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati External Event Utility, Ati External Event Utility, C:\Windows\system32\Ati2evxx.exe [ATI Technologies Inc.]
Automatisches LiveUpdate - Scheduler, Automatic LiveUpdate Scheduler, C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [Symantec Corporation]
Bluetooth-Unterstützungsdienst, BthServ, C:\Windows\system32\svchost.exe -k bthsvcs {C:\Windows\System32\bthserv.dll [MS]}
Computerbrowser, Browser, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\browser.dll [MS]}
HP Health Check Service, HP Health Check Service, c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [null data]
LightScribeService Direct Disc Labeling Service, LightScribeService, c:\Program Files\Common Files\LightScribe\LSSrvc.exe [Hewlett-Packard Company]
LiveUpdate Notice, LiveUpdate Notice, C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [Symantec Corporation]
Messenger USN Journal Reader-Service für freigegebene Ordner, usnjsvc, C:\Program Files\Windows Live\Messenger\usnsvc.exe [MS]
SSTP-Dienst, SstpSvc, C:\Windows\system32\svchost.exe -k LocalService {C:\Windows\system32\sstpsvc.dll [MS]}
Symantec Core LC, Symantec Core LC, C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [Symantec Corporation]
Symantec Event Manager, ccEvtMgr, C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [Symantec Corporation]
Symantec Lic NetConnect service, CLTNetCnService, C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [Symantec Corporation]
Symantec Settings Manager, ccSetMgr, C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [Symantec Corporation]
T-Online Dialerschutz Dienst, DFSVC, C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [T-Systems Enterprise Services GmbH]
TuneUp Designerweiterung, UxTuneUp, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\uxtuneup.dll [TuneUp Software GmbH]}
Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\WUDFSvc.dll [MS]}
Windows-Bilderfassung, stisvc, C:\Windows\system32\svchost.exe -k imgsvc {C:\Windows\System32\wiaservc.dll [MS]}


---------- (launch time: 2008-09-11 02:39:50)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
 launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
 took 68 seconds.
---------- (total run time: 133 seconds)
[br][br]Erstellt am: 11.09.08 um 02:57:14
[br]Sorry mußte das auf 2 Antworten aufteilen. Bekam immer ne Meldung das der Beitrag die maximalen Zeichen überschritten hätte. Das Problem besteht immer noch. Wäre nett wenn mir einer bei der Beseitigung helfen könnte. Vielen Dank!
 
  • #10
  • #11
Malewarebytes:

Code: 
Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1142
Windows 6.0.6001 Service Pack 1

12.09.2008 22:46:14
mbam-log-2008-09-12 (22-46-14).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 149993
Laufzeit: 57 minute(s), 44 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
[br][br]Erstellt am: 12.09.08 um 22:49:02
[br]Combo Fix:

Code: 
ComboFix 08-09-11.02 - real 2008-09-12 22:53:45.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1031.18.1014 [GMT 2:00]
ausgeführt von:: C:\Users\real\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jusched.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2008-08-12 bis 2008-09-12 ))))))))))))))))))))))))))))))
.

