|
Plagegeister aller Art und deren Bekämpfung: PC stürzt ab und fährt wieder hoch bei Stream-Videos bzw. Photoshop-Arbeit!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.05.2011, 16:17 | #1 |
| PC stürzt ab und fährt wieder hoch bei Stream-Videos bzw. Photoshop-Arbeit! Hallo Leute, ich habe die Anweisungen hier gelesen, habe mich inzwischen dumm gegoogelt und auch hier nichts gefunden, was allerdings auch daran liegt, dass ich nicht wirklich weiß, was meinem PC fehlt. Hier mal die Beschreibung der Symptome: Mein PC stürzt seit einigen Tagen jedes mal ab und fährt wieder hoch, wenn ich etwas länger vorm Photoshop sitze, oder Videos gucke (nach so 4-5min). Komischerweise kann ich YouTube-Videos ewig anschauen, aber irgendwelche Streams, oder bspw. Videos von Bild.de etc. eben nicht. Danach fährt Windows wieder hoch und im IE sind alle Cookies gelöscht (muss mich wieder überall einloggen). Antivir findet ein paar Viren JAVA.STUTTER.X und TR/KAZY (oder so ähnlich), stürzt aber nach einiger Zeit auch ab beim Scan. Auch im Abgesicherten Modus. Beim letzten kompletten Scandurchlauf (am 05.05.) hat AntiVir einige Java-Viren gefunden, die ich in Quarantäne geschoben habe. Noch ein Hinweis: Jedes mal nach dem Reboot, wenn sich der Windows-Desktop gerade lädt/geladen hat, wird das bild für ein/zwei Sekunden nochmal Schwarz. Ich hatte seit jeher Probleme mit meiner Grafikkarte (ATI Radeon 4800HD), da ich nach einem Reboot meistens so eine halbe Stunde Grafikprobleme hatte (viele kleine, leuchtende Pixel, schwer zu beschreiben), irgendwann "crashte" (wieder dieses kurze schwarze Bild) dann eine Anwendung der Grafikkarte, zeigte mir eine Fehlermeldung und es war wieder "gut". Das ist jetzt auch nicht mehr. Hier mal was passiert, wenn ich ein Video bei bspw. vimeo schaue: hxxp://www.youtube.com/watch?v=EdpXyJFasvI Jemand eine Idee? Ist einfach super nervig. Könnte die Festplatte schon formatieren, hätte ich nicht viel Probleme mit, allerdings bin ich mir nicht sicher, ob es wirklich virenbedingt ist, oder ob meine Grafikkarte nicht nur einfach rumspinnt. Was meint ihr? Danke schonmal! PS: Der Malware-Scan läuft noch und dauert ewig. Den editiere ich nach, sobald er fertig ist! Hier die beiden OTLogs: Code:
ATTFilter OTL Extras logfile created on: 22.05.2011 16:15:31 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,82 Gb Total Space | 11,32 Gb Free Space | 23,19% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 118,21 Gb Free Space | 50,76% Space Free | Partition Type: NTFS Drive F: | 184,06 Gb Total Space | 2,66 Gb Free Space | 1,44% Space Free | Partition Type: NTFS Drive I: | 931,28 Gb Total Space | 777,86 Gb Free Space | 83,53% Space Free | Partition Type: FAT32 Computer Name: ***-8E8420 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server "51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server "51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.) "C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated) "C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.) "C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status "{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0E37765E-45AE-4830-A12C-E5DADD758472}" = HP Photosmart D5400 Printer Driver Software 12.0 Rel .3 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58C19BBD-4D08-6835-A608-27A2B568A7F6}" = TweetDeck "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help "{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{660f5e6a-2a61-488a-af79-0ee35766ddc6}" = Nero 9 "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6C9EF6DE-391E-665A-92F2-2BF72DF53E61}" = Catalyst Control Center "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{915B97D7-585F-48DE-9E62-47F916514854}" = D5400 "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{AFBF90DF-9FBE-002F-E8F4-2EC713678BD7}" = Catalyst Control Center InstallProxy "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44 "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{C85C8CE6-CA92-7CDC-75C3-AA9C22E7FD75}" = ccc-utility "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D41DA7B0-DE4C-20A5-FC4C-F00327548F0D}" = CCC Help English "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live "{E192A201-E9B4-406A-82D5-7886F3BB63D5}" = PS_SF_03_D5400_Software_Min "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F90D9C89-7918-7994-66CC-513C4A92D3A6}" = Catalyst Control Center Graphics Previews Common "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FDA3AF83-4C36-4D9C-89C4-A5C71E2CF997}_is1" = ComunioCalci 1.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Adobe_d2f336b2c5feeb945c28b7a0a45170f" = Adobe Creative Suite 4 Master Collection "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "COMODO Internet Security" = COMODO Internet Security "coverXP" = coverXP (remove only) "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Family Tree Builder" = MyHeritage Family Tree Builder "FeedReader_is1" = FeedReader "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1 "Free WAV to MP3 Converter" = Free WAV to MP3 Converter "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter "Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar "HP Imaging Device Functions" = HP Imaging Device Functions 12.