:hallo: Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin). - Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
- Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen". - Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Code:
:Processes
killallprocesses
:OTL
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (Norman NJeeves) -- C:\Program Files\Norman\Npm\bin\NJEEVES.EXE ()
DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (uywlhxa) -- System32\drivers\kuck.sys File not found
DRV - (tcpipBM) -- File not found
DRV - (Pcouffin) -- System32\Drivers\Pcouffin.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (a6dnykoz) -- File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deAT344
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.startup.homepage: "http://www.google.at/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Matthias\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Matthias\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\ngbunwiv.default\extensions\firejump@firejump.net [2012.04.27 11:56:58 | 000,000,000 | ---D | M]
[2012.02.18 07:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Extensions
[2009.07.28 08:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\extensions
[2009.07.28 08:41:40 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012.07.25 13:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\ngbunwiv.default\extensions
[2012.04.27 11:56:58 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\ngbunwiv.default\extensions\firejump@firejump.net
[2012.06.25 13:12:48 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NGBUNWIV.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.02.23 22:26:56 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NGBUNWIV.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.05.06 12:12:29 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NGBUNWIV.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKCU..\Run: [SyncCenter] C:\Users\Matthias\AppData\Local\Microsoft\Windows\671\SyncCenter.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{00d1f494-c043-11dd-a81b-001d92a3c648}\Shell - "" = AutoRun
O33 - MountPoints2\{00d1f494-c043-11dd-a81b-001d92a3c648}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{3a2fae08-7aae-11dd-9195-001d92a3c648}\Shell - "" = AutoRun
O33 - MountPoints2\{3a2fae08-7aae-11dd-9195-001d92a3c648}\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\{975a45bd-1229-11de-b247-001d92a3c648}\Shell - "" = AutoRun
O33 - MountPoints2\{975a45bd-1229-11de-b247-001d92a3c648}\Shell\AutoRun\command - "" = M:\setup.exe AUTORUN=1
O33 - MountPoints2\{a5172b3a-cfab-11df-b708-001d92a3c648}\Shell - "" = AutoRun
O33 - MountPoints2\{a5172b3a-cfab-11df-b708-001d92a3c648}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{faef341b-cfad-11df-8475-001d92a3c648}\Shell - "" = AutoRun
O33 - MountPoints2\{faef341b-cfad-11df-8475-001d92a3c648}\Shell\AutoRun\command - "" = N:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
[2012.07.26 10:21:44 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\hellomoto
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\youtube_video_info.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Warhammer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Unbenannt.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\twinpeaks_deputy.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\telering.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Rechnung_WattaWatta.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\pro_zyl_01.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Portrait.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\plasOUTE.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\planfledermaus.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Mondkalender_2011.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\khanda_sikhismus.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Goetzendorf.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Games for Windows - LIVE Demos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Dr.Hanomag´s+Zweiter+Frühling+29.5.2010.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Desktop_Sep_2010.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Desktop_Nov_2010.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Desktop_Nov_2009.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Desktop_Mar_2010.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\DeadSpace_02.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\DeadSpace.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\cheats_bioshock_002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\cheats_bioshock_001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Brockhaus_and_Efron_Encyclopedic_Dictionary_022.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Battlenet.jpg:Roxio EMC Stream
@Alternate Data Stream - 24 bytes -> C:\Windows:D097343447B82685
[2012.07.11 17:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Garena Plus
[2012.07.26 13:29:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.26 13:29:20 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 13:29:20 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 10:23:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.26 10:01:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
:Files
C:\Users\Matthias\AppData\Local\Microsoft\Windows\671
C:\autoexec.bat -- [ NTFS ]
M:\autorun.inf -- [ CDFS ]
M:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M]
L:\autorun.exe
E:\Temp\
C:\Users\Matthias\AppData\Local\{7FBD07F9-894F-426C-B14D-CC8CEB62798A}
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[emptyjava] - Schließe alle Programme.
- Klicke auf den Fix Button.
- Wenn OTL einen Neustart verlangt, bitte zulassen.
- Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\ Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |