|
Log-Analyse und Auswertung: CPU 100% wegen AdobeART.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.02.2013, 21:01 | #1 |
| CPU 100% wegen AdobeART.exe nabend meine cpu auslastung liegt bei 100% nach ca 10minuten nach dem starten.... wenn ich denn task manager öffne zeigt der mir über 200mal AdobeART.exe an.... jetzt wo ich alle 3schritte gemacht habe wird der AdobeART.exe im task manager nur einmal angezeigt aber den frieden traue ich nicht.... gmer konnte ich nur als .log speichern und die ist zu groß deswegen kann ich das jetzt nicht mitposten... ich hoffe mir kann irgendwer helfen :/ |
24.02.2013, 23:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | CPU 100% wegen AdobeART.exe Hallo und
__________________Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke. Die Logs nur dann gezippt in den Anhang wenn sie zu groß sind! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
24.02.2013, 23:32 | #3 |
| CPU 100% wegen AdobeART.exe OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 2/24/2013 8:43:04 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\stefanlaura\Desktop\hilfe Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16438) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.49% Memory free 6.00 Gb Paging File | 4.68 Gb Available in Paging File | 77.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890.41 Gb Total Space | 828.19 Gb Free Space | 93.01% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: stefanlaura | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French "{18EFF59E-BB7D-40F9-BE20-6A910BADC2E1}" = Windows Phone "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help "{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian "{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All "{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German "{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212 "Google Chrome" = Google Chrome "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Opera 12.14.1738" = Opera 12.14 "POKER" = POKER "Shop for HP Supplies" = Shop for HP Supplies "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2/23/2013 12:41:12 PM | Computer Name = home | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: calc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7979d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x103c Startzeit der fehlerhaften Anwendung: 0x01ce11e495e878f0 Pfad der fehlerhaften Anwendung: C:\Windows\system32\calc.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: d4ade630-7dd7-11e2-acde-001060a860b0 Error - 2/24/2013 6:10:31 AM | Computer Name = home | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: calc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7979d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xc90 Startzeit der fehlerhaften Anwendung: 0x01ce12772d38d09a Pfad der fehlerhaften Anwendung: C:\Windows\system32\calc.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 6b1e7c81-7e6a-11e2-aa60-001060a860b0 Error - 2/24/2013 6:13:18 AM | Computer Name = home | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 2/24/2013 6:17:09 AM | Computer Name = home | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: calc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7979d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x17e0 Startzeit der fehlerhaften Anwendung: 0x01ce12781996d0ba Pfad der fehlerhaften Anwendung: C:\Windows\system32\calc.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 585519da-7e6b-11e2-aa60-001060a860b0 Error - 2/24/2013 6:26:33 AM | Computer Name = home | Source = System Restore | ID = 8210 Description = Error - 2/24/2013 6:34:29 AM | Computer Name = home | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: calc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7979d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x1448 Startzeit der fehlerhaften Anwendung: 0x01ce127a8629e47b Pfad der fehlerhaften Anwendung: C:\Windows\system32\calc.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: c43cca87-7e6d-11e2-8c2a-001060a860b0 Error - 2/24/2013 6:38:21 AM | Computer Name = home | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: calc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7979d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x690 Startzeit der fehlerhaften Anwendung: 0x01ce127b10735386 Pfad der fehlerhaften Anwendung: C:\Windows\system32\calc.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 4e81977d-7e6e-11e2-8c2a-001060a860b0 Error - 2/24/2013 2:30:34 PM | Computer Name = home | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 2/24/2013 2:46:11 PM | Computer Name = home | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 2/24/2013 3:12:29 PM | Computer Name = home | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: calc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7979d Name des fehlerhaften Moduls: calc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7979d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a75e4 ID des fehlerhaften Prozesses: 0x13ac Startzeit der fehlerhaften Anwendung: 0x01ce12c2e1d71485 Pfad der fehlerhaften Anwendung: C:\Windows\system32\calc.