Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Kazy.mekml.1, Festplatte beschädigt, Dateien nicht sichtbar (https://www.trojaner-board.de/98444-tr-kazy-mekml-1-festplatte-beschaedigt-dateien-sichtbar.html)

hlyn 28.04.2011 21:18
TR/Kazy.mekml.1, Festplatte beschädigt, Dateien nicht sichtbar
 
Hallo,

auch hier nochmal eines der bekannten Probleme, die bereits oft genug gepostet wurden. Wollte aber nicht den Anweisungen anderer nach gehen, bevor ich selbst mein Problem mit euch schildere.
Und zwar sieht es bei mir folgendermaßen aus:
die infizierte Platte (G) habe ich ausgebaut und an einen anderen Rechner extern dran gemacht. Denn auf dem infizierten Rechner kann ich nun mal heruntergeladene Dateien/Programme nicht ausführen, da sie direkt wieder verschwinden. Oder muss ich die Platte wieder einbauen und es am infizierten Rechner durchführen?
Habe nun soweit den Anweisungen gefolgt und die Dateien mit angehängt.
Ich hoffe, ihr könnt auch mir dabei helfen.. :daumenhoc

Liebe Grüße




Edit:

Habe zwischenzeitlich unhide.exe ausgeführt.. Die Daten auf der Festplatte G sind wieder daaaa :)
Aber dennoch warte ich lieber auf eine Antwort von Euch, bevor ich die Festplatte wieder einbaue... Zumal ich nicht weis, ob ich vorher erstmal formatieren soll oder nicht? danke jetzt schonmal!!
Bis dahin..

markusg 29.04.2011 09:19
wir brauchen schon das log der eingebauten festplatte, bzw des gestartetem betriebssystem, sonst wird das nix :-)
wir können aber natürlich auch formatieren, vorher daten sichern, und dann windows neu instalieren und das system dann gleich mal vernünftig absichern, wie du willst.

hlyn 29.04.2011 17:45
hmm.. womit soll ich denn nun weitermachen bzw anfangen?
Ich habe seitdem die Festplatte im ursprünglichen Betriebssystem nicht wieder eingebaut.. weis also noch nicht, ob da die Fehlermeldungen weiterhin vorhanden sind..

Am besten einbauen, und dabei nochmal die Logfiles posten (also otl drüber laufen lassen)?

Liebe Grüße

markusg 29.04.2011 17:48
naja kommt drauf an, willst du formatieren dann sichere die daten bau die platte ein formatiere sie und wir sichern ab.
wenn nicht bau die platte ein starte den pc starte otl poste die logs

hlyn 29.04.2011 18:18
So die Festplatte ist wieder im ursprünglichen Betriebssystem ( Und hier die dazu gehörigen Logfiles (Anhang nicht möglich, da ich nicht speichern kann, da sie wieder direkt verschwinden........)