2008-09-10 17:45 . 2008-07-31 03:13	4,240,384	--a------	C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-09-10 17:45 . 2008-07-31 05:32	28,160	--a------	C:\WINDOWS\System32\Apphlpdm.dll
2008-09-10 17:16 . 2008-08-02 03:01	625,152	--a------	C:\WINDOWS\System32\drivers\dxgkrnl.sys
2008-09-10 17:16 . 2008-06-26 05:29	565,248	--a------	C:\WINDOWS\System32\emdmgmt.dll
2008-09-10 17:16 . 2008-06-26 05:29	303,616	--a------	C:\WINDOWS\System32\wmpeffects.dll
2008-09-10 17:16 . 2008-05-08 21:21	211,968	--a------	C:\WINDOWS\System32\drivers\mrxsmb10.sys
2008-09-10 17:16 . 2008-05-20 04:07	148,480	--a------	C:\WINDOWS\System32\drivers\nwifi.sys
2008-09-10 17:16 . 2008-06-26 05:29	45,056	--a------	C:\WINDOWS\System32\dataclen.dll
2008-09-10 17:16 . 2008-08-02 05:26	36,864	--a------	C:\WINDOWS\System32\cdd.dll
2008-09-09 18:39 . 2008-09-09 18:39	<DIR>	d--------	C:\Users\real\AppData\Roaming\OpenOffice.org2
2008-09-05 00:43 . 2008-09-05 00:43	<DIR>	d--------	C:\Users\All Users\Zylom
2008-09-05 00:43 . 2008-09-05 00:43	<DIR>	d--------	C:\ProgramData\Zylom
2008-09-05 00:32 . 2008-09-05 00:32	<DIR>	d--------	C:\Users\real\AppData\Roaming\Zylom
2008-09-04 14:04 . 2008-09-04 14:05	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-09-01 20:24 . 2008-09-01 20:24	<DIR>	d--------	C:\Users\real\AppData\Roaming\Malwarebytes
2008-09-01 20:24 . 2008-09-01 20:24	<DIR>	d--------	C:\Users\All Users\Malwarebytes
2008-09-01 20:24 . 2008-09-01 20:24	<DIR>	d--------	C:\ProgramData\Malwarebytes
2008-09-01 20:24 . 2008-09-11 09:47	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 20:24 . 2008-09-10 00:04	38,528	--a------	C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2008-09-01 20:24 . 2008-09-10 00:03	17,200	--a------	C:\WINDOWS\System32\drivers\mbam.sys
2008-08-31 15:59 . 2008-08-31 15:59	<DIR>	d--------	C:\Program Files\Free WMA to MP3 Converter
2008-08-31 15:13 . 2008-08-31 15:13	<DIR>	d--------	C:\Users\real\AppData\Roaming\vlc
2008-08-31 14:53 . 2008-08-31 15:15	481	--a------	C:\WINDOWS\cdplayer.ini
2008-08-31 14:49 . 2008-08-31 14:49	<DIR>	d--------	C:\Program Files\Real
2008-08-31 14:49 . 2008-08-31 14:49	<DIR>	d--------	C:\Program Files\Common Files\Real
2008-08-31 14:41 . 2008-08-31 14:41	<DIR>	d--------	C:\Program Files\Xing
2008-08-31 14:41 . 2008-08-31 14:41	<DIR>	d--------	C:\Program Files\Common Files\Xing Shared
2008-08-31 14:41 . 1998-06-17 00:00	995,383	--a------	C:\WINDOWS\System32\temp.003
2008-08-31 14:41 . 1998-06-17 00:00	401,462	--a------	C:\WINDOWS\System32\temp.004
2008-08-31 14:41 . 1998-12-16 12:08	317,952	--a------	C:\WINDOWS\System32\Roboex32.dll
2008-08-31 14:41 . 1998-10-22 00:00	239,888	--a------	C:\WINDOWS\System32\temp.005
2008-08-31 14:23 . 2008-09-09 18:44	<DIR>	d--------	C:\Users\real\.gimp-2.4
2008-08-29 09:47 . 2008-09-10 14:01	<DIR>	d--------	C:\Users\All Users\Spybot - Search & Destroy
2008-08-29 09:47 . 2008-09-10 14:01	<DIR>	d--------	C:\ProgramData\Spybot - Search & Destroy
2008-08-29 09:47 . 2008-09-09 22:24	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-08-26 16:17 . 2008-07-19 07:09	1,811,656	--a------	C:\WINDOWS\System32\wuaueng.dll
2008-08-26 16:17 . 2008-07-19 05:44	1,524,736	--a------	C:\WINDOWS\System32\wucltux.dll
2008-08-26 16:17 . 2008-07-19 07:09	563,912	--a------	C:\WINDOWS\System32\wuapi.dll
2008-08-26 16:17 . 2008-07-18 22:08	163,904	--a------	C:\WINDOWS\System32\wuwebv.dll
2008-08-26 16:17 . 2008-07-19 05:44	83,456	--a------	C:\WINDOWS\System32\wudriver.dll
2008-08-26 16:17 . 2008-07-19 07:10	53,448	--a------	C:\WINDOWS\System32\wuauclt.exe