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\calc.exe Berichtskennung: 216dfade-7eb6-11e2-8a41-001060a860b0 [ Media Center Events ] Error - 3/29/2011 12:11:45 AM | Computer Name = home | Source = MCUpdate | ID = 0 Description = 06:11:44 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 5/8/2011 1:11:15 AM | Computer Name = home | Source = MCUpdate | ID = 0 Description = 07:11:13 - Broadband konnte nicht abgerufen werden (Fehler: Timeout für Vorgang überschritten) Error - 1/29/2012 2:55:35 PM | Computer Name = home | Source = MCUpdate | ID = 0 Description = 19:55:34 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 7/19/2012 1:22:06 AM | Computer Name = home | Source = MCUpdate | ID = 0 Description = 07:22:06 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..) Error - 7/21/2012 2:19:07 AM | Computer Name = home | Source = MCUpdate | ID = 0 Description = 08:19:07 - Fehler beim Herstellen der Internetverbindung. 08:19:07 - Serververbindung konnte nicht hergestellt werden.. Error - 7/21/2012 2:19:39 AM | Computer Name = home | Source = MCUpdate | ID = 0 Description = 08:19:37 - Fehler beim Herstellen der Internetverbindung. 08:19:37 - Serververbindung konnte nicht hergestellt werden.. Error - 8/12/2012 3:01:44 AM | Computer Name = home | Source = MCUpdate | ID = 0 Description = 09:01:44 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 8/12/2012 3:02:31 AM | Computer Name = home | Source = MCUpdate | ID = 0 Description = 09:02:30 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 8/12/2012 3:02:35 AM | Computer Name = home | Source = MCUpdate | ID = 0 Description = 09:02:32 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) [ System Events ] Error - 2/24/2013 2:20:47 PM | Computer Name = home | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error - 2/24/2013 2:20:47 PM | Computer Name = home | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 2/24/2013 2:35:58 PM | Computer Name = home | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?24.?02.?2013 um 19:33:58 unerwartet heruntergefahren. Error - 2/24/2013 2:36:05 PM | Computer Name = home | Source = BugCheck | ID = 1001 Description = Error - 2/24/2013 2:36:06 PM | Computer Name = home | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 2/24/2013 3:10:26 PM | Computer Name = home | Source = DCOM | ID = 10010 Description = Error - 2/24/2013 3:10:26 PM | Computer Name = home | Source = DCOM | ID = 10010 Description = Error - 2/24/2013 3:11:15 PM | Computer Name = home | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 2/24/2013 3:12:04 PM | Computer Name = home | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error - 2/24/2013 3:12:04 PM | Computer Name = home | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/24/2013 8:43:04 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\stefanlaura\Desktop\hilfe Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16438) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.49% Memory free 6.00 Gb Paging File | 4.68 Gb Available in Paging File | 77.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890.41 Gb Total Space | 828.19 Gb Free Space | 93.01% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: stefanlaura | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/24 14:54:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\stefanlaura\Desktop\hilfe\OTL.exe PRC - [2013/02/21 13:28:10 | 000,099,976 | ---- | M] (Symantec) -- C:\Users\stefanlaura\AppData\Roaming\AdobeART.exe PRC - [2013/02/15 08:55:17 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2013/02/13 06:19:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/13 06:19:25 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/02/13 06:19:23 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/02/13 06:19:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/03/10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/05/27 17:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013/02/13 16:20:49 | 014,586,736 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll MOD - [2013/02/13 06:49:22 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/02/13 06:49:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/02/05 16:59:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/02/05 16:59:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013/02/05 16:59:35 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll MOD - [2013/02/05 16:59:28 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/02/05 16:59:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/02/05 16:58:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/02/05 16:58:55 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/02/05 16:58:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/05/27 20:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/05/12 14:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV - [2013/02/17 15:33:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/13 06:19:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/13 06:19:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/05/26 13:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2012/12/12 06:55:03 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/12/12 06:54:52 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/13 14:55:40 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012/01/09 16:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2012/01/09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012/01/09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012/01/09 16:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010/11/25 05:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/05/27 18:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010/05/27 17:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009/08/13 07:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=280612_5_&babsrc=SP_ss&mntrId=5ef79491000000000000001060a860b0 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{D241C474-B875-47AE-BFB4-D511A7752FC6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/24 20:12:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/24 20:12:04 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\stefanlaura\AppData\Local\Google\Chrome\User Data\Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\stefanlaura\AppData\Local\Google\Chrome\User Data\Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp\10.13.20.29_0\plugins/np-cwmp.