Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows XP startet nicht komplett (https://www.trojaner-board.de/124854-windows-xp-startet-komplett.html)

tom_curitiba 29.09.2012 11:58
Windows XP startet nicht komplett
 
Hallo,

seit ein paar Tage mein PC startet nicht mehr.

ich habe eine schwarze Bildschirm bekommen und dann ist Windows wieder da aber "gefroren".

ich weiss nicht ob es ein Virus ist weil ich nichts machen kann, ich kann nicht mein Abtivirus starten, beim neu starten komme ich bis Desktop aber da kann ich das Maus nicht bewegen und kein Knop drucken.

bitte um hilfe :)

Thomas

Chris4You 29.09.2012 13:17
Hallo,

kommst Du in den abgesicherten Modus (F8 beim Booten drücken)?

Sonst schauen wir mal von aussen auf den Rechner:
System mit OTL-PE scannen
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
  • Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
  • Starte das unbootbare System neu und boote von der CD, die Du gerade erstellt hast.
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.


http://image.hijackthis.de/upload/hjt1-034.jpg
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt gesichert und mit Notepad++ geöffnet.
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt in diesen Thread.

chris

tom_curitiba 29.09.2012 14:01
Hi Chris,

erst mal danke für deine Unterstützung :)

also, ja, ich habe mit F8 probiert und bekomme ich ein auswahl:
- Removable
- Harddisk
- CD Rom

ich soll auf Harddisk oder?

Gruß

Thomas

Chris4You 01.10.2012 06:51
Hi,

ja...
Falls das nicht geht, von CD mit der OTLPE-CD starten...

chris

tom_curitiba 03.10.2012 12:46
Hey Chris,

du hattest recht, es hat nicht funktioniert, dann habe ich mit OldTimer gemacht

der Ergebnis habe ich unten kopiert, extras.txt gab es leider nicht, nur diese hier,
danke

Tom

OTL Logfile:
Code:
OTL logfile created on: 10/3/2012 2:30:55 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,022.00 Mb Total Physical Memory | 804.00 Mb Available Physical Memory | 79.00% Memory free
906.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 271.72 Gb Total Space | 216.49 Gb Free Space | 79.67% Space Free | Partition Type: NTFS
Drive D: | 26.34 Gb Total Space | 17.81 Gb Free Space | 67.62% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (avast! Firewall)
SRV - [2012/09/21 13:37:18 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/15 15:22:06 | 000,077,944 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/09/15 07:08:51 | 004,537,664 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/09/07 17:26:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/29 17:02:14 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/29 07:06:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/26 13:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/02 11:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/04 18:32:58 | 000,122,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AAV\aavus.exe -- (AAV UpdateService)
SRV - [2007/02/08 22:14:26 | 000,299,093 | ---- | M] () [Auto] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007/02/08 22:14:26 | 000,127,059 | ---- | M] () [Auto] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (USBModem)
DRV - File not found [Kernel | On_Demand] --  -- (UsbDiag)
DRV - File not found [Kernel | On_Demand] --  -- (usbbus)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/11/28 13:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 13:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 13:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 13:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 13:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 13:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/11/22 13:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/10 09:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/10 02:16:24 | 001,105,664 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/10/09 05:50:22 | 004,381,696 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/09/28 17:41:00 | 000,247,808 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
DRV - [2006/06/08 13:49:00 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.search.yahoo.com/ [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=00549346000000000000001a2a281c50&tlver=1.4.19.19&affID=17160
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\Michael_Salow_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKU\Michael_Salow_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.search.yahoo.com/ [binary data]
IE - HKU\Michael_Salow_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://in.search.yahoo.com
IE - HKU\Michael_Salow_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Michael_Salow_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Michael_Salow_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Michael_Salow_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/
IE - HKU\Michael_Salow_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\Michael_Salow_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\Michael_Salow_ON_C\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKU\Michael_Salow_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_Salow_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/06 17:47:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 17:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 17:26:19 | 000,000,000 | ---D | M]
 