extras.txtOTL Logfile:
Code:
OTL Extras logfile created on: 29.04.2011 19:04:54 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\serkan nalci\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,88 Gb Total Space | 57,84 Gb Free Space | 25,38% Space Free | Partition Type: NTFS
Drive D: | 227,88 Gb Total Space | 226,03 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 464,63 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: SERKANNALCI-PC | User Name: serkan nalci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCD71FE-F3AC-40FA-8E0C-EE61A4F63397}" = rport=138 | protocol=17 | dir=out | app=system |
"{7EC137EA-5D3E-442C-831D-187F64C2A3EA}" = lport=137 | protocol=17 | dir=in | app=system |
"{85A39D08-E1FC-47A8-BC41-DECD67DE1BE8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8616884B-0843-449A-9DD2-5ED0FCE2FEC3}" = lport=138 | protocol=17 | dir=in | app=system |
"{939DF302-991C-463F-8EC5-294D4174D50B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9A6715B4-08AA-4A11-BF3A-4300502B5869}" = lport=139 | protocol=6 | dir=in | app=system |
"{B09321B9-D33A-4711-98C6-8F7DBDB15887}" = rport=445 | protocol=6 | dir=out | app=system |
"{D70C0558-1AF0-421F-9F3A-A53DA08F805A}" = rport=139 | protocol=6 | dir=out | app=system |
"{FB117BF3-7DEC-494C-87BF-8EF163162F01}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB822B71-A7D5-405D-A5BA-FCE30A688E83}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0514B0D2-D4A3-499F-9242-0567B9A7B387}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{12184E5A-9CE2-4B47-95F3-2A883A973399}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{30725DB0-FE78-43B2-8FD1-45C1599AB623}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{379EC35C-E9AE-4E04-9C29-8B26F5F447C0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{413177E8-B7A4-4CFB-AA21-5A7509C23B73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{449624C0-B221-4970-955C-3D36E9B3DF7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{455A26F0-C6B0-46EF-82ED-33468C2FB9C7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{4C90256D-1E73-4A61-BCAF-1652CB7017E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E51F3FB-AE11-418C-BE6A-E7AEFD1EF8FA}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6B5B5D0D-5158-4D0E-AECD-03E776BC63D1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{79702D57-65B3-4817-BEE2-382B97F661FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8737DBFA-FFA7-4D38-9D17-1590EC698208}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8CA6601C-33CE-4A22-9AF1-08157047FC83}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A0C311F6-01FE-46EE-BBBB-A31546E2C522}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B8039D18-5646-4084-9A58-7F7FC4DED478}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC3D4632-0058-4489-A7E2-05D654ED0601}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DBC71D6E-5325-45CF-8F72-EA52CE052DCC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{EBC46456-2A28-419C-A6E9-527D2337EBB3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA1EEE9D-FB5B-4E93-8C97-A9C7CA94E4C6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{18BF4585-C4E4-4EB4-88B1-7979106DBE55}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2B35D7BB-ECCC-4AED-9AD9-79F083CA33A4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{32BAF229-9738-4EEF-8040-A2A8557F0ED8}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{75AD3248-79FF-4EE3-A6C1-6B4095BC640C}C:\program files\applejuice\gui\ajcoregui.exe" = protocol=6 | dir=in | app=c:\program files\applejuice\gui\ajcoregui.exe |
"TCP Query User{7B2A7823-9D2E-49F3-9479-FE73DF10872A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{D4CD5ADC-FCB5-4DFD-9B66-DBF311F872E1}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{D540E0C3-E52E-481A-B933-8DF3882EFCE7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{D5707129-06C8-4924-B2F7-256BC8EA08E1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E34AA01C-8C6B-4B7B-9C71-810E63C87829}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{03C0ACDE-8BCE-4890-9EB1-0C84F9ADA228}C:\program files\applejuice\gui\ajcoregui.exe" = protocol=17 | dir=in | app=c:\program files\applejuice\gui\ajcoregui.exe |
"UDP Query User{0DFCD0F1-7C3A-4D8C-8B31-47664C21C036}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{282F71E6-7D3E-46EA-B74C-F2102DD64184}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{455801B4-69C8-417F-8158-1574DBCC84AA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{479774D8-52E5-4C7C-A03C-CECD80602E4E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{9570CF31-EE2E-4C7F-9164-0BFC167465AB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C40D8BB7-A0E3-42F4-964D-F7D75A59F1CD}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{EF24C5D9-3CC7-4866-93A4-32B95BB334B4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{F1FB5C7A-810E-4EFC-9183-152BF87FFB64}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Acer Bio Protection 6.0.00.13" = Acer Bio Protection

AAA 6.0.00.13
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR
"Xilisoft iPhone Ringtone Maker" = Xilisoft iPhone Klingelton Maker
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.06.2010 02:25:36 | Computer Name = serkannalci-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.06.2010 03:28:24 | Computer Name = serkannalci-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.06.2010 03:28:30 | Computer Name = serkannalci-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.06.2010 03:28:30 | Computer Name = serkannalci-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.06.2010 12:11:06 | Computer Name = serkannalci-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.06.2010 12:11:11 | Computer Name = serkannalci-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.06.2010 12:11:11 | Computer Name = serkannalci-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.06.2010 14:26:59 | Computer Name = serkannalci-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.06.2010 14:27:05 | Computer Name = serkannalci-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.06.2010 14:27:05 | Computer Name = serkannalci-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 28.04.2011 12:36:23 | Computer Name = serkannalci-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 28.04.2011 12:36:23 | Computer Name = serkannalci-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 28.04.2011 12:36:23 | Computer Name = serkannalci-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 28.04.2011 12:38:34 | Computer Name = serkannalci-PC | Source = HTTP | ID = 15016
Description =
 
Error - 28.04.2011 12:39:01 | Computer Name = serkannalci-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.36  registriert werden. Der Computer mit IP-Adresse 192.168.1.34
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 28.04.2011 12:43:23 | Computer Name = serkannalci-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 28.04.2011 13:44:18 | Computer Name = serkannalci-PC | Source = HTTP | ID = 15016
Description =
 
Error - 28.04.2011 13:49:09 | Computer Name = serkannalci-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 29.04.2011 12:59:16 | Computer Name = serkannalci-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.04.2011 13:04:07 | Computer Name = serkannalci-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >
--- --- ---



OTL Logfile:
Code:
OTL logfile created on: 29.04.2011 19:04:54 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\serkan nalci\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,88 Gb Total Space | 57,84 Gb Free Space | 25,38% Space Free | Partition Type: NTFS
Drive D: | 227,88 Gb Total Space | 226,03 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 464,63 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: SERKANNALCI-PC | User Name: serkan nalci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\serkan nalci\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\scIeDgaoTLYN.exe (WinTrust)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\SERKAN~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\serkan nalci\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (IGBASVC) -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: ""
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.25 00:13:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.25 00:13:27 | 000,000,000 | ---D | M]
 