2008-08-26 16:17 . 2008-07-19 07:10	45,768	--a------	C:\WINDOWS\System32\wups2.dll
2008-08-26 16:17 . 2008-07-19 07:10	36,552	--a------	C:\WINDOWS\System32\wups.dll
2008-08-26 16:17 . 2008-07-18 20:44	31,232	--a------	C:\WINDOWS\System32\wuapp.exe
2008-08-26 08:50 . 2008-08-26 08:50	20	---h-----	C:\Users\All Users\PKP_DLec.DAT
2008-08-26 08:50 . 2008-08-26 08:50	20	---h-----	C:\ProgramData\PKP_DLec.DAT
2008-08-25 14:35 . 2008-08-25 14:35	<DIR>	d--------	C:\Users\real\AppData\Roaming\Nikon
2008-08-25 14:35 . 2008-08-25 14:35	<DIR>	d--------	C:\Users\All Users\Nikon
2008-08-25 14:35 . 2008-08-25 14:35	<DIR>	d--------	C:\ProgramData\Nikon
2008-08-25 14:35 . 2008-08-25 14:36	<DIR>	d--------	C:\Program Files\Common Files\Nikon
2008-08-25 14:35 . 2006-10-25 14:14	5,709,824	-ra------	C:\WINDOWS\System32\NkNEFPlugin.dll
2008-08-25 14:35 . 2003-03-19 13:28	2,179,072	--a------	C:\WINDOWS\System32\mfc71d.dll
2008-08-25 14:35 . 2002-01-06 06:48	974,848	--a------	C:\WINDOWS\System32\mfc70.dll
2008-08-25 14:35 . 2003-03-19 12:04	765,952	--a------	C:\WINDOWS\System32\msvcp71d.dll
2008-08-25 14:35 . 2003-03-19 12:03	544,768	--a------	C:\WINDOWS\System32\msvcr71d.dll
2008-08-25 14:35 . 2002-01-05 20:40	487,424	--a------	C:\WINDOWS\System32\msvcp70.dll
2008-08-25 14:35 . 2002-01-05 21:10	61,440	--a------	C:\WINDOWS\System32\mfc70deu.dll
2008-08-25 14:34 . 2008-08-26 08:50	<DIR>	d--------	C:\Users\All Users\Ultima_T15
2008-08-25 14:34 . 2008-08-25 14:34	<DIR>	d--------	C:\Users\All Users\Stingers
2008-08-25 14:34 . 2008-08-26 08:50	<DIR>	d--------	C:\Users\All Users\EnterNHelp
2008-08-25 14:34 . 2008-08-26 08:50	<DIR>	d--------	C:\ProgramData\Ultima_T15
2008-08-25 14:34 . 2008-08-25 14:34	<DIR>	d--------	C:\ProgramData\Stingers
2008-08-25 14:34 . 2008-08-26 08:50	<DIR>	d--------	C:\ProgramData\EnterNHelp
2008-08-25 14:34 . 2008-08-26 08:50	20	---h-----	C:\Users\All Users\PKP_DLds.DAT
2008-08-25 14:34 . 2008-08-26 08:50	20	---h-----	C:\ProgramData\PKP_DLds.DAT
2008-08-25 14:31 . 2008-08-25 14:34	<DIR>	d--------	C:\Program Files\Nikon
2008-08-25 14:31 . 2000-07-15 22:21	995,383	--a------	C:\WINDOWS\System32\temp.000
2008-08-25 14:27 . 2008-08-25 14:27	<DIR>	d--------	C:\Program Files\QuickTime
2008-08-25 14:27 . 2008-08-25 14:27	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-08-25 14:27 . 2008-08-25 14:27	1,409	--a------	C:\WINDOWS\QTFont.for
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	dr-------	C:\WINDOWS\System32\config\systemprofile\Videos
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	dr-------	C:\WINDOWS\System32\config\systemprofile\Searches
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	dr-------	C:\WINDOWS\System32\config\systemprofile\Saved Games
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	dr-------	C:\WINDOWS\System32\config\systemprofile\Pictures
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	dr-------	C:\WINDOWS\System32\config\systemprofile\Music
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	dr-------	C:\WINDOWS\System32\config\systemprofile\Links
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	dr-------	C:\WINDOWS\System32\config\systemprofile\Downloads
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	dr-------	C:\WINDOWS\System32\config\systemprofile\Documents
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	d--------	C:\Users\All Users\Apple Computer
2008-08-25 14:26 . 2008-08-25 14:26	<DIR>	d--------	C:\ProgramData\Apple Computer
2008-08-25 14:24 . 2008-08-25 14:24	<DIR>	d--------	C:\Program Files\ArcSoft
2008-08-25 14:24 . 1995-08-01 04:44	212,480	---------	C:\WINDOWS\PCDLIB32.DLL