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 12.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "KaloMa_is1" = KaloMa 4.9 "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "Pausenkatzen Screensaver" = Pausenkatzen Screensaver "PS3 Media Server" = PS3 Media Server "PSP Video 9" = PSP Video 9 5.04 "Shop for HP Supplies" = Shop for HP Supplies "SopCast" = SopCast 3.2.9 "SystemRequirementsLab" = System Requirements Lab "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.2 "WaveLabPro" = WaveLab 6 "WheelMouse" = Advanced Wheel Mouse 6.0.0.002 "WinController" = WinController "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XMind" = XMind "YouTube Downloader App" = YouTube Downloader App 2.03 "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "5f48e2ab41c5d005" = RapidShare Manager "EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.0.0 "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19.06.2010 11:57:36 | Computer Name = ***-8E8420 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung 3dkink-090.002.exe, Version 0.0.0.0, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000fe60. Error - 20.06.2010 19:01:42 | Computer Name = ***-8E8420 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul flash10e.ocx, Version 10.0.45.2, Fehleradresse 0x0025151a. Error - 24.06.2010 11:34:50 | Computer Name = ***-8E8420 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.06.2010 20:20:44 | Computer Name = ***-8E8420 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul flash10e.ocx, Version 10.0.45.2, Fehleradresse 0x0025151a. Error - 26.06.2010 19:56:27 | Computer Name = ***-8E8420 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung vlc.exe, Version 1.0.3.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 26.06.2010 19:56:40 | Computer Name = ***-8E8420 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung vlc.exe, Version 1.0.3.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 26.06.2010 19:56:41 | Computer Name = ***-8E8420 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung vlc.exe, Version 1.0.3.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 26.06.2010 21:13:49 | Computer Name = ***-8E8420 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul flash10e.ocx, Version 10.0.45.2, Fehleradresse 0x0025151a. Error - 26.06.2010 21:37:20 | Computer Name = ***-8E8420 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul flash10e.ocx, Version 10.0.45.2, Fehleradresse 0x0025151a. Error - 12.07.2010 18:56:18 | Computer Name = ***-8E8420 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung YouCam.exe, Version 3.1.2525.9755, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 21.05.2011 22:22:41 | Computer Name = ***-8E8420 | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 21.05.2011 22:22:41 | Computer Name = ***-8E8420 | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 22.05.2011 09:29:52 | Computer Name = ***-8E8420 | Source = DCOM | ID = 10010 Description = Der Server "{D61A27C6-8F53-11D0-BFA0-00A024151983}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > und Code:
ATTFilter OTL logfile created on: 22.05.2011 16:15:31 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,82 Gb Total Space | 11,32 Gb Free Space | 23,19% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 118,21 Gb Free Space | 50,76% Space Free | Partition Type: NTFS Drive F: | 184,06 Gb Total Space | 2,66 Gb Free Space | 1,44% Space Free | Partition Type: NTFS Drive I: | 931,28 Gb Total Space | 777,86 Gb Free Space | 83,53% Space Free | Partition Type: FAT32 Computer Name: ****-8E8420 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\guard32.dll (COMODO) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) ========== Driver Services (SafeList) ========== DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO) DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO) DRV - (clwvd) -- C:\WINDOWS\system32\drivers\clwvd.sys (Windows (R) Win 7 DDK provider) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (whfltr2k) -- C:\WINDOWS\system32\drivers\whfltr2k.sys () DRV - (atidgllk) -- C:\Programme\Setup Files\MS-v174\V104\atidgllk.sys (ATI Technologies Inc.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.12.19 18:25:25 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010.01.20 22:00:24 | 000,002,215 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 16 more lines... O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Vertrauenswürdige Sites) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.08 22:41:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.22 15:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.05.22 15:20:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.05.22 15:20:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.05.22 15:20:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.22 15:19:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2011.05.22 15:19:03 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe [2011.05.21 18:53:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI [2011.05.21 16:43:56 | 000,000,000 | ---D | C] -- C:\Programme\AMD APP [2011.05.21 