[2009.01.24 21:03:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\serkan nalci\AppData\Roaming\mozilla\Extensions
[2011.04.28 17:54:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\serkan nalci\AppData\Roaming\mozilla\Firefox\Profiles\3w738aoc.default\extensions
[2009.09.02 17:16:11 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\serkan nalci\AppData\Roaming\mozilla\Firefox\Profiles\3w738aoc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.13 15:19:59 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\serkan nalci\AppData\Roaming\mozilla\Firefox\Profiles\3w738aoc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.06.11 11:16:44 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\serkan nalci\AppData\Roaming\mozilla\Firefox\Profiles\3w738aoc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.08.22 18:51:26 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\serkan nalci\AppData\Roaming\mozilla\Firefox\Profiles\3w738aoc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.23 15:59:35 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\serkan nalci\AppData\Roaming\mozilla\Firefox\Profiles\3w738aoc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.02.21 17:26:19 | 000,000,681 | -H-- | M] () -- C:\Users\serkan nalci\AppData\Roaming\Mozilla\Firefox\Profiles\3w738aoc.default\searchplugins\ask.xml
[2009.10.11 11:39:19 | 000,002,236 | -H-- | M] () -- C:\Users\serkan nalci\AppData\Roaming\Mozilla\Firefox\Profiles\3w738aoc.default\searchplugins\askcom.xml
[2010.08.22 23:20:09 | 000,000,873 | -H-- | M] () -- C:\Users\serkan nalci\AppData\Roaming\Mozilla\Firefox\Profiles\3w738aoc.default\searchplugins\conduit.xml
[2010.10.23 16:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.14 01:30:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.14 01:30:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.14 01:30:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.14 01:30:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.14 01:30:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [{41F57B94-D02C-7315-6F24-A8AAC92DA31B}]  File not found
O4 - HKCU..\Run: [{5C9A0F75-065A-7EF9-B7FC-377A7825ECBF}]  File not found
O4 - HKCU..\Run: [scIeDgaoTLYN] C:\ProgramData\scIeDgaoTLYN.exe (WinTrust)
O4 - Startup: C:\Users\serkan nalci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk =  File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\serkan nalci\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3748feee-d51b-11df-beed-00238b367c84}\Shell - "" = AutoRun
O33 - MountPoints2\{3748feee-d51b-11df-beed-00238b367c84}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3748feef-d51b-11df-beed-00238b367c84}\Shell - "" = AutoRun
O33 - MountPoints2\{3748feef-d51b-11df-beed-00238b367c84}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3748ff10-d51b-11df-beed-00238b367c84}\Shell - "" = AutoRun
O33 - MountPoints2\{3748ff10-d51b-11df-beed-00238b367c84}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{80f41841-583c-11de-869f-00238b367c84}\Shell - "" = AutoRun
O33 - MountPoints2\{80f41841-583c-11de-869f-00238b367c84}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{8f893715-d537-11df-9bfc-00238b367c84}\Shell - "" = AutoRun
O33 - MountPoints2\{8f893715-d537-11df-9bfc-00238b367c84}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ae8a5828-019e-11de-bdce-002269e32794}\Shell\Auto\command - "" = activexdebugger32.exe f
O33 - MountPoints2\{ae8a5828-019e-11de-bdce-002269e32794}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe e
O33 - MountPoints2\{ae8a5828-019e-11de-bdce-002269e32794}\Shell\explore\Command - "" = activexdebugger32.exe f
O33 - MountPoints2\{ae8a5828-019e-11de-bdce-002269e32794}\Shell\open\Command - "" = activexdebugger32.exe f
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.29 19:04:13 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\serkan nalci\Desktop\OTL.exe
[2011.04.27 11:44:21 | 000,573,440 | -H-- | C] (WinTrust) -- C:\ProgramData\scIeDgaoTLYN.exe
[2011.04.15 07:42:31 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 07:42:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 07:42:20 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 07:42:19 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 07:42:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 07:42:08 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 07:42:07 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.15 07:42:06 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.15 07:42:06 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 07:42:06 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 07:42:06 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 07:42:06 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.15 07:42:06 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 07:42:06 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 07:42:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.15 07:41:58 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 07:41:56 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 07:41:56 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2008.07.22 10:01:25 | 000,049,152 | -H-- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.29 19:06:57 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.29 19:06:57 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.29 19:06:57 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.29 19:06:57 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.29 19:04:15 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\serkan nalci\Desktop\OTL.exe
[2011.04.29 18:59:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.29 18:59:19 | 000,084,096 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.29 18:59:17 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 18:59:17 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 18:59:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.29 18:59:00 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.28 20:28:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.27 11:44:20 | 000,573,440 | -H-- | M] (WinTrust) -- C:\ProgramData\scIeDgaoTLYN.exe
[2011.04.25 14:47:26 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011.04.17 19:43:09 | 000,220,160 | -H-- | M] () -- C:\Users\serkan nalci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.16 11:11:24 | 000,298,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.28 18:38:17 | 3215,839,232 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.17 20:58:04 | 000,000,020 | -H-- | C] () -- C:\Users\serkan nalci\AppData\Roaming\bawuho.dat
[2010.08.17 20:58:02 | 000,000,004 | -H-- | C] () -- C:\Users\serkan nalci\AppData\Roaming\avdrn.dat
[2010.04.24 21:21:30 | 000,001,287 | -H-- | C] () -- C:\Windows\wininit.ini
[2009.11.29 19:02:13 | 000,094,152 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.10.24 21:21:25 | 000,027,648 | -H-- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.01 18:29:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.30 14:56:30 | 000,000,000 | -H-- | C] () -- C:\Users\serkan nalci\AppData\Roaming\wklnhst.dat
[2009.01.25 12:34:05 | 000,220,160 | -H-- | C] () -- C:\Users\serkan nalci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.24 21:03:39 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.01.23 18:04:48 | 000,084,096 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.01.23 18:04:34 | 000,084,096 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.19 16:01:16 | 001,548,099 | -H-- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.11.19 15:55:23 | 000,626,688 | -H-- | C] () -- C:\Windows\Image.dll
[2008.11.19 15:55:23 | 000,200,704 | -H-- | C] () -- C:\Windows\PLFSetI.exe
[2008.11.19 15:55:23 | 000,000,036 | -H-- | C] () -- C:\Windows\PidList.ini
[2008.11.19 15:24:52 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.19 15:24:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.19 14:55:40 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.04.18 20:25:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.18 11:49:14 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.04.18 11:49:14 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.18 10:56:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.04.18 10:52:45 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.04.18 10:42:52 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.04.18 10:42:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.04.18 10:42:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.04.18 10:42:52 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 09:15:58 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,298,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E

