Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.05.2010, 12:15   #1
winseven
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



Hi

Habe ein großes prob. Benutze win 7. Jedenfalls habe ich mir wohl irgend sone behinderten virus eingefangen. Immer wenn ich bei google was suche und auf ein treffer klick werde ich zu irgend welchen anderen seiten weitergeleitet.

Dann noch wenn ich mein usb stick öffnen will steht da immer F: anwendung nicht gefunden. Nur mit rechtsklick öffnen komme ich da rein. Mir ist aufgefallen das da iwi welche exe datein drinn waren mit namen wie explorer.exe usw. auch löschen der daten brachte nix.

Hoffe ihr könnt mir helfen...

der hijack log.:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:37, on 11.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wuaucldt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\****\Desktop\CoreTemp32\Core Temp.exe
C:\Users\****\AppData\Local\Temp\dmiy.exe
C:\Users\****\AppData\Local\Temp\dmiy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.33\npchrome_frame.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [iqvxzd] RUNDLL32.EXE C:\Windows\system32\msorcsvp.dll,w
O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Core Temp] "C:\Users\KINGALPER\Desktop\CoreTemp32\Core Temp.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Users\*****\AppData\Local\NVIDIA Corporation\nTune\Profiles\newtil.nsu"
O4 - HKCU\..\Run: [syncman] c:\users\kingalper\wuaucldt.exe
O4 - HKLM\..\Policies\Explorer\Run: [ecvje9] C:\Users\****\AppData\Local\Temp\671vw0.exe
O4 - HKLM\..\Policies\Explorer\Run: [iktc] C:\Users\****\AppData\Local\Temp\dmiy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [syncman] c:\windows\system32\config\systemprofile\wuaucldt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [syncman] c:\windows\system32\config\systemprofile\wuaucldt.exe (User 'Default user')
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.33\npchrome_frame.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 10140 bytes

Alt 11.05.2010, 15:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 12.05.2010, 14:15   #3
winseven
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



also einmal der log von malwarebyte:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4090

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.05.2010 15:04:41
mbam-log-2010-05-12 (15-04-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 297152
Laufzeit: 1 Stunde(n), 15 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 14
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12

Infizierte Speicherprozesse:
c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.
C:\w.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\Windows\System32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Windows\System32\fastuserswitchingcompatibilityex.dll (Backdoor.Bot) -> Delete on reboot.
C:\Windows\System32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastuserswitchingcompatibility (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Trojan.Koblu) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\l (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (Userinit.exe,C:\Users\KINGALPER\AppData\Roaming\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
c:\Windows\System32\fastuserswitchingcompatibilityex.dll (Backdoor.Bot) -> Delete on reboot.
C:\Windows\System32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot.
C:\d.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ms.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\h1mb81f82.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\mb7cx65g.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\w.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully.



Hier die logs von OTL:

OTL logfile created on: 12.05.2010 15:06:18 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\*********\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 29,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 56,36 Gb Free Space | 57,72% Space Free | Partition Type: NTFS
Drive D: | 804,49 Gb Total Space | 36,82 Gb Free Space | 4,58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3,72 Gb Total Space | 1,86 Gb Free Space | 50,05% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: *******
Current User Name: **********
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\KINGALPER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Temp\v13vp.exe ()
PRC - C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Users\KINGALPER\Desktop\CoreTemp32\Core Temp.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\KINGALPER\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (peresvc) -- File not found
SRV - (FastUserSwitchingCompatibility) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3697.dll ()
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BtwSvc) -- C:\Windows\System32\BtwSvc.dll (dreas company)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (UpdateCenterService) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)


========== Driver Services (SafeList) ==========

DRV - (ALSysIO) -- File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (nvamacpi) -- C:\Windows\system32\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nv) -- C:\Windows\System32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvoclock) -- C:\Windows\System32\drivers\nvoclock.sys (NVIDIA Corp.)
DRV - (nvnetbus) -- C:\Windows\System32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVR0Dev) -- C:\Windows\nvoclock.sys (NVidia Corp.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (CEBDADTV) -- C:\Windows\System32\drivers\CEBDA150.sys (Computer & Entertainment, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (CEDTVLDR) -- C:\Windows\System32\drivers\CEDTVLDR.sys (Computer & Entertainment, Inc.)
DRV - (PESIDTV) -- C:\Windows\System32\drivers\CEUSBDVB.sys (Computer & Entertainment, Inc.)
DRV - (portio32) -- C:\Windows\System32\drivers\portio32.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC CA F6 4A 28 D0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {39124730-0779-11de-8c30-0800200c9a66}:2
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: imagetab@next.gen.nz:1.1
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.85.20100407
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 07:24:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 07:24:22 | 000,000,000 | ---D | M]

[2009.10.31 22:05:22 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Extensions
[2010.05.12 06:51:52 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions
[2010.04.12 16:00:01 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009.11.01 21:35:29 | 000,000,000 | ---D | M] (FFComponent) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{39124730-0779-11de-8c30-0800200c9a66}
[2010.04.25 07:07:58 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010.03.16 22:45:46 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2009.11.15 10:03:57 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.02.10 22:38:56 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.05.01 07:31:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.01 07:31:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.04 19:55:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.01.08 23:51:12 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.04.15 14:20:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.04.14 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\ietab@ip.cn
[2009.11.15 10:03:57 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\imagetab@next.gen.nz
[2010.04.13 11:43:45 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\personas@christopher.beard
[2010.03.19 10:03:20 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\SkipScreen@SkipScreen
[2009.11.12 19:13:01 | 000,002,689 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\amazon-search-suggestions.xml
[2008.11.16 12:22:44 | 000,002,294 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\babes-boardch.xml
[2009.01.30 18:43:56 | 000,001,664 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\chemieonline-forum.xml
[2008.09.02 23:59:08 | 000,002,665 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\collectr.xml
[2009.05.22 14:25:30 | 000,002,052 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\dealextreme-gadgets.xml
[2010.05.06 07:52:53 | 000,001,325 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\dvdtiefpreisedecom.xml
[2010.02.14 09:11:49 | 000,001,189 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\winamp-search.xml
[2008.09.08 20:40:18 | 000,002,109 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\youtube-video-search.xml
[2009.01.31 08:51:14 | 000,002,109 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\youtube-videosuche.xml
[2010.05.12 06:51:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.05.12 13:35:54 | 000,001,538 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.41\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iqvxzd] C:\Windows\System32\msorcsvp.DLL File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ydfydv] C:\Windows\System32\msszbmuf.DLL ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Core Temp] C:\Users\KINGALPER\Desktop\CoreTemp32\Core Temp.exe ()
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ecvje9 = C:\Users\KINGAL~1\AppData\Local\Temp\671vw0.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: iktc = C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: d8qt0o = C:\Windows\TEMP\v13vp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.41\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.05 14:19:36 | 000,000,052 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.08.03 21:14:20 | 000,059,310 | RHS- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Msetup4.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.12 15:05:28 | 000,592,896 | ---- | C] (OldTimer Tools) -- C:\Users\KINGALPER\Desktop\OTL.exe
[2010.05.11 16:25:29 | 000,000,000 | -HSD | C] -- C:\Users\KINGALPER\AppData\Roaming\lowsec
[2010.05.11 16:17:40 | 000,000,000 | ---D | C] -- C:\Users\KINGALPER\AppData\Roaming\Malwarebytes
[2010.05.11 16:17:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.11 16:17:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.11 16:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.11 16:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.11 16:15:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\KINGALPER\Desktop\mbam-setup.exe
[2010.05.11 13:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.05.11 13:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.05.09 20:17:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.05.08 15:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2010.05.08 15:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2010.05.08 15:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\expLauncher
[2010.05.07 12:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2010.05.01 13:57:16 | 000,000,000 | ---D | C] -- C:\Users\KINGALPER\Desktop\GarminMobilePC_50060
[2010.04.30 18:51:59 | 000,000,000 | ---D | C] -- C:\Users\KINGALPER\AppData\Roaming\Canneverbe Limited
[2010.04.30 18:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.04.30 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010.04.30 18:33:07 | 006,568,173 | ---- | C] (Canneverbe Limited ) -- C:\Users\KINGALPER\Desktop\cdbxp_setup_4.3.1.2101.exe
[2010.04.28 06:49:57 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.04.28 06:49:57 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.04.26 09:31:45 | 000,000,000 | ---D | C] -- C:\Users\KINGALPER\Desktop\Neuer Ordner
[2010.04.15 13:41:40 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 13:41:39 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 13:41:36 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.13 07:06:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe

========== Files - Modified Within 30 Days ==========

[2010.05.12 15:10:03 | 003,407,872 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat
[2010.05.12 15:05:39 | 000,592,896 | ---- | M] (OldTimer Tools) -- C:\Users\KINGALPER\Desktop\OTL.exe
[2010.05.12 15:05:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.12 15:04:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tluu.sys
[2010.05.12 14:39:28 | 000,638,771 | ---- | M] () -- C:\Users\KINGALPER\Desktop\120520102372.jpg
[2010.05.12 14:05:25 | 000,617,722 | ---- | M] () -- C:\Users\KINGALPER\Desktop\Fitting+instructions+.rar
[2010.05.12 14:05:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.12 13:40:20 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.12 13:40:20 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.12 13:38:07 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.12 13:38:07 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.12 13:38:07 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.12 13:38:07 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.12 13:38:07 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.12 13:35:54 | 000,001,538 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.12 13:33:17 | 000,036,865 | ---- | M] () -- C:\Windows\System32\msszbmuf.dll
[2010.05.12 13:32:53 | 000,016,896 | ---- | M] () -- C:\so.bin
[2010.05.12 13:31:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.12 13:31:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.12 13:31:00 | 1207,361,536 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.12 07:08:06 | 002,481,535 | -H-- | M] () -- C:\Users\KINGALPER\AppData\Local\IconCache.db
[2010.05.11 16:17:33 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.11 16:15:39 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\KINGALPER\Desktop\mbam-setup.exe
[2010.05.11 14:38:56 | 000,449,402 | ---- | M] () -- C:\Users\KINGALPER\Desktop\110520102356.jpg
[2010.05.11 13:13:09 | 000,002,003 | ---- | M] () -- C:\Users\KINGALPER\Desktop\HijackThis.lnk
[2010.05.10 16:28:39 | 000,108,644 | ---- | M] () -- C:\Users\KINGALPER\Desktop\blech.jpg
[2010.05.10 07:16:35 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.05.09 21:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TMContainer00000000000000000002.regtrans-ms
[2010.05.09 21:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TMContainer00000000000000000001.regtrans-ms
[2010.05.09 21:00:00 | 000,065,536 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TM.blf
[2010.05.09 15:41:59 | 000,031,554 | ---- | M] () -- C:\Users\KINGALPER\energy-report.html
[2010.05.09 14:37:58 | 000,524,288 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TMContainer00000000000000000002.regtrans-ms
[2010.05.09 14:37:58 | 000,524,288 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TMContainer00000000000000000001.regtrans-ms
[2010.05.09 14:37:58 | 000,065,536 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TM.blf
[2010.05.08 10:34:10 | 000,023,835 | ---- | M] () -- C:\Users\KINGALPER\Desktop\DRTCP021.zip
[2010.05.07 18:10:57 | 000,097,899 | ---- | M] () -- C:\Users\KINGALPER\Desktop\zoll.jpg
[2010.05.07 18:00:20 | 010,758,576 | ---- | M] () -- C:\Users\KINGALPER\Desktop\GetDataBack369.zip
[2010.05.07 17:46:35 | 005,141,027 | ---- | M] () -- C:\Users\KINGALPER\Desktop\RGDBNTFSFAT4002_md.rar
[2010.05.07 17:42:56 | 009,823,541 | ---- | M] () -- C:\Users\KINGALPER\Desktop\GetDataBack4002.zip
[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.05 07:02:58 | 558,301,184 | ---- | M] () -- C:\Users\KINGALPER\Desktop\WinLite.iso
[2010.05.01 14:59:27 | 026,454,205 | ---- | M] () -- C:\Users\KINGALPER\Desktop\IVT_BlueSolei_2_6.zip
[2010.04.30 18:45:55 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.04.30 18:33:25 | 006,568,173 | ---- | M] (Canneverbe Limited ) -- C:\Users\KINGALPER\Desktop\cdbxp_setup_4.3.1.2101.exe
[2010.04.29 17:09:27 | 032,922,270 | ---- | M] () -- C:\Users\KINGALPER\Desktop\MS30-19-04-2010.zip
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.27 14:24:28 | 000,157,018 | ---- | M] () -- C:\Users\KINGALPER\Desktop\Motor Bank Slip.jpg
[2010.04.27 13:22:04 | 006,692,382 | ---- | M] () -- C:\Users\KINGALPER\Desktop\[KB].rar
[2010.04.22 18:43:08 | 000,012,243 | ---- | M] () -- C:\Users\KINGALPER\Documents\Alper Akdogan.docx
[2010.04.22 16:07:32 | 000,025,301 | ---- | M] () -- C:\Users\KINGALPER\Desktop\qyylab56.jpg
[2010.04.18 20:49:42 | 000,092,725 | ---- | M] () -- C:\Users\KINGALPER\Desktop\iphone.jpg
[2009.07.14 03:15:07 | 000,034,816 | ---- | M] (dreas company) -- C:\Windows\System32\BtwSvc.dllx