2008-08-25 13:57 . 2007-07-03 16:58	106,792	--a------	C:\WINDOWS\System32\drivers\sscdmdm.sys
2008-08-25 13:57 . 2007-07-03 16:54	80,552	--a------	C:\WINDOWS\System32\drivers\sscdbus.sys
2008-08-25 13:57 . 2007-07-03 16:57	11,944	--a------	C:\WINDOWS\System32\drivers\sscdmdfl.sys
2008-08-25 13:57 . 2007-07-03 17:00	9,256	--a------	C:\WINDOWS\System32\drivers\sscdwhnt.sys
2008-08-25 13:57 . 2007-07-03 17:00	9,256	--a------	C:\WINDOWS\System32\drivers\sscdwh.sys
2008-08-25 13:57 . 2007-07-03 16:56	9,256	--a------	C:\WINDOWS\System32\drivers\sscdcmnt.sys
2008-08-25 13:57 . 2007-07-03 16:56	9,256	--a------	C:\WINDOWS\System32\drivers\sscdcm.sys
2008-08-25 13:52 . 2008-08-25 13:59	<DIR>	d--------	C:\WINDOWS\System32\Samsung_USB_Drivers
2008-08-25 13:52 . 2008-08-25 13:52	<DIR>	d--------	C:\Program Files\Samsung
2008-08-25 13:52 . 2008-08-25 14:14	5,632	--a------	C:\WINDOWS\System32\drivers\StarOpen.sys
2008-08-25 13:52 . 2005-08-28 20:51	766	--a------	C:\WINDOWS\System32\Uninstall.ico
2008-08-25 04:07 . 2008-08-25 04:07	<DIR>	d--------	C:\MEGLO
2008-08-25 03:55 . 2008-08-25 04:24	<DIR>	d--------	C:\Program Files\DATA BECKER
2008-08-25 03:55 . 1998-11-17 13:44	328,704	--a------	C:\WINDOWS\IsUn0407.exe
2008-08-24 17:20 . 2008-04-26 10:25	3,600,952	--a------	C:\WINDOWS\System32\ntkrnlpa.exe
2008-08-24 15:31 . 2008-08-24 15:31	<DIR>	d--------	C:\Program Files\Magentic
2008-08-24 15:31 . 2008-08-04 09:51	750,984	--a------	C:\WINDOWS\System32\Magentic Screensaver.scr
2008-08-24 15:18 . 2008-08-24 15:18	<DIR>	d--------	C:\Users\real\AppData\Roaming\NASA
2008-08-24 15:16 . 2008-08-24 15:16	<DIR>	d--------	C:\Users\real\AppData\Roaming\Ashampoo Photo Commander 5
2008-08-24 15:15 . 2008-08-24 15:15	<DIR>	d--------	C:\Users\real\AppData\Roaming\Ashampoo
2008-08-24 15:14 . 2008-08-24 15:14	<DIR>	d--------	C:\Program Files\VideoLAN
2008-08-24 15:13 . 2008-08-24 15:13	<DIR>	d--------	C:\Program Files\MediaCoder Audio Edition
2008-08-24 15:11 . 2008-08-24 15:11	<DIR>	d--------	C:\Program Files\GIMP-2.0
2008-08-24 15:08 . 2008-08-24 15:08	<DIR>	d--------	C:\Program Files\NASA
2008-08-24 14:56 . 2008-08-24 14:56	<DIR>	d--------	C:\Users\All Users\ashampoo
2008-08-24 14:56 . 2008-08-24 14:56	<DIR>	d--------	C:\ProgramData\ashampoo
2008-08-24 14:56 . 2008-08-24 15:02	<DIR>	d--------	C:\Program Files\Ashampoo
2008-08-24 14:45 . 2008-08-24 14:45	<DIR>	d--------	C:\Program Files\OpenOffice.org 2.4
2008-08-24 14:11 . 2008-08-24 14:11	<DIR>	d--------	C:\PerfLogs
2008-08-23 20:49 . 2008-01-19 09:33	2,623,488	--a------	C:\WINDOWS\System32\SLsvc.exe
2008-08-23 20:49 . 2008-01-19 09:36	1,541,120	--a------	C:\WINDOWS\System32\onex.dll
2008-08-23 20:47 . 2008-01-19 09:33	8,139,264	--a------	C:\WINDOWS\System32\ssBranded.scr
2008-08-23 20:46 . 2008-01-19 08:06	8,147,456	--a------	C:\WINDOWS\System32\wmploc.DLL
2008-08-23 20:45 . 2008-01-19 09:34	305,152	--a------	C:\WINDOWS\System32\msdelta.dll
2008-08-23 20:45 . 2008-01-19 09:34	258,560	--a------	C:\WINDOWS\System32\dpx.dll
2008-08-23 20:45 . 2008-01-19 09:34	246,784	--a------	C:\WINDOWS\System32\drvstore.dll
2008-08-23 20:45 . 2008-01-19 09:36	218,624	--a------	C:\WINDOWS\System32\wdscore.dll
2008-08-23 20:45 . 2008-01-19 09:33	130,560	--a------	C:\WINDOWS\System32\PkgMgr.exe
2008-08-23 20:45 . 2008-01-19 09:35	35,328	--a------	C:\WINDOWS\System32\mspatcha.dll
2008-08-23 19:24 . 2008-08-23 19:24	<DIR>	d--------	C:\Users\real\AppData\Roaming\T-Online
2008-08-23 19:24 . 2008-08-23 21:18	<DIR>	d--------	C:\Users\Public\Musicload
2008-08-23 19:01 . 2008-08-23 19:02	<DIR>	d--------	C:\Program Files\Draft Master 2008