16:43:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Catalyst Control Center [2011.05.21 16:42:27 | 001,115,008 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvamv.dll [2011.05.21 15:46:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira [2011.05.09 02:56:15 | 000,000,000 | ---D | C] -- C:\temp [2011.05.09 02:53:53 | 002,395,648 | ---- | C] (AD © 2009) -- C:\WINDOWS\System32\SYNSOEMU.DLL [2011.05.09 02:40:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WaveLab 6 [2011.05.09 02:37:15 | 000,000,000 | ---D | C] -- C:\Programme\Steinberg [2011.04.28 17:23:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Bewerbung HMS-WS [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.22 15:30:05 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Word 2007.lnk [2011.05.22 15:20:28 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 15:19:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2011.05.22 15:19:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe [2011.05.22 14:36:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.22 14:21:47 | 000,123,392 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.22 12:51:23 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC0AD042-010C-4BFA-ABC7-108A4E122DD5}.job [2011.05.22 12:41:17 | 000,013,682 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.21 18:54:43 | 000,462,316 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.05.21 18:54:43 | 000,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.05.21 18:54:43 | 000,085,526 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.05.21 18:54:43 | 000,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.05.20 02:26:34 | 000,309,719 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\SoM1.pdf [2011.05.20 01:53:13 | 000,309,981 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\SoM.pdf [2011.05.20 01:18:21 | 000,297,690 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\SM.pdf [2011.05.18 09:26:45 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2011.05.17 06:27:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.05.11 14:55:43 | 001,144,631 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\160420111769.jpg [2011.05.10 11:10:29 | 000,267,722 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Huhu!.pdf [2011.05.10 06:46:33 | 000,065,387 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Gut versteckt!.pdf [2011.05.09 02:40:13 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WaveLab 6.lnk [2011.05.09 01:55:11 | 000,000,139 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\default.rss [2011.05.09 01:45:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.05.03 22:52:12 | 019,385,560 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ps3video9-600-setup.exe [2011.05.02 15:52:48 | 022,230,717 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\DEN130500237_.f4v [2011.05.02 15:19:16 | 000,275,499 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Texte-Eulenspiegel2.pdf [2011.05.02 00:06:14 | 080,835,358 | ---- | M] () -- C:\WINDOWS\System32\Kröte Wandersmann.wav [2011.04.29 15:11:23 | 000,165,334 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Kate und William.pdf [2011.04.28 18:49:39 | 000,297,906 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\**********.pdf [2011.04.28 17:59:10 | 000,291,855 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\**********.pdf [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.22 15:20:28 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.20 02:26:34 | 000,309,719 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\SoM1.pdf [2011.05.20 01:53:12 | 000,309,981 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\SoM.pdf [2011.05.20 01:18:21 | 000,297,690 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\SM.pdf [2011.05.11 15:01:27 | 000,497,892 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Kopie von 160420111759.jpg [2011.05.11 14:55:42 | 001,144,631 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\160420111769.jpg [2011.05.11 14:52:48 | 000,204,079 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\160420111761-001.jpg [2011.05.11 14:52:30 | 000,497,892 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\160420111759.jpg [2011.05.11 14:52:30 | 000,384,320 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\160420111758.jpg [2011.05.11 14:52:16 | 000,523,382 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\160420111762.jpg [2011.05.11 14:52:15 | 000,482,073 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\160420111761.jpg [2011.05.11 14:52:15 | 000,476,556 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\160420111760.jpg [2011.05.10 11:03:34 | 000,267,722 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Huhu!.pdf [2011.05.10 06:46:33 | 000,065,387 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Gut versteckt!.pdf [2011.05.09 02:37:33 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WaveLab 6.lnk [2011.05.03 22:51:59 | 019,385,560 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ps3video9-600-setup.exe [2011.05.02 15:52:33 | 022,230,717 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\DEN130500237_.f4v [2011.05.02 15:19:16 | 000,275,499 