========== Files Created - No Company Name ==========

[2010.05.12 15:04:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tluu.sys
[2010.05.12 14:39:12 | 000,638,771 | ---- | C] () -- C:\Users\KINGALPER\Desktop\120520102372.jpg
[2010.05.12 14:05:34 | 000,767,890 | ---- | C] () -- C:\Users\KINGALPER\Desktop\Fitting+instructions+.pdf
[2010.05.12 14:05:14 | 000,617,722 | ---- | C] () -- C:\Users\KINGALPER\Desktop\Fitting+instructions+.rar
[2010.05.12 13:33:17 | 000,036,865 | ---- | C] () -- C:\Windows\System32\msszbmuf.dll
[2010.05.12 13:32:30 | 000,016,896 | ---- | C] () -- C:\so.bin
[2010.05.11 16:17:33 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.11 14:38:34 | 000,449,402 | ---- | C] () -- C:\Users\KINGALPER\Desktop\110520102356.jpg
[2010.05.11 13:13:09 | 000,002,003 | ---- | C] () -- C:\Users\KINGALPER\Desktop\HijackThis.lnk
[2010.05.10 16:28:35 | 000,108,644 | ---- | C] () -- C:\Users\KINGALPER\Desktop\blech.jpg
[2010.05.10 07:16:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.09 16:05:36 | 000,524,288 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TMContainer00000000000000000002.regtrans-ms
[2010.05.09 16:05:36 | 000,524,288 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TMContainer00000000000000000001.regtrans-ms
[2010.05.09 16:05:36 | 000,065,536 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TM.blf
[2010.05.09 15:41:59 | 000,031,554 | ---- | C] () -- C:\Users\KINGALPER\energy-report.html
[2010.05.09 14:37:58 | 000,524,288 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TMContainer00000000000000000002.regtrans-ms
[2010.05.09 14:37:58 | 000,524,288 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TMContainer00000000000000000001.regtrans-ms
[2010.05.09 14:37:58 | 000,065,536 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TM.blf
[2010.05.08 10:34:07 | 000,023,835 | ---- | C] () -- C:\Users\KINGALPER\Desktop\DRTCP021.zip
[2010.05.08 08:37:18 | 665,583,616 | ---- | C] () -- C:\Users\KINGALPER\Desktop\biexpp310gu.iso
[2010.05.07 18:10:54 | 000,097,899 | ---- | C] () -- C:\Users\KINGALPER\Desktop\zoll.jpg
[2010.05.07 17:59:03 | 010,758,576 | ---- | C] () -- C:\Users\KINGALPER\Desktop\GetDataBack369.zip
[2010.05.07 17:44:59 | 005,141,027 | ---- | C] () -- C:\Users\KINGALPER\Desktop\RGDBNTFSFAT4002_md.rar
[2010.05.07 17:41:42 | 009,823,541 | ---- | C] () -- C:\Users\KINGALPER\Desktop\GetDataBack4002.zip
[2010.05.05 06:52:05 | 558,301,184 | ---- | C] () -- C:\Users\KINGALPER\Desktop\WinLite.iso
[2010.05.01 13:19:39 | 026,454,205 | ---- | C] () -- C:\Users\KINGALPER\Desktop\IVT_BlueSolei_2_6.zip
[2010.04.30 18:45:55 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.04.30 18:45:53 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.29 17:08:54 | 032,922,270 | ---- | C] () -- C:\Users\KINGALPER\Desktop\MS30-19-04-2010.zip
[2010.04.27 14:24:25 | 000,157,018 | ---- | C] () -- C:\Users\KINGALPER\Desktop\Motor Bank Slip.jpg
[2010.04.27 13:20:00 | 006,692,382 | ---- | C] () -- C:\Users\KINGALPER\Desktop\[KB].rar
[2010.04.22 18:43:06 | 000,012,243 | ---- | C] () -- C:\Users\KINGALPER\Documents\Alper Akdogan.docx
[2010.04.22 16:04:20 | 000,025,301 | ---- | C] () -- C:\Users\KINGALPER\Desktop\qyylab56.jpg
[2010.04.18 20:49:36 | 000,092,725 | ---- | C] () -- C:\Users\KINGALPER\Desktop\iphone.jpg
[2010.03.28 14:14:08 | 000,000,099 | ---- | C] () -- C:\Windows\abreg.ini
[2010.02.07 14:36:28 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.02 10:46:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.11.13 18:06:11 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2009.11.04 14:11:53 | 000,002,048 | ---- | C] () -- C:\Windows\System32\drivers\portio32.sys
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.01 01:31:06 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2009.05.01 01:31:06 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nview.dll
[2009.05.01 01:31:06 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2009.05.01 01:31:06 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.03.12 13:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2004.08.17 20:00:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\FastUserSwitchingCompatibilityex.dll
[2003.11.16 11:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2003.11.16 11:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003.11.15 18:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002.10.07 00:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >


hoffe das hilft ...
danke
__________________

Alt 12.05.2010, 14:16   #4
winseven
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



log2 von otl .. ging nicht in ein post da es zu lang war:


OTL Extras logfile created on: 12.05.2010 15:06:18 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\*******\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 29,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 56,36 Gb Free Space | 57,72% Space Free | Partition Type: NTFS
Drive D: | 804,49 Gb Total Space | 36,82 Gb Free Space | 4,58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3,72 Gb Total Space | 1,86 Gb Free Space | 50,05% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: *******
Current User Name: ********
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACDDDDC-3304-404A-A7F8-9F63E9201C3B}" = DruckStudio Poster Drucker
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"AutoBINGOOO_is1" = AutoBINGOOO 2.5
"Avidemux 2.5" = Avidemux 2.5
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DTV_1.0" = DVB-USB Terrestrial 1.0
"DVBViewer Pro_is1" = DVBViewer Pro
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 3233] [2010-01-28]
"FileZilla Client" = FileZilla Client 3.2.7.1
"FLV Player" = FLV Player 2.0 (build 25)
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Google Chrome Frame" = Google Chrome Frame
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IsoBuster_is1" = IsoBuster 2.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.24
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus! Live" = Messenger Plus! Live
"MKVtoolnix" = MKVtoolnix 3.1.0
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PhotoFiltre" = PhotoFiltre
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Sweet Home 3D_is1" = Sweet Home 3D version 2.3
"Tunatic" = Tunatic
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.2.6
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
"Move Media Player" = Move Media Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
"XBMC" = XBMC Media Center

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.05.2010 10:14:37 | Computer Name = KINGALPER-PC | Source = VSS | ID = 8193
Description =

Error - 11.05.2010 10:14:42 | Computer Name = KINGALPER-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
Windows Messenger Services since QueryServiceConfig API failed System Error: Das
System kann die angegebene Datei nicht finden. .

Error - 11.05.2010 10:16:47 | Computer Name = KINGALPER-PC | Source = MsiInstaller | ID = 11922
Description =

Error - 11.05.2010 10:17:19 | Computer Name = KINGALPER-PC | Source = MsiInstaller | ID = 11922
Description =

Error - 12.05.2010 00:42:33 | Computer Name = KINGALPER-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4bbe2733 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x120c Startzeit der fehlerhaften Anwendung: 0x01caf18d88980f70 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: c707cb10-5d80-11df-95c2-00012e276ed8

Error - 12.05.2010 00:42:42 | Computer Name = KINGALPER-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4bbe2733 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0x01caf18d8e8f86b0 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: cc964f20-5d80-11df-95c2-00012e276ed8

Error - 12.05.2010 01:08:32 | Computer Name = KINGALPER-PC | Source = VSS | ID = 8193
Description =