2008-08-23 16:31 . 2008-08-23 16:31	13,594	--a------	C:\WINDOWS\System32\NULL
[br][br]Erstellt am: 12.09.08 um 23:03:23
[br]
Code: 
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 20:39	---------	d-----w	C:\ProgramData\Symantec
2008-09-10 18:01	---------	d-----w	C:\Program Files\Microsoft Works
2008-08-25 12:36	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-24 12:27	174	--sha-w	C:\Program Files\desktop.ini
2008-08-24 12:13	---------	d-----w	C:\Program Files\Windows Sidebar
2008-08-24 12:13	---------	d-----w	C:\Program Files\Windows Photo Gallery
2008-08-24 12:13	---------	d-----w	C:\Program Files\Windows Mail
2008-08-24 12:13	---------	d-----w	C:\Program Files\Windows Journal
2008-08-24 12:13	---------	d-----w	C:\Program Files\Windows Defender
2008-08-24 12:13	---------	d-----w	C:\Program Files\Windows Collaboration
2008-08-24 12:13	---------	d-----w	C:\Program Files\Windows Calendar
2008-08-24 11:46	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-08-24 11:46	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-08-24 11:21	---------	d-----w	C:\Program Files\Google
2008-08-22 18:50	9,847,296	----a-w	C:\Windows\System32\NlsData000a.dll
2008-08-22 17:56	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-08-22 17:26	988,216	----a-w	C:\Windows\System32\winload.exe
2008-08-22 17:26	927,288	----a-w	C:\Windows\System32\winresume.exe
2008-08-22 17:26	615,992	----a-w	C:\Windows\System32\ci.dll
2008-08-22 17:26	6,656	----a-w	C:\Windows\System32\kbd106n.dll
2008-08-22 17:26	6,656	----a-w	C:\Windows\System32\kbd106.dll
2008-08-22 17:26	46,592	----a-w	C:\Windows\System32\setbcdlocale.dll
2008-08-22 17:26	40,960	----a-w	C:\Windows\System32\srclient.dll
2008-08-22 17:26	378,368	----a-w	C:\Windows\System32\srcore.dll
2008-08-22 17:26	318,464	----a-w	C:\Windows\System32\rstrui.exe
2008-08-22 17:26	19,000	----a-w	C:\Windows\System32\kd1394.dll
2008-08-22 17:26	14,848	----a-w	C:\Windows\System32\srdelayed.exe
2008-08-22 17:25	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-08-22 16:15	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-07-31 03:32	460,288	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32	2,154,496	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 15:42	23,888	----a-w	C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 15:28	706	----a-w	C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 15:28	10,537	----a-w	C:\Windows\system32\drivers\coh_mon.cat
2008-07-26 08:02	---------	d-----w	C:\ProgramData\Sonic
2008-07-26 08:01	---------	d-----w	C:\Users\real\AppData\Roaming\Roxio
2008-07-16 10:09	---------	d-----w	C:\Users\real\AppData\Roaming\Hewlett-Packard
2008-07-16 10:09	---------	d-----w	C:\ProgramData\Hewlett-Packard
2008-07-16 10:08	---------	d-----w	C:\Users\real\AppData\Roaming\ATI
2008-07-16 10:05	1,828	--sha-r	C:\Windows\system32\drivers\103C_HP_CPC_GQ539AA-ABD a6217.de_YC_0Pavi_QCNH735_E74DEv3PrA1_49_INARRA2_SASUSTek Computer INC._V2.00_B5.11_T070716_WUH0_L407_M2047_J500_7AMD_8Athlon 64 X2 Dual Core_92.3_#071126_N10DE03EF_Z_G100294C3.MRK
2008-07-16 10:01	---------	d-sh--w	C:\ProgramData\Vorlagen
2008-07-16 10:01	---------	d-sh--w	C:\ProgramData\Startmenü
2008-07-16 10:01	---------	d-sh--w	C:\ProgramData\Favoriten
2008-07-16 10:01	---------	d-sh--w	C:\ProgramData\Dokumente
2008-07-16 10:01	---------	d-sh--w	C:\ProgramData\Desktop
2008-07-16 10:01	---------	d-sh--w	C:\ProgramData\Anwendungsdaten
2008-07-16 10:01	---------	d-sh--w	C:\Program Files\Gemeinsame Dateien
2008-06-12 05:28	541,696	----a-w	C:\Windows\AppPatch\AcLayers.dll
.

