| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.05.2010, 12:15
| #1 |
| |  Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr Hi Habe ein großes prob. Benutze win 7. Jedenfalls habe ich mir wohl irgend sone behinderten virus eingefangen. Immer wenn ich bei google was suche und auf ein treffer klick werde ich zu irgend welchen anderen seiten weitergeleitet. Dann noch wenn ich mein usb stick öffnen will steht da immer F: anwendung nicht gefunden. Nur mit rechtsklick öffnen komme ich da rein. Mir ist aufgefallen das da iwi welche exe datein drinn waren mit namen wie explorer.exe usw. auch löschen der daten brachte nix. Hoffe ihr könnt mir helfen... der hijack log.: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:13:37, on 11.05.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\pdf24\pdf24.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\wuaucldt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\****\Desktop\CoreTemp32\Core Temp.exe C:\Users\****\AppData\Local\Temp\dmiy.exe C:\Users\****\AppData\Local\Temp\dmiy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Winamp\winamp.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.33\npchrome_frame.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0" O4 - HKLM\..\Run: [iqvxzd] RUNDLL32.EXE C:\Windows\system32\msorcsvp.dll,w O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Core Temp] "C:\Users\KINGALPER\Desktop\CoreTemp32\Core Temp.exe" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Users\*****\AppData\Local\NVIDIA Corporation\nTune\Profiles\newtil.nsu" O4 - HKCU\..\Run: [syncman] c:\users\kingalper\wuaucldt.exe O4 - HKLM\..\Policies\Explorer\Run: [ecvje9] C:\Users\****\AppData\Local\Temp\671vw0.exe O4 - HKLM\..\Policies\Explorer\Run: [iktc] C:\Users\****\AppData\Local\Temp\dmiy.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [syncman] c:\windows\system32\config\systemprofile\wuaucldt.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [syncman] c:\windows\system32\config\systemprofile\wuaucldt.exe (User 'Default user') O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.33\npchrome_frame.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- End of file - 10140 bytes |
|
11.05.2010, 15:12
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
12.05.2010, 14:15
| #3 |
| | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr also einmal der log von malwarebyte:
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4090 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12.05.2010 15:04:41 mbam-log-2010-05-12 (15-04-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Durchsuchte Objekte: 297152 Laufzeit: 1 Stunde(n), 15 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 4 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 14 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 12 Infizierte Speicherprozesse: c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully. C:\w.exe (Trojan.Agent) -> Unloaded process successfully. C:\Windows\System32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully. C:\Windows\System32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully. Infizierte Speichermodule: c:\Windows\System32\fastuserswitchingcompatibilityex.dll (Backdoor.Bot) -> Delete on reboot. C:\Windows\System32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastuserswitchingcompatibility (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Trojan.Koblu) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\l (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (Userinit.exe,C:\Users\KINGALPER\AppData\Roaming\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\System32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. c:\Windows\System32\fastuserswitchingcompatibilityex.dll (Backdoor.Bot) -> Delete on reboot. C:\Windows\System32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot. C:\d.bin (Trojan.Agent) -> Quarantined and deleted successfully. C:\ms.bin (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\h1mb81f82.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\mb7cx65g.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\w.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\System32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\System32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully. Hier die logs von OTL: OTL logfile created on: 12.05.2010 15:06:18 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\*********\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 29,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 56,36 Gb Free Space | 57,72% Space Free | Partition Type: NTFS Drive D: | 804,49 Gb Total Space | 36,82 Gb Free Space | 4,58% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3,72 Gb Total Space | 1,86 Gb Free Space | 50,05% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ******* Current User Name: ********** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\KINGALPER\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\Temp\v13vp.exe () PRC - C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () PRC - C:\Users\KINGALPER\Desktop\CoreTemp32\Core Temp.exe () PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA) PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\KINGALPER\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (peresvc) -- File not found SRV - (FastUserSwitchingCompatibility) -- File not found SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3697.dll () SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BtwSvc) -- C:\Windows\System32\BtwSvc.dll (dreas company) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (UpdateCenterService) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA) SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Driver Services (SafeList) ========== DRV - (ALSysIO) -- File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation) DRV - (nvamacpi) -- C:\Windows\system32\DRIVERS\NVAMACPI.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nv) -- C:\Windows\System32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (nvoclock) -- C:\Windows\System32\drivers\nvoclock.sys (NVIDIA Corp.) DRV - (nvnetbus) -- C:\Windows\System32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVR0Dev) -- C:\Windows\nvoclock.sys (NVidia Corp.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (CEBDADTV) -- C:\Windows\System32\drivers\CEBDA150.sys (Computer & Entertainment, Inc.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (CEDTVLDR) -- C:\Windows\System32\drivers\CEDTVLDR.sys (Computer & Entertainment, Inc.) DRV - (PESIDTV) -- C:\Windows\System32\drivers\CEUSBDVB.sys (Computer & Entertainment, Inc.) DRV - (portio32) -- C:\Windows\System32\drivers\portio32.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC CA F6 4A 28 D0 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {39124730-0779-11de-8c30-0800200c9a66}:2 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: imagetab@next.gen.nz:1.1 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.85.20100407 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 07:24:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 07:24:22 | 000,000,000 | ---D | M] [2009.10.31 22:05:22 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Extensions [2010.05.12 06:51:52 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions [2010.04.12 16:00:01 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009.11.01 21:35:29 | 000,000,000 | ---D | M] (FFComponent) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{39124730-0779-11de-8c30-0800200c9a66} [2010.04.25 07:07:58 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF} [2010.03.16 22:45:46 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} [2009.11.15 10:03:57 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010.02.10 22:38:56 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.05.01 07:31:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.05.01 07:31:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.04 19:55:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.01.08 23:51:12 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2010.04.15 14:20:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.04.14 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\ietab@ip.cn [2009.11.15 10:03:57 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\imagetab@next.gen.nz [2010.04.13 11:43:45 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\personas@christopher.beard [2010.03.19 10:03:20 | 000,000,000 | ---D | M] -- C:\Users\KINGALPER\AppData\Roaming\mozilla\Firefox\Profiles\fzi34nv2.default\extensions\SkipScreen@SkipScreen [2009.11.12 19:13:01 | 000,002,689 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\amazon-search-suggestions.xml [2008.11.16 12:22:44 | 000,002,294 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\babes-boardch.xml [2009.01.30 18:43:56 | 000,001,664 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\chemieonline-forum.xml [2008.09.02 23:59:08 | 000,002,665 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\collectr.xml [2009.05.22 14:25:30 | 000,002,052 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\dealextreme-gadgets.xml [2010.05.06 07:52:53 | 000,001,325 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\dvdtiefpreisedecom.xml [2010.02.14 09:11:49 | 000,001,189 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\winamp-search.xml [2008.09.08 20:40:18 | 000,002,109 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\youtube-video-search.xml [2009.01.31 08:51:14 | 000,002,109 | ---- | M] () -- C:\Users\KINGALPER\AppData\Roaming\Mozilla\FireFox\Profiles\fzi34nv2.default\searchplugins\youtube-videosuche.xml [2010.05.12 06:51:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.12 13:35:54 | 000,001,538 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 jL.chura.pl O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.41\npchrome_frame.