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Texte-Eulenspiegel2.pdf [2011.05.02 00:06:14 | 080,835,358 | ---- | C] () -- C:\WINDOWS\System32\Kröte Wandersmann.wav [2011.04.29 15:11:23 | 000,165,334 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Kate und William.pdf [2011.04.28 18:49:39 | 000,297,906 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\********.pdf [2011.04.19 22:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011.04.10 21:49:57 | 000,189,952 | ---- | C] () -- C:\WINDOWS\System32\Qcard32.dll [2011.02.07 00:38:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.01.17 12:49:45 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\System32\wccrhal.dat [2010.12.04 21:14:23 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\lxslz.exe [2010.12.04 21:12:23 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\vrcnb.exe [2010.11.19 21:13:33 | 000,000,006 | ---- | C] () -- C:\WINDOWS\core32.dll [2010.09.08 20:18:42 | 000,000,359 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI [2010.09.08 20:17:15 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll [2010.07.08 15:16:43 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2010.07.06 22:55:05 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys [2010.07.02 22:32:22 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.06.23 03:18:31 | 000,189,104 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.06.22 02:27:35 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll [2010.06.16 18:56:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\downloads.m3u [2010.05.10 17:50:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.05.10 17:50:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.03.07 13:39:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.02.12 21:11:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.02.02 02:01:09 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\default.rss [2010.01.20 23:34:29 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010.01.07 04:15:14 | 000,078,192 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2009.12.20 15:56:03 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.12.19 18:22:48 | 000,158,481 | ---- | C] () -- C:\WINDOWS\hphins28.dat [2009.12.19 18:22:48 | 000,000,939 | ---- | C] () -- C:\WINDOWS\hphmdl28.dat [2009.12.19 14:08:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009.12.19 13:58:58 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2009.12.19 13:56:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009.12.19 13:56:20 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009.12.19 13:56:20 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009.12.10 22:23:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.12.10 22:23:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2009.12.10 22:18:09 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009.12.09 03:30:48 | 000,123,392 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.08 22:43:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.12.08 22:39:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.12.08 21:58:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.12.08 21:55:52 | 002,325,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.04.14 14:00:00 | 000,462,316 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.04.14 14:00:00 | 000,443,724 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.04.14 14:00:00 | 000,085,526 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.04.14 14:00:00 | 000,071,982 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys [2007.01.26 00:45:02 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys < End of report > Vier Sachen wurden gefunden, die ich gelöscht habe. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6640 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.05.2011 18:48:39 mbam-log-2011-05-22 (18-48-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Durchsuchte Objekte: 347420 Laufzeit: 1 Stunde(n), 2 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\dokumente und einstellungen\****\lokale einstellungen\Temp\IMOO.exe (Adware.Agent) -> No action taken. c:\WINDOWS\system32\lxslz.exe (Trojan.Agent) -> No action taken. c:\WINDOWS\system32\vrcnb.exe (Trojan.Agent) -> No action taken. d:\eigene dateien\eigene bilder\photoshop\Avatar\Vorspann\KEYGEN.EXE (Trojan.Agent) -> No action taken. |
23.05.2011, 13:35 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | PC stürzt ab und fährt wieder hoch bei Stream-Videos bzw. Photoshop-Arbeit!Zitat:
Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ |
Themen zu PC stürzt ab und fährt wieder hoch bei Stream-Videos bzw. Photoshop-Arbeit! |
0x00000001, 32 bit, adobe after effects, analysis, antivir, avira, bho, browser, converter, cs4/contributeieplugin.dll, downloader, eigene bilder, error, excel, festplatte, firefox, flash player, fontcache, helper, home, homepage, iexplore.exe, katzen, libusb0.sys, logfile, microsoft office word, mp3, nicht sicher, ntdll.dll, oldtimer, pixel, plug-in, realtek, sched.exe, security, sekunden, shell32.dll, software, sptd.sys, super, third party, video converter, viren, windows, windows internet, wma, youtube downloader, {dfefcdee-cf1a-4fc8-88ad-48514e463b27} |