((((((((((((((((((((((((((((  Autostart Punkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
ehTray.exe=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
MsnMsgr=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
Magentic=C:\PROGRA~1\Magentic\bin\Magentic.exe [2008-08-04 488808]
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
KBD=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
OsdMaestro=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
StartCCC=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
HP Health Check Scheduler=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176]
SunJavaUpdateReg=C:\Windows\system32\jureg.exe [2007-04-07 54936]
HP Software Update=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
T-Online Dialerschutz-Software=C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [2007-08-31 1063488]
ccApp=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-02-14 51048]
Monitor=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
QuickTime Task=C:\Program Files\QuickTime\qttask.exe [2008-08-25 282624]
TkBellExe=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-31 185896]
Adobe Reader Speed Launcher=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
RtHDVCpl=RtHDVCpl.exe [2007-07-06 C:\WINDOWS\RtHDVCpl.exe]
Kernel and Hardware Abstraction Layer=KHALMNPR.EXE [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
Launcher=C:\Windows\SMINST\launcher.exe [2007-04-03 44168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-23 805392]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-08-25 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
EnableUIADesktopToggle= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
UacDisableNotify=dword:00000001
InternetSettingsDisableNotify=dword:00000001
AutoUpdateDisableNotify=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
DisableMonitoring=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
DisableMonitoring=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
DisableMonitoring=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
EnableFirewall= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
{8915391C-83CC-4AB2-A388-7668F84B752C}= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
{2AADDC32-61AC-4585-82B3-739EED99C0DB}= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
{9B9F208A-463A-4FE4-BB72-84756C9DC715}= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
{2F8310B1-1102-42C1-B47A-D01789BAC18A}= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
{DCF1ED8A-9B9F-4173-A076-2270DED90E34}= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
{656571E4-10A6-4CCE-9684-67F3C968E65B}= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
{68BB4C9A-BA6B-480A-BFCC-4771427EE367}= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
{95D50F53-BCA9-408D-AB34-6C5E80088653}= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
{687199CD-960A-459E-8C2E-5E34110078B8}= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
{CBA8A1F0-72EA-4534-B83A-0F12521B17FB}= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
{42B353DD-C68A-4653-A2CB-0540A592EAED}= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
{9F997D4C-0BDB-4E6C-B89C-0899EE7EE1A6}= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
{5B5C83D4-3CD2-4674-A097-1E567B1B6EF5}= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
EnableFirewall= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
EnableFirewall= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080911.003\IDSvix86.sys [2008-08-08 261680]
R2 DFSVC;T-Online Dialerschutz Dienst;C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [2007-01-29 179016]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
R3 DFSYS;T-Online Dialerschutz Hooking Treiber;C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS [2007-01-29 14536]
R3 PAC207;Trust Webcam Live;C:\Windows\system32\DRIVERS\PFC027.SYS [2007-04-12 507264]
R3 SipIMNDI;T-Online Dialerschutz VoIP Service;C:\Windows\system32\DRIVERS\SipIMNDI.sys [2007-01-29 22856]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-08-23 361216]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ  	BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Inhalt des geplante Tasks Ordners
.
.
------- Zusätzlicher Scan -------
.
FireFox -: Profile - C:\Users\real\AppData\Roaming\Mozilla\Firefox\Profiles\c46c2z11.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.t-online.de/
FF -: plugin - C:\Users\real\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-09-12 22:57:29
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

