|
Plagegeister aller Art und deren Bekämpfung: Bildschirm wird schwarz nach Hochfahren von XP bzw. beim Arbeiten am LaptopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.08.2012, 13:12 | #1 |
| Bildschirm wird schwarz nach Hochfahren von XP bzw. beim Arbeiten am Laptop Sehr geehrtes Trojaner-Board, ich habe folgendes Problem: Nach dem Hochfahren des Betriebssystems XP wird der Bildschirm dunkel, obwohl das Notebook sich nicht runterfährt. D.h. der Bildschirm wird schwarz obwohl das Notebook noch weiter läuft, dies passiert entweder direkt nach dem Hochfahren oder kurz danach, wenn man zum Beispiel auf den Arbeitsplatz klickt. Für eure Hilfe danke ich schon mal im voraus. 1.) Habe Defogger durchlaufen lassen und keine Fehlermeldung erhalten. Soll ich anschließend den "Re-enable" Button drücken? 2.) Hier die OTL.txt-Datei: OTL logfile created on: 09.08.2012 14:06:39 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\Sonja\Desktop\Christoph Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 396,15 Mb Available Physical Memory | 38,71% Memory free 2,40 Gb Paging File | 1,54 Gb Available in Paging File | 64,09% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 0,40 Gb Free Space | 2,05% Space Free | Partition Type: NTFS Drive D: | 54,99 Gb Total Space | 33,47 Gb Free Space | 60,88% Space Free | Partition Type: NTFS Drive F: | 43,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HEINRICH-LAPTOP | User Name: Sonja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.09 13:56:12 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Sonja\Desktop\Christoph\Defogger.exe PRC - [2012.08.09 13:29:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sonja\Desktop\Christoph\OTL.exe PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009.09.11 12:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.07.25 05:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.12 16:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.10.11 08:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2005.07.22 18:40:02 | 000,532,480 | ---- | M] (VIA Technologies, Inc.) -- C:\Programme\VIAudioi\SBADeck\ADeck.exe PRC - [2005.03.18 15:35:46 | 000,098,393 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe ========== Modules (No Company Name) ========== MOD - [2012.08.09 13:56:12 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Sonja\Desktop\Christoph\Defogger.exe MOD - [2011.10.23 19:09:17 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll MOD - [2011.10.23 19:08:36 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll MOD - [2011.10.23 19:08:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011.10.23 19:08:22 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll MOD - [2011.10.23 19:06:41 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll MOD - [2011.10.23 19:06:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011.10.23 18:59:56 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011.10.15 23:51:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.15 23:51:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011.10.15 23:50:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011.10.15 23:50:08 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll MOD - [2011.10.15 23:48:07 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.15 23:47:45 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.10.15 23:45:23 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2011.10.15 23:45:04 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011.10.15 23:44:59 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2010.08.19 22:18:10 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.08.19 22:18:07 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.08.19 22:18:05 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010.08.19 22:18:04 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.08.19 22:18:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2009.05.15 10:39:26 | 000,860,160 | R--- | M] () -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\NDISAPI.dll MOD - [2009.01.28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2007.04.02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.10.11 08:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2009.12.25 12:37:32 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.29 18:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:00:50 | 000,102,656 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.09 13:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.13 12:29:07 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgntmgr.sys -- (avgntmgr) DRV - [2009.02.13 12:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd) DRV - [2008.10.09 13:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2005.07.13 11:19:12 | 000,201,728 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) DRV - [2005.06.28 23:01:58 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.05.26 18:14:46 | 000,924,876 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005.03.09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005.03.04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004.12.22 03:32:12 | 000,369,024 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2003.06.11 00:51:27 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\prxtbTra1.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {C76ACB25-27F4-4999-B7E1-4E1961456388} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=&apn_uid=2AD21A0A-6C2C-4F84-8E28-7B5F5E00F91A&apn_sauid=25403684-86D8-4322-AAB2-8A83C4AFD41F& IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{C76ACB25-27F4-4999-B7E1-4E1961456388}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2012.08.07 15:54:49 | 000,000,000 | ---D | M] O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\prxtbTra1.