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [iqvxzd] C:\Windows\System32\msorcsvp.DLL File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [ydfydv] C:\Windows\System32\msszbmuf.DLL () O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Core Temp] C:\Users\KINGALPER\Desktop\CoreTemp32\Core Temp.exe () O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ecvje9 = C:\Users\KINGAL~1\AppData\Local\Temp\671vw0.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: iktc = C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: d8qt0o = C:\Windows\TEMP\v13vp.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.41\npchrome_frame.dll (Google Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.11.05 14:19:36 | 000,000,052 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009.08.03 21:14:20 | 000,059,310 | RHS- | M] () - F:\AUTORUN.INF -- [ FAT32 ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Msetup4.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.12 15:05:28 | 000,592,896 | ---- | C] (OldTimer Tools) -- C:\Users\KINGALPER\Desktop\OTL.exe [2010.05.11 16:25:29 | 000,000,000 | -HSD | C] -- C:\Users\KINGALPER\AppData\Roaming\lowsec [2010.05.11 16:17:40 | 000,000,000 | ---D | C] -- C:\Users\KINGALPER\AppData\Roaming\Malwarebytes [2010.05.11 16:17:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.11 16:17:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.11 16:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.11 16:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.11 16:15:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\KINGALPER\Desktop\mbam-setup.exe [2010.05.11 13:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.05.11 13:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010.05.09 20:17:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010.05.08 15:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon [2010.05.08 15:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software [2010.05.08 15:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\expLauncher [2010.05.07 12:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\nLite [2010.05.01 13:57:16 | 000,000,000 | ---D | C] -- C:\Users\KINGALPER\Desktop\GarminMobilePC_50060 [2010.04.30 18:51:59 | 000,000,000 | ---D | C] -- C:\Users\KINGALPER\AppData\Roaming\Canneverbe Limited [2010.04.30 18:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2010.04.30 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2010.04.30 18:33:07 | 006,568,173 | ---- | C] (Canneverbe Limited ) -- C:\Users\KINGALPER\Desktop\cdbxp_setup_4.3.1.2101.exe [2010.04.28 06:49:57 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010.04.28 06:49:57 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2010.04.26 09:31:45 | 000,000,000 | ---D | C] -- C:\Users\KINGALPER\Desktop\Neuer Ordner [2010.04.15 13:41:40 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.15 13:41:39 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.15 13:41:36 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.13 07:06:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe ========== Files - Modified Within 30 Days ========== [2010.05.12 15:10:03 | 003,407,872 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat [2010.05.12 15:05:39 | 000,592,896 | ---- | M] (OldTimer Tools) -- C:\Users\KINGALPER\Desktop\OTL.exe [2010.05.12 15:05:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.12 15:04:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tluu.sys [2010.05.12 14:39:28 | 000,638,771 | ---- | M] () -- C:\Users\KINGALPER\Desktop\120520102372.jpg [2010.05.12 14:05:25 | 000,617,722 | ---- | M] () -- C:\Users\KINGALPER\Desktop\Fitting+instructions+.rar [2010.05.12 14:05:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.12 13:40:20 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.12 13:40:20 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.12 13:38:07 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.12 13:38:07 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.12 13:38:07 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.12 13:38:07 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.12 13:38:07 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.12 13:35:54 | 000,001,538 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.05.12 13:33:17 | 000,036,865 | ---- | M] () -- C:\Windows\System32\msszbmuf.dll [2010.05.12 13:32:53 | 000,016,896 | ---- | M] () -- C:\so.bin [2010.05.12 13:31:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.12 13:31:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.12 