C:\Program Files\T-Online\Dialerschutz-Software\defender.exe [4048] 0x848BE5E0

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-09-12 22:59:17
ComboFix-quarantined-files.txt 2008-09-12 20:59:12

Pre-Run: 8 Verzeichnis(se), 419,397,201,920 Bytes frei
Post-Run: 15 Verzeichnis(se), 419,401,998,336 Bytes frei

299	--- E O F ---	2008-09-10 18:04:06
 
  • #12
Downloade http://freedrweb.com/?lng=de]Dr. Web CureIt![/url] und speichere es auf Deinem Desktop.
  • Starte die cureit.exe durch Doppelklick auf die cureit.exe.
  • Dr. Web CureIt! legt nun automatisch einen eigenen Order in Deinem Userprofil an
    C:\Dokumente und Einstellungen\<DeinBenutzername>\DoctorWeb
  • Breche die Schnellüberprüfung durch Klick auf den viereckigen grünen Button ab.
  • Gehe im Menü auf Option => Einstellungen ändern, dort dann
  • bei Protokolldatei => entferne bei Details alle Haken, damit das Log nicht so lang wird,
  • bei Aufgaben => Nicht desinfizierbare Objekte => auf verschieben umstellen.
  • Übernehmen => OK
  • Stelle bei dem Reiter Überprüfung auf Komplett überprüfen um.
  • Starte nun den Komplett-Scan durch Klick auf den dreieckigen Button.
  • Wenn ein Fund gemacht wird, bitte mit Ja, alle antworten.
  • Wenn der Scan beendet ist, öffne im Menü => Datei => Prüfbericht speichern.
  • Den Prüfbericht als DrWeb.csv auf dem Desktop speichern und hier posten.

===

scanne dein system mit diesem onlinescanner

http://support.f-secure.com/ger/home/ols.shtml
 
  • #13
RegUBP2b-real.reg;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Gelöscht.;
freeripmp3.exe\data028;C:\Dokumente und Einstellungen\real\Downloads\freeripmp3.exe;Adware.MyWay;;
freeripmp3.exe;C:\Dokumente und Einstellungen\real\Downloads;Archiv enthält infizierte Objekte;Verschoben.;
MZCCntrl.exe;C:\Program Files\Common Files\Marmiko Shared;Adware.Msearch.origin;Nicht desinfizierbar.Verschoben.;
MZCCntrl.exe;C:\Program Files\Gemeinsame Dateien\Marmiko Shared;Adware.Msearch.origin;Falscher Pfad zur Datei ;
MZCCntrl.exe;C:\Programme\Common Files\Marmiko Shared;Adware.Msearch.origin;Falscher Pfad zur Datei ;
MZCCntrl.exe;C:\Programme\Gemeinsame Dateien\Marmiko Shared;Adware.Msearch.origin;Falscher Pfad zur Datei ;

Code: 
Scanning Report
Sunday, September 14, 2008 03:44:23 - 04:51:40

Computer name: J�RG
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 11 malware found
TrackingCookie.2o7 (spyware)

  * System 

TrackingCookie.Adinterax (spyware)