< End of report >
--- --- ---

markusg 29.04.2011 18:21
naja
1. warscheinlich bist du selbst schuld an der infektion, system hat kaum updates gesehen.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKCU..\Run: [scIeDgaoTLYN] C:\ProgramData\scIeDgaoTLYN.exe (WinTrust)
:Files
C:\ProgramData\scIeDgaoTLYN.exe

:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

hlyn 29.04.2011 18:36
erledigt. Danke vieeeelmals!!!!!!
Schön, dass es euch gibt :daumenhoc



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\scIeDgaoTLYN deleted successfully.
C:\ProgramData\scIeDgaoTLYN.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\scIeDgaoTLYN.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: serkan nalci
->Flash cache emptied: 81938 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: serkan nalci
->Temp folder emptied: 86931787 bytes
->Temporary Internet Files folder emptied: 384515703 bytes
->Java cache emptied: 28691727 bytes
->FireFox cache emptied: 124353840 bytes
->Apple Safari cache emptied: 2213888 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1418806 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84349924 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 7822194 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 322 bytes
RecycleBin emptied: 166811239 bytes

Total Files Cleaned = 846,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04292011_192406

Files\Folders moved on Reboot...
C:\Users\serkan nalci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KLRB5HYE\selection[2].htm moved successfully.
C:\Users\serkan nalci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FP3N5O2J\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten[1].htm moved successfully.
C:\Users\serkan nalci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FP3N5O2J\98444-tr-kazy-mekml-1-festplatte-beschaedigt-dateien-nicht-sichtbar[1].htm moved successfully.
C:\Users\serkan nalci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FP3N5O2J\ads[11].htm moved successfully.
File move failed. C:\Users\serkan nalci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CCRXLF13\78CAPBD7N1CA1FI61ZCAP099MWCAD0P8S4CAKHPWPQCA9ZQUS1CAJIKXXUCAZGJKHPCAPJ01UGCARZ9E25CALHEFZACA4PMPM8CA0RNIKDCA4B959CCAAZ8 B5XCA476ZF7CA2AWBDHCAY5N12T.htm scheduled to be moved on reboot.
C:\Users\serkan nalci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CCRXLF13\ads[3].htm moved successfully.
C:\Users\serkan nalci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CCRXLF13\ads[5].htm moved successfully.
C:\Users\serkan nalci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9RHT5WMP\ads[10].htm moved successfully.
C:\Users\serkan nalci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Windows\temp\TMP000000572E1CDFAD8C562A81 moved successfully.
C:\Windows\temp\TMP0000005BE3234636C88A2835 moved successfully.

Registry entries deleted on Reboot...

markusg 29.04.2011 18:50
unhide, dann upload.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19