13:31:00 | 1207,361,536 | -HS- | M] () -- C:\hiberfil.sys [2010.05.12 07:08:06 | 002,481,535 | -H-- | M] () -- C:\Users\KINGALPER\AppData\Local\IconCache.db [2010.05.11 16:17:33 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.11 16:15:39 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\KINGALPER\Desktop\mbam-setup.exe [2010.05.11 14:38:56 | 000,449,402 | ---- | M] () -- C:\Users\KINGALPER\Desktop\110520102356.jpg [2010.05.11 13:13:09 | 000,002,003 | ---- | M] () -- C:\Users\KINGALPER\Desktop\HijackThis.lnk [2010.05.10 16:28:39 | 000,108,644 | ---- | M] () -- C:\Users\KINGALPER\Desktop\blech.jpg [2010.05.10 07:16:35 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.05.09 21:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TMContainer00000000000000000002.regtrans-ms [2010.05.09 21:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TMContainer00000000000000000001.regtrans-ms [2010.05.09 21:00:00 | 000,065,536 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TM.blf [2010.05.09 15:41:59 | 000,031,554 | ---- | M] () -- C:\Users\KINGALPER\energy-report.html [2010.05.09 14:37:58 | 000,524,288 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TMContainer00000000000000000002.regtrans-ms [2010.05.09 14:37:58 | 000,524,288 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TMContainer00000000000000000001.regtrans-ms [2010.05.09 14:37:58 | 000,065,536 | -HS- | M] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TM.blf [2010.05.08 10:34:10 | 000,023,835 | ---- | M] () -- C:\Users\KINGALPER\Desktop\DRTCP021.zip [2010.05.07 18:10:57 | 000,097,899 | ---- | M] () -- C:\Users\KINGALPER\Desktop\zoll.jpg [2010.05.07 18:00:20 | 010,758,576 | ---- | M] () -- C:\Users\KINGALPER\Desktop\GetDataBack369.zip [2010.05.07 17:46:35 | 005,141,027 | ---- | M] () -- C:\Users\KINGALPER\Desktop\RGDBNTFSFAT4002_md.rar [2010.05.07 17:42:56 | 009,823,541 | ---- | M] () -- C:\Users\KINGALPER\Desktop\GetDataBack4002.zip [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.05 07:02:58 | 558,301,184 | ---- | M] () -- C:\Users\KINGALPER\Desktop\WinLite.iso [2010.05.01 14:59:27 | 026,454,205 | ---- | M] () -- C:\Users\KINGALPER\Desktop\IVT_BlueSolei_2_6.zip [2010.04.30 18:45:55 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.04.30 18:33:25 | 006,568,173 | ---- | M] (Canneverbe Limited ) -- C:\Users\KINGALPER\Desktop\cdbxp_setup_4.3.1.2101.exe [2010.04.29 17:09:27 | 032,922,270 | ---- | M] () -- C:\Users\KINGALPER\Desktop\MS30-19-04-2010.zip [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 14:24:28 | 000,157,018 | ---- | M] () -- C:\Users\KINGALPER\Desktop\Motor Bank Slip.jpg [2010.04.27 13:22:04 | 006,692,382 | ---- | M] () -- C:\Users\KINGALPER\Desktop\[KB].rar [2010.04.22 18:43:08 | 000,012,243 | ---- | M] () -- C:\Users\KINGALPER\Documents\Alper Akdogan.docx [2010.04.22 16:07:32 | 000,025,301 | ---- | M] () -- C:\Users\KINGALPER\Desktop\qyylab56.jpg [2010.04.18 20:49:42 | 000,092,725 | ---- | M] () -- C:\Users\KINGALPER\Desktop\iphone.jpg [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (dreas company) -- C:\Windows\System32\BtwSvc.dllx ========== Files Created - No Company Name ========== [2010.05.12 15:04:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tluu.sys [2010.05.12 14:39:12 | 000,638,771 | ---- | C] () -- C:\Users\KINGALPER\Desktop\120520102372.jpg [2010.05.12 14:05:34 | 000,767,890 | ---- | C] () -- C:\Users\KINGALPER\Desktop\Fitting+instructions+.pdf [2010.05.12 14:05:14 | 000,617,722 | ---- | C] () -- C:\Users\KINGALPER\Desktop\Fitting+instructions+.rar [2010.05.12 13:33:17 | 000,036,865 | ---- | C] () -- C:\Windows\System32\msszbmuf.dll [2010.05.12 13:32:30 | 000,016,896 | ---- | C] () -- C:\so.bin [2010.05.11 16:17:33 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.11 14:38:34 | 000,449,402 | ---- | C] () -- C:\Users\KINGALPER\Desktop\110520102356.jpg [2010.05.11 13:13:09 | 000,002,003 | ---- | C] () -- C:\Users\KINGALPER\Desktop\HijackThis.lnk [2010.05.10 16:28:35 | 000,108,644 | ---- | C] () -- C:\Users\KINGALPER\Desktop\blech.jpg [2010.05.10 07:16:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.05.09 16:05:36 | 000,524,288 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TMContainer00000000000000000002.regtrans-ms [2010.05.09 16:05:36 | 000,524,288 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TMContainer00000000000000000001.regtrans-ms [2010.05.09 16:05:36 | 000,065,536 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{77d8ea77-5b72-11df-bbcf-00012e276ed8}.TM.blf [2010.05.09 15:41:59 | 000,031,554 | ---- | C] () -- C:\Users\KINGALPER\energy-report.html [2010.05.09 14:37:58 | 000,524,288 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TMContainer00000000000000000002.regtrans-ms [2010.05.09 14:37:58 | 000,524,288 