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\stefanlaura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\stefanlaura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\stefanlaura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\stefanlaura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: Google Mail = C:\Users\stefanlaura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AdobeART] C:\Users\stefanlaura\AppData\Roaming\AdobeART.exe (Symantec) O4 - HKCU..\Run: [Eqciy] C:\Users\stefanlaura\AppData\Roaming\Ryiqaz\keup.exe () O4 - HKCU..\Run: [izyz.exe] C:\Users\stefanlaura\AppData\Roaming\Bairi\izyz.exe () O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found F3 - HKCU WinNT: Load - (C:\Users\STEFAN~1\LOCALS~1\Temp\msxpqkiii.pif) - C:\Users\STEFAN~1\LOCALS~1\Temp\msxpqkiii.pif () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\stefanlaura\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\stefanlaura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/24 19:35:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013/02/24 14:50:58 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\Desktop\hilfe [2013/02/24 12:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/02/24 12:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/02/21 13:28:49 | 000,099,976 | ---- | C] (Symantec) -- C:\Users\stefanlaura\AppData\Roaming\AdobeART.exe [2013/02/20 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Uxnu [2013/02/20 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Piub [2013/02/20 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Ezetse [2013/02/18 23:39:42 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Ycoc [2013/02/18 23:39:42 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Udelx [2013/02/18 23:39:42 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Tihun [2013/02/18 18:50:05 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Ryiqaz [2013/02/18 18:50:05 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Fios [2013/02/18 18:50:05 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Efuve [2013/02/17 15:31:45 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Huohi [2013/02/17 15:31:45 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Bairi [2013/02/17 15:31:45 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\{FE21F7EF-699F-41A0-9A59-C4DF5E412CCF} [2013/02/17 15:31:35 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\Local Settings [2013/02/17 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\{70E37732-5BFA-4914-B833-688C04D16A94} [2013/02/17 15:31:16 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Ulot [2013/02/17 15:31:16 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Geyqud [2013/02/17 15:31:16 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\AppData\Roaming\Atta [2013/02/06 14:53:13 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\Desktop\Von stefan nokia [2013/02/05 16:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone [2013/02/05 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Phone [2013/02/05 16:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications [2013/02/01 12:20:10 | 000,000,000 | ---D | C] -- C:\Users\stefanlaura\Documents\Corel User Files [1 C:\Users\stefanlaura\AppData\Roaming\*.tmp files -> C:\Users\stefanlaura\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/24 20:28:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/24 20:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/24 20:19:00 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/24 20:19:00 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/24 20:11:15 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/24 20:11:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/24 20:11:05 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2013/02/24 19:35:52 | 391,872,386 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/02/24 14:48:41 | 000,000,000 | ---- | M] () -- C:\Users\stefanlaura\defogger_reenable [2013/02/24 12:31:03 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/21 13:28:10 | 000,099,976 | ---- | M] (Symantec) -- C:\Users\stefanlaura\AppData\Roaming\AdobeART.exe [2013/02/19 19:42:33 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013/02/18 19:44:06 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2013/02/18 15:16:33 | 000,697,292 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/02/18 15:16:33 | 000,652,610 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/18 15:16:33 | 000,148,330 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/02/18 15:16:33 | 000,121,284 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/13 06:47:52 | 000,280,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\stefanlaura\AppData\Roaming\*.tmp files -> C:\Users\stefanlaura\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/24 19:35:52 | 391,872,386 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013/02/24 14:48:41 | 000,000,000 | ---- | C] () -- C:\Users\stefanlaura\defogger_reenable [2013/02/24 12:31:03 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/19 19:42:33 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012/01/11 07:08:41 | 000,083,456 | -HS- | C] () -- C:\Users\stefanlaura\AppData\Roaming\skype.dat [2011/08/01 06:21:51 | 000,000,000 | ---- | C] () -- C:\Users\stefanlaura\AppData\Local\{1854A65D-7F26-45C7-BE46-2E44B3C82C4D} [2011/06/17 12:23:14 | 000,011,776 | ---- | C] () -- C:\Users\stefanlaura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/28 17:32:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/24 20:20:03 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2011/03/24 20:03:46 | 000,245,557 | ---- | C] () -- C:\Windows\hpoins19.dat [2011/03/24 20:03:46 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011/03/24 17:59:12 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3954538434-135443268-202453604-1001\$25acc865172795dcb9888bd5cdec6c00\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\$Recycle.Bin\S-1-5-18\$25acc865172795dcb9888bd5cdec6c00\n. -- File not found "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/02/17 15:31:16 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Atta [2012/07/01 22:49:22 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Babylon [2013/02/17 15:31:45 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Bairi [2012/12/14 00:28:20 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\DVDVideoSoft [2012/12/14 00:28:03 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\DVDVideoSoftIEHelpers [2013/02/18 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Efuve [2013/02/20 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Ezetse [2013/02/24 20:31:50 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Fios [2011/03/25 23:44:39 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\GetRightToGo [2013/02/19 17:16:07 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Geyqud [2013/02/23 15:07:21 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Huohi [2011/10/26 18:32:27 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\kock [2011/06/17 12:22:44 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Nokia [2011/03/23 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Opera [2011/06/25 14:35:43 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\PC Suite [2013/02/20 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Piub [2013/02/18 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Ryiqaz [2013/02/07 19:41:41 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\SoftGrid Client [2012/10/17 19:43:39 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Systweak [2013/02/23 23:31:41 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Tihun [2011/03/24 18:35:26 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\TP [2011/10/28 10:07:49 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\UAs [2013/02/18 23:39:42 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Udelx [2013/02/19 17:09:06 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Ulot [2013/02/20 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Uxnu [2011/10/26 18:32:35 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\xmldm [2013/02/18 23:39:42 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\Ycoc [2013/02/17 15:31:30 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\{70E37732-5BFA-4914-B833-688C04D16A94} [2013/02/17 15:31:45 | 000,000,000 | ---D | M] -- C:\Users\stefanlaura\AppData\Roaming\{FE21F7EF-699F-41A0-9A59-C4DF5E412CCF} ========== Purity Check ========== < End of report > |
25.02.2013, 10:11 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | CPU 100% wegen AdobeART.exe Warum hast du das Log von GMER nicht gezippt in den Anhang gelegt? Bitte nachholen!! Zitat:
Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen. Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen. Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipiell so aber fast genauso mit allen anderen Live-Systemen auch.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.02.2013, 14:13 | #5 |
| CPU 100% wegen AdobeART.exe moin... so jetzt habe ich mehr zeit um zu antworten wenn ich einen beitrag schreibe steht unten drunter anhänge verwalten.... ich habe das gesehen und einfach ohne nach zu denken in die anhänge gepackt...wäre nicht drauf gekommen das so zu posten wie wir es sollen sorry.... |
25.02.2013, 14:21 | #6 |
| CPU 100% wegen AdobeART.exe soo?? tut mir leid ich habe in der hinsicht nicht so die ahnung von :/ |
25.02.2013, 14:27 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | CPU 100% wegen AdobeART.exe Hast du auch mal den Rest meines vorherigen Beitrags gelesen?
__________________ Logfiles bitte immer in CODE-Tags posten |
25.02.2013, 14:47 | #8 |
| CPU 100% wegen AdobeART.exe mit dem ZeroAccess im System???? ich werde den rechner wohl komplett neu machen wenn das besser ist schon mal vielen dank mir ist da gestern noch was aufgefallen und zwar nach allen scan´s sind jetzt alle meine bilder dateien mit .jpg beschriftet das hatte ich vorher nicht und beim laptop ist das auch nicht und ich habe datein names desktop.ini aufem rechner hat das damit auch was zutun??? |
25.02.2013, 15:10 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | CPU 100% wegen AdobeART.exe Schonmal davon gehört, dass man unter Windows Dateiendungen ein und ausblenden kann?! Irgendein Tool hat die Ausblendung deaktiviert. Ist auch gut so
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu CPU 100% wegen AdobeART.exe |
.exe, 100%, angezeigt, auslastung, cpu, cpu 100, cpu 100%, cpu auslastung, frieden, hoffe, konnte, manager, minute, minuten, poste, schritte, speicher, speichern, starte, task manager |