Error - 12.05.2010 07:32:26 | Computer Name = KINGALPER-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4bbe2733 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x17d4 Startzeit der fehlerhaften Anwendung: 0x01caf1c6cb25c060 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 09ce9d00-5dba-11df-9c46-00012e276ed8

Error - 12.05.2010 07:33:28 | Computer Name = KINGALPER-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4bbe2733 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x12a8 Startzeit der fehlerhaften Anwendung: 0x01caf1c6ec935690 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 2ea5cbd0-5dba-11df-9c46-00012e276ed8

Error - 12.05.2010 07:35:47 | Computer Name = KINGALPER-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 08.03.2010 10:52:17 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183

Error - 08.03.2010 11:13:15 | Computer Name = KINGALPER-PC | Source = BROWSER | ID = 8032
Description =

Error - 08.03.2010 16:37:36 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 09.03.2010 01:26:31 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 09.03.2010 01:26:31 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183

Error - 09.03.2010 01:26:35 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183

Error - 09.03.2010 02:12:28 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 09.03.2010 06:39:28 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 09.03.2010 06:39:28 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183

Error - 09.03.2010 06:39:33 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183


< End of report >

Alt 13.05.2010, 07:41   #5
winseven
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



keiner eine ahnung bin echt am verzweifeln.


Alt 13.05.2010, 15:06   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Windows\Temp\v13vp.exe ()
PRC - C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe ()
SRV - (peresvc) -- File not found
SRV - (FastUserSwitchingCompatibility) -- File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [iqvxzd] C:\Windows\System32\msorcsvp.DLL File not found
O4 - HKLM..\Run: [ydfydv] C:\Windows\System32\msszbmuf.DLL ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ecvje9 = C:\Users\KINGAL~1\AppData\Local\Temp\671vw0.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: iktc = C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: d8qt0o = C:\Windows\TEMP\v13vp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
[2010.05.12 15:04:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tluu.sys
[2010.05.12 13:33:17 | 000,036,865 | ---- | M] () -- C:\Windows\System32\msszbmuf.dll
[2010.05.12 13:32:53 | 000,016,896 | ---- | M] () -- C:\so.bin
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr

Alt 13.05.2010, 15:23   #7
winseven
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



All processes killed
========== OTL ==========
No active process named v13vp.exe was found!
No active process named dmiy.exe was found!
Error: No service named peresvc was found to stop!
Service\Driver key peresvc not found.
File File not found not found.
Error: No service named FastUserSwitchingCompatibility was found to stop!
Service\Driver key FastUserSwitchingCompatibility not found.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iqvxzd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ydfydv deleted successfully.
C:\Windows\System32\msszbmuf.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ecvje9 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\iktc deleted successfully.
File C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\d8qt0o deleted successfully.
C:\Windows\Temp\v13vp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
File C:\Windows\System32\drivers\tluu.sys not found.
File C:\Windows\System32\msszbmuf.dll not found.
C:\so.bin moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 51062 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 197348 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: KINGALPER
->Temp folder emptied: 881902055 bytes
->Temporary Internet Files folder emptied: 41049106 bytes
->Java cache emptied: 33445893 bytes
->FireFox cache emptied: 40325940 bytes
->Flash cache emptied: 3445 bytes

User: Public

User: Yakup
->Temp folder emptied: 51857 bytes
->Temporary Internet Files folder emptied: 300732 bytes
->FireFox cache emptied: 35594861 bytes
->Flash cache emptied: 708 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2098144394 bytes
RecycleBin emptied: 2225299991 bytes

Total Files Cleaned = 5.108,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05132010_161504

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 13.05.2010, 16:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



Dann jetzt mit CF weitermachen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2010, 07:13   #9
winseven
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



also bekomme combofix nicht zum laufen auch nachdem ich es von der seite neu geladen habe und das mehrmals:

Error

!!WARNUNG!! ES IST NICHT SICHER weiter zu machen!
Der Inhalt des ComboFix-Anwendungspaketes wurde komprimitiert.
Bitte lade eine frische Version von:

Http://www.bleepingcomputer.com/combofix/how-to-use-combofix
herunter.

NB: Du bist vielleicht mit einem Virus infiziert, der Dateien
modifiziert, bzw. infiziert 'Virut'

Alt 14.05.2010, 10:18   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



Oha, dann kannste die Bereinigung vergessen. Bei derart zerstörerischen Schädlingen wie Virut lohnt sich keine Bereinigung mehr.