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TMContainer00000000000000000001.regtrans-ms [2010.05.09 14:37:58 | 000,065,536 | -HS- | C] () -- C:\Users\KINGALPER\ntuser.dat{49a1409f-5b61-11df-afef-00012e276ed8}.TM.blf [2010.05.08 10:34:07 | 000,023,835 | ---- | C] () -- C:\Users\KINGALPER\Desktop\DRTCP021.zip [2010.05.08 08:37:18 | 665,583,616 | ---- | C] () -- C:\Users\KINGALPER\Desktop\biexpp310gu.iso [2010.05.07 18:10:54 | 000,097,899 | ---- | C] () -- C:\Users\KINGALPER\Desktop\zoll.jpg [2010.05.07 17:59:03 | 010,758,576 | ---- | C] () -- C:\Users\KINGALPER\Desktop\GetDataBack369.zip [2010.05.07 17:44:59 | 005,141,027 | ---- | C] () -- C:\Users\KINGALPER\Desktop\RGDBNTFSFAT4002_md.rar [2010.05.07 17:41:42 | 009,823,541 | ---- | C] () -- C:\Users\KINGALPER\Desktop\GetDataBack4002.zip [2010.05.05 06:52:05 | 558,301,184 | ---- | C] () -- C:\Users\KINGALPER\Desktop\WinLite.iso [2010.05.01 13:19:39 | 026,454,205 | ---- | C] () -- C:\Users\KINGALPER\Desktop\IVT_BlueSolei_2_6.zip [2010.04.30 18:45:55 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.04.30 18:45:53 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.29 17:08:54 | 032,922,270 | ---- | C] () -- C:\Users\KINGALPER\Desktop\MS30-19-04-2010.zip [2010.04.27 14:24:25 | 000,157,018 | ---- | C] () -- C:\Users\KINGALPER\Desktop\Motor Bank Slip.jpg [2010.04.27 13:20:00 | 006,692,382 | ---- | C] () -- C:\Users\KINGALPER\Desktop\[KB].rar [2010.04.22 18:43:06 | 000,012,243 | ---- | C] () -- C:\Users\KINGALPER\Documents\Alper Akdogan.docx [2010.04.22 16:04:20 | 000,025,301 | ---- | C] () -- C:\Users\KINGALPER\Desktop\qyylab56.jpg [2010.04.18 20:49:36 | 000,092,725 | ---- | C] () -- C:\Users\KINGALPER\Desktop\iphone.jpg [2010.03.28 14:14:08 | 000,000,099 | ---- | C] () -- C:\Windows\abreg.ini [2010.02.07 14:36:28 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.02 10:46:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.13 18:06:11 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini [2009.11.04 14:11:53 | 000,002,048 | ---- | C] () -- C:\Windows\System32\drivers\portio32.sys [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.05.01 01:31:06 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll [2009.05.01 01:31:06 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nview.dll [2009.05.01 01:31:06 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll [2009.05.01 01:31:06 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.03.12 13:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2004.08.17 20:00:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\FastUserSwitchingCompatibilityex.dll [2003.11.16 11:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2003.11.16 11:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2003.11.15 18:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.10.07 00:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys < End of report > hoffe das hilft ... danke |
|
12.05.2010, 14:16
| #4 |
| | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr log2 von otl .. ging nicht in ein post da es zu lang war: OTL Extras logfile created on: 12.05.2010 15:06:18 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\*******\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 29,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 56,36 Gb Free Space | 57,72% Space Free | Partition Type: NTFS Drive D: | 804,49 Gb Total Space | 36,82 Gb Free Space | 4,58% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3,72 Gb Total Space | 1,86 Gb Free Space | 50,05% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ******* Current User Name: ******** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7ACDDDDC-3304-404A-A7F8-9F63E9201C3B}" = DruckStudio Poster Drucker "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "AC3Filter_is1" = AC3Filter 1.63b "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4 "Akamai" = Akamai NetSession Interface "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp) "AutoBINGOOO_is1" = AutoBINGOOO 2.5 "Avidemux 2.5" = Avidemux 2.5 "Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung "CANONIJPLM100" = PIXMA Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CloneCD" = CloneCD "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only) "DTV_1.0" = DVB-USB Terrestrial 1.0 "DVBViewer Pro_is1" = DVBViewer Pro "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISER" = Microsoft Office Enterprise 2007 "ffdshow_is1" = ffdshow [rev 3233] [2010-01-28] "FileZilla Client" = FileZilla Client 3.2.7.1 "FLV Player" = FLV Player 2.0 (build 25) "Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only) "Google Chrome Frame" = Google Chrome Frame "HaaliMkx" = Haali Media Splitter "HD Tune_is1" = HD Tune 2.55 "HijackThis" = HijackThis 2.0.2 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "IsoBuster_is1" = IsoBuster 