[2012/09/07 17:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 17:26:15 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
[2012/09/07 17:26:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/30 03:42:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/06/22 10:25:06 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/31 03:42:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/30 03:42:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/30 03:42:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/09 20:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/07/30 03:42:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/30 03:42:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange 4 Pro\PDF-XChange PDF Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\Michael_Salow_ON_C..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Michael Salow\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\Michael_Salow_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Michael_Salow_ON_C..\Run: [EPSON BX310FN Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFHE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Michael_Salow_ON_C..\Run: [LGMobileSyncLauncher]  File not found
O4 - HKU\Michael_Salow_ON_C..\Run: [RegistryBooster]  File not found
O4 - HKU\Michael_Salow_ON_C..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\Michael_Salow_ON_C..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\Michael_Salow_ON_C..\RunOnce: [.IMinentUpdate]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PDF-XChange Capture.lnk =  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Michael_Salow_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/16 16:57:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/15 15:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\AnswerWorks 4.0
[2012/09/15 15:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Salow\Application Data\Autodesk
[2012/09/15 15:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Salow\Local Settings\Application Data\Autodesk
[2012/09/15 15:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/09/15 15:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2007
[2012/09/15 15:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2012/09/15 15:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012/09/15 15:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/09/15 15:14:34 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2012/09/07 17:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/03 15:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Salow\Application Data\IrfanView
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Michael Salow\Desktop\*.tmp files -> C:\Documents and Settings\Michael Salow\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/30 06:26:17 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/09/30 06:23:32 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{16F84893-9B28-41D4-9D10-13ABE669D8FF}.job
[2012/09/30 06:22:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/30 06:11:42 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/30 06:06:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/24 06:44:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/24 06:03:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/23 05:49:40 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Michael Salow\Desktop\Microsoft Office Word 2003.lnk
[2012/09/21 13:37:17 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/21 13:37:17 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/16 03:46:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/16 03:46:11 | 001,618,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/15 18:31:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/15 15:21:37 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2012/09/15 15:21:37 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2007.lnk
[2012/09/15 15:21:37 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/09/15 15:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2012/09/15 15:16:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/09/15 15:15:13 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk DWF Viewer.lnk
[2012/09/15 15:11:36 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\Michael Salow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Michael Salow\Desktop\*.tmp files -> C:\Documents and Settings\Michael Salow\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/15 15:21:37 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2012/09/15 15:21:37 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2007.lnk
[2012/09/15 15:15:13 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk DWF Viewer.lnk
[2012/09/07 14:14:30 | 000,024,276 | ---- | C] () -- C:\revue.ttf
[2012/09/07 14:14:13 | 000,050,400 | ---- | C] () -- C:\packcn.ttf
[2012/09/07 14:10:30 | 000,139,056 | ---- | C] () -- C:\arialnb.ttf
[2012/07/30 05:36:56 | 000,036,548 | ---- | C] () -- C:\Program Files\swiss-721-bt-70631.ttf
[2012/07/29 08:57:06 | 000,035,596 | ---- | C] () -- C:\Program Files\swiss-721-black-bt.ttf
[2012/07/29 08:47:56 | 000,036,852 | ---- | C] () -- C:\Program Files\swiss-721-bold-bt-70711.ttf
[2012/07/28 05:56:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/06 10:37:34 | 000,008,628 | -H-- | C] () -- C:\Documents and Settings\Michael Salow\Hdbger.GID
[2010/07/27 10:25:00 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2010/07/27 10:22:18 | 000,042,483 | ---- | C] () -- C:\WINDOWS\Icccodes.dat
[2010/07/27 10:22:18 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2010/07/27 10:22:18 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2010/07/27 10:22:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/11/17 12:48:51 | 000,162,816 | ---- | C] () -- C:\Documents and Settings\Michael Salow\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/29 15:20:03 | 000,000,074 | ---- | C] () -- C:\WINDOWS\tm.ini
[2008/09/18 19:39:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/05 17:45:45 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Michael Salow\Application Data\Default.PLS
[2008/08/16 16:21:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
[2008/08/16 16:21:18 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2008/08/16 16:21:18 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2008/08/16 16:04:40 | 000,008,628 | -H-- | C] () -- C:\Documents and Settings\Michael Salow\HDBFRA.GID
[2008/07/24 03:02:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/07/22 18:11:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\00YVSxPK.exe.a_a
[2008/07/22 17:58:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/17 01:06:02 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/16 19:34:05 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/07/16 19:34:05 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2008/07/16 19:34:05 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2008/07/16 19:10:56 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008/07/16 19:10:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/07/16 18:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\p8q7o47M.exe.a_a
[2008/07/16 18:04:26 | 000,455,680 | ---- | C] () -- C:\WINDOWS\System32\DCDIR32.DLL
[2008/07/16 18:04:26 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\mbrtf3v.dll
[2008/07/16 18:04:26 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mbBem3v.dll
[2008/07/16 18:04:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\mbInet3v.dll
[2008/07/16 18:04:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Mbpmfe3v.dll
[2008/07/16 18:04:26 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\MB_WORD8.EXE
[2008/07/16 18:04:26 | 000,017,836 | ---- | C] () -- C:\WINDOWS\System32\MB_WORD6.DLL
[2008/07/16 18:04:26 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\MB_WORD7.DLL
[2008/07/16 17:58:09 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe
[2008/07/16 17:53:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/16 17:40:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/07/16 17:37:35 | 000,117,647 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/07/16 17:10:28 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/16 16:59:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/16 16:54:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/16 09:41:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/16 09:40:22 | 001,618,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/05 10:25:27 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,436,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 06:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
 