  * System 

TrackingCookie.Adtech (spyware)

  * System 

TrackingCookie.Advertising (spyware)

  * System 

TrackingCookie.Atdmt (spyware)

  * System 

TrackingCookie.Atwola (spyware)

  * System 

TrackingCookie.Doubleclick (spyware)

  * System 

TrackingCookie.Questionmarket (spyware)

  * System 

TrackingCookie.Tradedoubler (spyware)

  * System 

TrackingCookie.Webtrends (spyware)

  * System 

TrackingCookie.Yieldmanager (spyware)

  * System 

Statistics
Scanned:

  * Files: 46630
  * System: 6527
  * Not scanned: 22 

Actions:

  * Disinfected: 0
  * Renamed: 0
  * Deleted: 0
  * None: 11
  * Submitted: 0 

Files not scanned:

  * C:\HIBERFIL.SYS
  * C:\PAGEFILE.SYS
  * C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
  * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  * C:\WINDOWS\SYSTEM32\CONFIG\SAM
  * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
  * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
  * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
  * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
  * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
  * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
  * C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  * C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  * C:\USERS\REAL\APPDATA\ROAMING\SYMANTEC\NPMDATASTORE\CIMSTORE.XML
  * C:\USERS\REAL\APPDATA\LOCAL\TEMP\ETILQS_HOAWDZ02QCKMES4V04OG
  * C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FB539F8DA4EF1AEAF4C00094F9EAB9E_252C1135-BB35-489C-98BF-CC14226BD9C4
  * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FB539F8DA4EF1AEAF4C00094F9EAB9E_252C1135-BB35-489C-98BF-CC14226BD9C4
  * C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
  * C:\BOOT\BCD
 
  • #14
http://www.wintotal-forum.de/index.php/topic,147847.0.html

gehe zu oben verlinkter anleitung und arbeite die folgendenen punkte, in der angegebenen reihenfolge, ab.



toolbereinigung mit otmoveit2 (clean up)

====

systemwiederherstellung

====

Klicke Start > Ausführen > und schreib folgendes in das Öffnen Feld:
appwiz.cpl und drücke Enter. Es erscheint eine Uninstall-Liste mit allen Programmen. Deinstalliere Messenger Plus! wenn vorhanden.

Messenger Plus! installiert Adware, die sogenannte Lop-Infektion. Wenn du den Messenger wirklich brauchen solltest,musst Du ihn nach dem Bereinigungsprozess nochmal installieren, aber versichere Dich dass Du die Lop-Option während des Installationsprozesses deaktivierst :).

====

dann noch aus der anleitung die punkte java und adobe reader

====

http://housecall.trendmicro.com/

diesen onlinescan




gruß

schrauber
 
  • #15
toolbereinigung mit otmoveit2 (clean up)
Zum Vergrößern anklicken....

Das Tool funzt net. Er zeigt mir ne Fehler Meldung an: File access denied

Mache ich was falsch? :(
 
  • #16
du hast nicht zufällig otmoveit mit deiner firewall oder so geblockt??

wenn es nicht funzt, lass otmoveit und swh weg, mach stattdessen das hier :

start > ausführen > combofix /u > enter drücken (wichtig: nicht das leerzeichen vor dem /u vergessen!!)
 
  • #17
Firewall ist abgeschaltet. Werde mal das mit der Eingabe probieren.

Ähm ich kann kein Feld Ausführen entdecken wenn ich auf Start klicke. Ich habe Vista auf dem Rechner. :(
 
  • #18
Rechtsklick auf die Taskleiste
Eigenschaften
Reiter Startmenü
Anpassen
“Befehl Ausführen” aktivieren.
OK
OK

Danach ist die Option START/AUSFÜHREN wieder verfügbar.

dann obigen befehl machen
 
  • #19
Ok habe ich gemacht. Er sagt mir das er combofix nicht finden kann. Es ist aber noch auf dem PC installiert. Was mache ich nun?
 
  • #20
und was genau geht bei otmoveit nicht?

komisch.... hast du an das leerzeichen gedacht bei /u ??
 
Thema:

IE zeigt komplett weiße Seite an

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums

Themen
113.838
Beiträge
707.961
Mitglieder
51.491
Neuestes Mitglied
haraldmuc
Oben