2.6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaInfo" = MediaInfo 0.7.24 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Messenger Plus! Live" = Messenger Plus! Live "MKVtoolnix" = MKVtoolnix 3.1.0 "MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only) "MozBackup" = MozBackup 1.4.9 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only) "PhotoFiltre" = PhotoFiltre "SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only) "SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009) "Sweet Home 3D_is1" = Sweet Home 3D version 2.3 "Tunatic" = Tunatic "VLC media player" = VLC media player 1.0.3 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR archiver "Wireshark" = Wireshark 1.2.6 "ZoomPlayer" = Zoom Player (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "360WAVESPATCHERCLT" = 360WavesPatcher (Client setup) "Move Media Player" = Move Media Player "Winamp Detect" = Winamp Erkennungs-Plug-in "XBMC" = XBMC Media Center ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.05.2010 10:14:37 | Computer Name = KINGALPER-PC | Source = VSS | ID = 8193 Description = Error - 11.05.2010 10:14:42 | Computer Name = KINGALPER-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service Windows Messenger Services since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error - 11.05.2010 10:16:47 | Computer Name = KINGALPER-PC | Source = MsiInstaller | ID = 11922 Description = Error - 11.05.2010 10:17:19 | Computer Name = KINGALPER-PC | Source = MsiInstaller | ID = 11922 Description = Error - 12.05.2010 00:42:33 | Computer Name = KINGALPER-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4bbe2733 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x120c Startzeit der fehlerhaften Anwendung: 0x01caf18d88980f70 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: c707cb10-5d80-11df-95c2-00012e276ed8 Error - 12.05.2010 00:42:42 | Computer Name = KINGALPER-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4bbe2733 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0x01caf18d8e8f86b0 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: cc964f20-5d80-11df-95c2-00012e276ed8 Error - 12.05.2010 01:08:32 | Computer Name = KINGALPER-PC | Source = VSS | ID = 8193 Description = Error - 12.05.2010 07:32:26 | Computer Name = KINGALPER-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4bbe2733 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x17d4 Startzeit der fehlerhaften Anwendung: 0x01caf1c6cb25c060 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 09ce9d00-5dba-11df-9c46-00012e276ed8 Error - 12.05.2010 07:33:28 | Computer Name = KINGALPER-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4bbe2733 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x12a8 Startzeit der fehlerhaften Anwendung: 0x01caf1c6ec935690 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 2ea5cbd0-5dba-11df-9c46-00012e276ed8 Error - 12.05.2010 07:35:47 | Computer Name = KINGALPER-PC | Source = VSS | ID = 8193 Description = [ System Events ] Error - 08.03.2010 10:52:17 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet: %%183 Error - 08.03.2010 11:13:15 | Computer Name = KINGALPER-PC | Source = BROWSER | ID = 8032 Description = Error - 08.03.2010 16:37:36 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 09.03.2010 01:26:31 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 09.03.2010 01:26:31 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet: %%183 Error - 09.03.2010 01:26:35 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet: %%183 Error - 09.03.2010 02:12:28 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 09.03.2010 06:39:28 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 09.03.2010 06:39:28 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet: %%183 Error - 09.03.2010 06:39:33 | Computer Name = KINGALPER-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVR0Dev" wurde aufgrund folgenden Fehlers nicht gestartet: %%183 < End of report > |
|
13.05.2010, 07:41
| #5 |
| | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr keiner eine ahnung bin echt am verzweifeln. |
|
13.05.2010, 15:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - C:\Windows\Temp\v13vp.exe ()
PRC - C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe ()
SRV - (peresvc) -- File not found
SRV - (FastUserSwitchingCompatibility) -- File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [iqvxzd] C:\Windows\System32\msorcsvp.DLL File not found
O4 - HKLM..\Run: [ydfydv] C:\Windows\System32\msszbmuf.DLL ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ecvje9 = C:\Users\KINGAL~1\AppData\Local\Temp\671vw0.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: iktc = C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: d8qt0o = C:\Windows\TEMP\v13vp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