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\prxtbTra1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar 1.2 Toolbar) - {548F6736-8FE4-4680-82F2-170D6C07E1D2} - C:\Programme\TranslatorBar_1.2\prxtbTra1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AudioDeck] C:\Programme\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Bonjour\mdnsNSP.dll File not found O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250939528562 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6B469C8-1C1D-4EDA-9EC2-3D572A3B5D1C}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sonja\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sonja\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.21 08:59:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.11.08 13:59:44 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ] O32 - AutoRun File - [2009.09.11 20:53:06 | 000,000,119 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{43f1261a-aee1-11df-b062-0014a535b1f4}\Shell - "" = AutoRun O33 - MountPoints2\{43f1261a-aee1-11df-b062-0014a535b1f4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{43f1261a-aee1-11df-b062-0014a535b1f4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009.07.23 16:55:39 | 000,266,240 | R--- | M] (Vodafone) O33 - MountPoints2\{43f1261b-aee1-11df-b062-0014a535b1f4}\Shell - "" = AutoRun O33 - MountPoints2\{43f1261b-aee1-11df-b062-0014a535b1f4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{43f1261b-aee1-11df-b062-0014a535b1f4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009.07.23 16:55:39 | 000,266,240 | R--- | M] (Vodafone) O33 - MountPoints2\{9d9a3c0a-f569-11df-b079-0014a535b1f4}\Shell - "" = AutoRun O33 - MountPoints2\{9d9a3c0a-f569-11df-b079-0014a535b1f4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d9a3c0a-f569-11df-b079-0014a535b1f4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009.07.23 16:55:39 | 000,266,240 | R--- | M] (Vodafone) O33 - MountPoints2\{a6540534-aef0-11df-b063-0014a535b1f4}\Shell - "" = AutoRun O33 - MountPoints2\{a6540534-aef0-11df-b063-0014a535b1f4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a6540534-aef0-11df-b063-0014a535b1f4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009.07.23 16:55:39 | 000,266,240 | R--- | M] (Vodafone) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.07 23:13:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.08.07 23:12:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information [2012.08.07 23:12:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon iP2600 series [2012.08.07 23:12:37 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ [2012.08.07 16:12:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vodafone [2012.08.07 15:56:48 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine [2012.08.07 15:54:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2012.08.07 14:19:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone(2) [2012.08.07 14:19:46 | 000,000,000 | ---D | C] -- C:\Programme\Vodafone [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.09 14:05:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sonja\defogger_reenable [2012.08.09 14:04:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.08.09 13:08:52 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.09 13:08:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.07 16:12:20 | 000,001,978 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone SMS.lnk [2012.08.07 16:12:20 | 000,001,978 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk [2012.08.07 14:29:07 | 000,449,744 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.08.07 14:29:07 | 000,433,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.08.07 14:29:07 | 000,081,034 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.08.07 14:29:07 | 000,068,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.09 14:05:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sonja\defogger_reenable [2012.08.07 16:12:20 | 000,001,978 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone SMS.lnk [2012.08.07 16:12:20 | 000,001,978 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk [2011.11.13 22:54:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011.04.19 12:53:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL [2011.02.20 16:09:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.11.14 22:23:25 | 000,049,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Sonja\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 ========== LOP Check ========== [2012.08.07 23:13:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2009.08.22 16:07:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2012.08.07 16:12:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2012.08.07 14:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone(2) [2010.05.24 11:46:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.10.31 17:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011.08.04 20:49:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\DVDVideoSoft [2011.02.20 14:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\DVDVideoSoftIEHelpers [2009.10.21 13:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\Leadertech [2009.08.22 16:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\MAGIX [2009.08.22 13:40:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\OpenOffice.org [2009.08.24 17:51:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\Panasonic [2012.08.09 13:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\PriceGong [2010.08.23 20:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\Vodafone [2010.11.22 00:13:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sonja\Anwendungsdaten\Vodafone Mobile Connect [2012.08.09 14:04:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== < End of report > Und die Extras.Txt-Datei: OTL Extras logfile created on: 09.08.2012 14:06:39 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\Sonja\Desktop\Christoph Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 396,15 Mb Available Physical Memory | 38,71% Memory free 2,40 Gb Paging File | 1,54 Gb Available in Paging File | 64,09% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 0,40 Gb Free Space | 2,05% Space Free | Partition Type: NTFS Drive D: | 54,99 Gb Total Space | 33,47 Gb Free Space | 60,88% Space Free | Partition Type: NTFS Drive F: | 43,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HEINRICH-LAPTOP | User Name: Sonja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite "{5D5F53E9-360E-42C9-B8B3-05D92F3C9D5B}" = AT&T Labs' Natural Voices(tm) Desktop 1.2.1 "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8ADDB203-8A7B-443A-A9C2-D3AF7156EB17}" = PhatNoise CAS Speech Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer- "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2 "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "3D TippTrainer_is1" = 3D TippTrainer "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2 "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000 "CanonMyPrinter" = Canon My Printer "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "FileHippo.com" = FileHippo.com Update Checker "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ie8" = Windows Internet Explorer 8 "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D) "MAGIX Fotobuch" = MAGIX Fotobuch 3.6 "MAGIX Fotos auf CD & DVD 8 deluxe D" = MAGIX Fotos auf CD & DVD 8 deluxe 8.0.2.6 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D) "NeroMultiInstaller!UninstallKey" = Nero Suite "PhatMan" = PhatNoise Music Manager "SMSERIAL" = Motorola SM56 Data Fax Modem "SynTPDeinstKey" = Synaptics Pointing Device Driver "TranslatorBar_1.2 Toolbar" = TranslatorBar_1.2 Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 "VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program "VLC media player" = VLC media player 1.1.11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.08.2012 09:58:52 | Computer Name = HEINRICH-LAPTOP | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.08.2012 09:58:53 | Computer Name = HEINRICH-LAPTOP | Source = Avira AntiVir | ID = 4109 Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9 Error - 07.08.2012 10:07:28 | Computer Name = HEINRICH-LAPTOP | Source = Avira AntiVir | ID = 4109 Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9 Error - 07.08.2012 10:07:28 | Computer Name = HEINRICH-LAPTOP | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.08.2012 10:09:18 | Computer Name = HEINRICH-LAPTOP | Source = Avira AntiVir | ID = 4109 Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9 Error - 07.08.2012 10:09:21 | Computer Name = HEINRICH-LAPTOP | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.08.2012 10:17:41 | Computer Name = HEINRICH-LAPTOP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.08.2012 17:27:52 | Computer Name = HEINRICH-LAPTOP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung AcroRd32.exe, Version 8.1.0.137, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 09.08.2012 07:08:58 | Computer Name = HEINRICH-LAPTOP | Source = Avira AntiVir | ID = 4109 Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9 Error - 09.08.2012 07:09:16 | Computer Name = HEINRICH-LAPTOP | Source = VMCService | ID = 0 Description = conflictManagerTypeValue [ Application Events ] Error - 07.08.2012 09:58:52 | Computer Name = HEINRICH-LAPTOP | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.08.2012 09:58:53 | Computer Name = HEINRICH-LAPTOP | Source = Avira AntiVir | ID = 4109 Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9 Error - 07.08.2012 10:07:28 | Computer Name = HEINRICH-LAPTOP | Source = Avira AntiVir | ID = 4109 Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9 Error - 07.08.2012 10:07:28 | Computer Name = HEINRICH-LAPTOP | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.08.2012 10:09:18 | Computer Name = HEINRICH-LAPTOP | Source = Avira AntiVir | ID = 4109 Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9 Error - 07.08.2012 10:09:21 | Computer Name = HEINRICH-LAPTOP | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.08.2012 10:17:41 | Computer Name = HEINRICH-LAPTOP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.08.2012 17:27:52 | Computer Name = HEINRICH-LAPTOP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung AcroRd32.exe, Version 8.1.0.137, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 09.08.2012 07:08:58 | Computer Name = HEINRICH-LAPTOP | Source = Avira AntiVir | ID = 4109 Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9 Error - 09.08.2012 07:09:16 | Computer Name = HEINRICH-LAPTOP | Source = VMCService | ID = 0 Description = conflictManagerTypeValue [ System Events ] Error - 07.08.2012 10:07:37 | Computer Name = HEINRICH-LAPTOP | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error - 07.08.2012 10:07:37 | Computer Name = HEINRICH-LAPTOP | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet: %%2147952506 Error - 07.08.2012 10:09:25 | Computer Name = HEINRICH-LAPTOP | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Dienst "Bonjour"" wurde mit folgendem dienstspezifischem Fehler beendet: 4294967295 (0xFFFFFFFF). Error - 07.08.2012 10:09:25 | Computer Name = HEINRICH-LAPTOP | Source = Service Control Manager | ID = 7023 Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%10106 Error - 07.08.2012 10:09:25 | Computer Name = HEINRICH-LAPTOP | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error - 07.08.2012 10:09:26 | Computer Name = HEINRICH-LAPTOP | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet: %%2147952506 Error - 07.08.2012 10:38:16 | Computer Name = HEINRICH-LAPTOP | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 2.206.106.52 für die Netzwerkkarte mit der Netzwerkadresse 001E101F4C53 wurde durch den DHCP-Server 109.44.245.185 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 07.08.2012 11:38:12 | Computer Name = HEINRICH-LAPTOP | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 07.08.2012 14:14:58 | Computer Name = HEINRICH-LAPTOP | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 07.08.2012 18:50:15 | Computer Name = HEINRICH-LAPTOP | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. < End of report > |
15.08.2012, 15:50 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bildschirm wird schwarz nach Hochfahren von XP bzw. beim Arbeiten am Laptop Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
Themen zu Bildschirm wird schwarz nach Hochfahren von XP bzw. beim Arbeiten am Laptop |
antivir, avira, bho, bildschirm, bonjour, conduit, converter, desktop, error, excel, firefox, flash player, format, helper, home, homepage, iexplore.exe, logfile, mp3, office 2007, plug-in, problem, realtek, registry, rundll, scan, software, trojaner-board, vodafone, windows internet |