Mach den PC komplett platt. Alle Partitionen der internen Festplatte im Windows-Setup löschen und neu anlegen und formatieren. Verwende keine ausführbaren Dateien mehr, die von diesem infizierten PC verarbeitet wurden!!

Nimm das als Leitfaden => http://www.trojaner-board.de/51262-a...sicherung.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2010, 12:10   #11
winseven
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



oh neeeee ^^ ... darauf habe ich echt keine lust xD ...

Alt 14.05.2010, 12:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



Geht aber nicht nach Lust
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2010, 12:25   #13
winseven
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



hab da echt kein bock dazu momentan. Mache es irgendwann momentan ist so schön alles eingerichtet, eingestellt .... ..

Die ab und zu weiterleiungen stören nicht so...

Alt 14.05.2010, 12:54   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Standard

Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr



Tja die stören vllt nicht. Aber dass Deine Passwörter ausgespäht werden können? Dein Rechner in einem Botnetz werkelt und fleißig Spam verteilt? Ist alles möglich. Aber vllt wird ja auch Dein Internetanschluss gesperrt, wenn Du Dir zu lange Zeit lässt
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr
0 bytes, adobe, bho, browser, canon, cdburnerxp, desktop, exe, exe datei, exe datein, firefox, frage, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, hängen, internet, internet explorer, local\temp, menu.exe, mozilla, nvidia, pdf-datei, plug-in, realtek, rundll, seiten, senden, software, stick, system, usb, virus, windows, wuaucld



Ähnliche Themen: Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr


  1. USB Sticks werden unter Win 8.1 nicht mehr erkannt.
    Alles rund um Windows - 03.06.2015 (5)
  2. Windows7, Internet geht nicht mehr bis auf Google Seite, manche Programm gehen nicht
    Log-Analyse und Auswertung - 30.01.2015 (21)
  3. Windows 7: Google-Suchanfragen werden umgeleitet (Ihavenet, Newsbusters)
    Log-Analyse und Auswertung - 09.09.2013 (7)
  4. Probleme mit FF und IE die Suchanfragen bei google werden auf http://click.sureonlinefind.com umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (29)
  5. Rootkit Trojaner (Google-Anfragen werden weitergeleitet)
    Log-Analyse und Auswertung - 08.08.2013 (11)
  6. Google Suchbegriffe werden falsch weitergeleitet
    Log-Analyse und Auswertung - 24.10.2011 (14)
  7. Google Suchergebnisse werden immer auf Porno- u. Casinoseiten weitergeleitet! Inkl Log.
    Log-Analyse und Auswertung - 19.07.2011 (32)
  8. Google Suchergebnisse werden weiter geleitet Windows 7 Firewall kann nicht mehr aktiviert werden
    Log-Analyse und Auswertung - 15.07.2011 (19)
  9. Suchanfragen (Google, Yahoo, etc.) werden umgeleitet (Firefox)
    Log-Analyse und Auswertung - 03.07.2011 (7)
  10. Google Suchergebnisse werden weitergeleitet + Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 11.05.2011 (24)
  11. Falsche Internet Seiten werden geladen, Schlechte Performence, USB Sticks werden nicht erkannt
    Log-Analyse und Auswertung - 08.04.2011 (19)
  12. Google Chrome und Windows Update gehen nicht mehr + Diverses
    Log-Analyse und Auswertung - 15.01.2011 (26)
  13. Google Suchanfragen werden umgeleitet
    Log-Analyse und Auswertung - 17.11.2010 (19)
  14. Google - Suchanfragen werden umgeleitet, manipulierte TCP/IP-Einstellungen
    Log-Analyse und Auswertung - 14.11.2010 (19)
  15. Google-Treffer werden teilweise weitergeleitet
    Log-Analyse und Auswertung - 11.06.2009 (11)
  16. Browser Hijackin? Google.de und amazon gehen nicht mehr
    Log-Analyse und Auswertung - 29.03.2009 (0)
  17. Google-Ergebnisse werden weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 21.05.2008 (9)

Zum Thema Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr - Hi Habe ein großes prob. Benutze win 7. Jedenfalls habe ich mir wohl irgend sone behinderten virus eingefangen. Immer wenn ich bei google was suche und auf ein treffer klick - Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr...
Archiv
Du betrachtest: Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.