[2010.05.12 15:04:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tluu.sys
[2010.05.12 13:33:17 | 000,036,865 | ---- | M] () -- C:\Windows\System32\msszbmuf.dll
[2010.05.12 13:32:53 | 000,016,896 | ---- | M] () -- C:\so.bin
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr |
|
13.05.2010, 15:23
| #7 |
| | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr All processes killed ========== OTL ========== No active process named v13vp.exe was found! No active process named dmiy.exe was found! Error: No service named peresvc was found to stop! Service\Driver key peresvc not found. File File not found not found. Error: No service named FastUserSwitchingCompatibility was found to stop! Service\Driver key FastUserSwitchingCompatibility not found. File File not found not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iqvxzd deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ydfydv deleted successfully. C:\Windows\System32\msszbmuf.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ecvje9 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\iktc deleted successfully. File C:\Users\KINGAL~1\AppData\Local\Temp\dmiy.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\d8qt0o deleted successfully. C:\Windows\Temp\v13vp.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. File C:\Windows\System32\drivers\tluu.sys not found. File C:\Windows\System32\msszbmuf.dll not found. C:\so.bin moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 51062 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 197348 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: KINGALPER ->Temp folder emptied: 881902055 bytes ->Temporary Internet Files folder emptied: 41049106 bytes ->Java cache emptied: 33445893 bytes ->FireFox cache emptied: 40325940 bytes ->Flash cache emptied: 3445 bytes User: Public User: Yakup ->Temp folder emptied: 51857 bytes ->Temporary Internet Files folder emptied: 300732 bytes ->FireFox cache emptied: 35594861 bytes ->Flash cache emptied: 708 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2098144394 bytes RecycleBin emptied: 2225299991 bytes Total Files Cleaned = 5.108,00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05132010_161504 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
13.05.2010, 16:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr Dann jetzt mit CF weitermachen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.05.2010, 07:13
| #9 |
| | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr also bekomme combofix nicht zum laufen auch nachdem ich es von der seite neu geladen habe und das mehrmals: Error !!WARNUNG!! ES IST NICHT SICHER weiter zu machen! Der Inhalt des ComboFix-Anwendungspaketes wurde komprimitiert. Bitte lade eine frische Version von: Http://www.bleepingcomputer.com/combofix/how-to-use-combofix herunter. NB: Du bist vielleicht mit einem Virus infiziert, der Dateien modifiziert, bzw. infiziert 'Virut' |
|
14.05.2010, 10:18
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr Oha, dann kannste die Bereinigung vergessen. Bei derart zerstörerischen Schädlingen wie Virut lohnt sich keine Bereinigung mehr. Mach den PC komplett platt. Alle Partitionen der internen Festplatte im Windows-Setup löschen und neu anlegen und formatieren. Verwende keine ausführbaren Dateien mehr, die von diesem infizierten PC verarbeitet wurden!! Nimm das als Leitfaden => http://www.trojaner-board.de/51262-a...sicherung.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2010, 12:10
| #11 |
| | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr oh neeeee ^^ ... darauf habe ich echt keine lust xD ... |
|
14.05.2010, 12:22
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr Geht aber nicht nach Lust 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2010, 12:25
| #13 |
| | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr hab da echt kein bock dazu momentan. Mache es irgendwann momentan ist so schön alles eingerichtet, eingestellt .... .. Die ab und zu weiterleiungen stören nicht so... |
|
14.05.2010, 12:54
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr Tja die stören vllt nicht. Aber dass Deine Passwörter ausgespäht werden können? Dein Rechner in einem Botnetz werkelt und fleißig Spam verteilt? Ist alles möglich. Aber vllt wird ja auch Dein Internetanschluss gesperrt, wenn Du Dir zu lange Zeit lässt 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Google suchanfragen werden weitergeleitet usb sticks gehen nicht mehr |
| 0 bytes, adobe, bho, browser, canon, cdburnerxp, desktop, exe, exe datei, exe datein, firefox, frage, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, hängen, internet, internet explorer, local\temp, menu.exe, mozilla, nvidia, pdf-datei, plug-in, realtek, rundll, seiten, senden, software, stick, system, usb, virus, windows, wuaucld |
Linear-Darstellung