========== LOP Check ==========
 
[2012/07/23 21:02:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2012/09/15 15:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\Autodesk
[2011/01/28 13:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\BabylonToolbar
[2009/10/09 15:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\becker
[2011/06/06 08:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\DVDVideoSoftIEHelpers
[2012/08/31 04:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\elsterformular
[2011/07/26 06:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\FreeVideoConverter
[2011/09/12 16:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\Image Zone Express
[2012/09/03 15:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\IrfanView
[2009/12/07 04:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\LG Electronics
[2009/10/09 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\mybecker.com
[2011/05/17 18:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\OpenCandy
[2011/04/07 07:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\PriceGong
[2012/07/31 05:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\Search Settings
[2008/07/16 19:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\Sonavis
[2008/11/04 12:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\TVG
[2010/11/25 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\Uniblue
[2012/07/06 11:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\uTorrent
[2012/07/28 05:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\wtxpcom
[2011/02/02 09:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Salow\Application Data\YouTube Downloader
[2010/08/11 00:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AAV
[2010/09/19 20:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/09/15 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/08/31 04:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular
[2012/03/17 17:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/17 18:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2011/06/06 07:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMinent
[2009/12/26 09:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/07/29 06:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/09/30 06:23:32 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{16F84893-9B28-41D4-9D10-13ABE669D8FF}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

Chris4You 04.10.2012 06:57
Hi,

was richtiges ist nicht zu finden...
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O4 - HKLM..\Run: []  File not found
HKU\Michael_Salow_ON_C..\RunOnce: [.IMinentUpdate]  File not found


:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Windowsreparatur durchführen:
(Supportnet Tipp: Windows XP Reparaturinstallation. Wie gehts? und anschließend und in der Konsole fixmbr durchführen (Beschreibung der Windows XP-Wiederherstellungskonsole für fortgeschrittene Benutzer).

chris

chris

tom_curitiba 04.10.2012 12:37
Hi Chris,
ich habe den txt file gefunden
unten C:\_OTL\MovedFiles

mache ich jetzt die Windows reparatur

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 3613713 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58041836 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 210321243 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 261.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 10042012_135740

Chris4You 04.10.2012 14:52
Hi,

ok...

chris

tom_curitiba 05.10.2012 22:19
Chris,

ich habe zufällig Windows gestartet und es funktionniert wieder!

ich hatte die Windows reparatur noch nicht gemacht, ich glaube das dein Script mit Oldtimer hat das fixiert.

ich werde morgen mit dem PC ein paar Sachen testen zum gucken ob alles ok ist.

Danke dir,

Thomas

Hi,

so, nach dem heutigen Test, funtkionniert doch wieder nicht, genau so wie am Anfang, ich verstehe nicht warum aber es ist so.

ich habe dann doch die Windows Reparatur gemacht, es hat alles gut geklappt bis zu am Ende, als Windows gestartet ist, war die ganze Zeit "wird gestartet" geschrieben aber nach 2 Stunde war der noch so, dann habe ich doch 1 neue Start gemacht.

ich habe versucht ein Fixmbr zu machen aber dann sagt er mir "This computer appears to have a non-standard or invalid master boot record.
FIXMBR may damage your partition tables if you proceed."
ich muß dazu sagen daß der hat mir nach mein Admin. Passwor gefragt und ich wußte nicht dann habe ich das überholt.

Gruß

Thomas


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19