Weisser Bildschim bitte warten auf Verbindung

**john.doe** · 14.04.2012, 22:29

Die Extras.txt von OTL fehlt noch.
Kuller bei Extra-Registrierung auf Benutze SafeList setzen.

ciao, andreas

**jonny666111** · 15.04.2012, 13:40

Hier nochmal die neuen Log-files...

Extras.Txt

OTL.Txt

Gruß Jonny

**john.doe** · 15.04.2012, 15:14

1.) OTL gehoert auf den Desktop und nur dorthin.

2.) Deinstalliere:

Java(TM) 6 Update 22
Registry Mechanic 10.0

3.) Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Csl-Computer.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Csl-Computer.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Csl-Computer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Csl-Computer.com
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 80 A3 A2 01 38 02 A2 01 02 00 02 00 F4 01 0F 00 90 A3 A2 01 28 02 A2 01 02 00 02 00 EA 01 0C 00 A0 A3 A2 01 18 02 A2 01 02 00 02 00 E8 01 0C 00 00 00 00 00  [binary data]
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3031778&SearchSource=3&q={searchTerms}"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.04.14 21:41:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O4 - HKLM..\Run: []  File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233133477390 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O20 - HKU\S-1-5-21-1390067357-73586283-1417001333-1004 Winlogon: Shell - (c:\dokumente und einstellungen\nadja\anwendungsdaten\hw56suzj11.exe) -  File not found
O33 - MountPoints2\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\Shell - "" = AutoRun
O33 - MountPoints2\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\Shell\AutoRun\command - "" = E:\UploadtoYouTube.exe
[2012.04.14 21:39:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
@Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0CE7F3C9
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" =-
"2869:TCP" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Cyanide\GameCenter\GameCenter.exe" =-
"C:\Programme\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe" =-
"C:\Programme\Landwirtschafts Simulator 2011\game.exe" =-
"C:\Programme\FireFly Studios\Stronghold 2\Stronghold2.exe" =-
"C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe" =-
"C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" =-
"C:\Programme\FireFly Studios\Stronghold Legends\StrongholdLegends.exe" =-

:Files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\System32\perf????.dat


:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

4.) Wir koennten noch einige Programme aus dem Autostart rauswerfen und dadurch den Rechner schneller hochfahren lassen. Bleibt aber dir ueberlassen.

5.) Wie geht es dem Rechner? Gibt es noch irgendwelche Auffaelligkeiten oder Probleme?

6.) Start => Ausfuehren => diskmgmt.msc (eintippeln) => Mausklick rechts auf Laufwerk C: => Eigenschaften => Karte: Extras => Jetzt pruefen => Beide Haken setzen => Starten => OK => Rechner neustarten (der naechste Start wird etwas laenger dauern).

7.) Nie wieder etwas von Softtonic laden!

ciao, andreas

**jonny666111** · 15.04.2012, 21:27

Hallo,

hab das fixen versucht... allerfings ist der Rechner dann soforrt eingefroren. Blieb komplett (UHR lief auch nicht mehr weiter ) stehen.
Ich habe das ganze ne Stunde stehen lassen aber auch dann hat sich nichts verändert.

Hab ich was falsch gemacht. bei otl stand "Killing... do not interrupt"

Welche Autostartprogs wären denn noch abzuschalten, ist nicht mein Rechner daher kann ich es nicht selbst entscheiden...

Ist Softonic so "gefährlich oder unsicher"??

Dank und Gruß Jonny

**john.doe** · 15.04.2012, 21:48

Ist Softonic so "gefährlich oder unsicher"??

Die verkaufen Programme, die eigentlich frei erhältich sind. Dazu drehen sie dir auch noch haufenweise Adware an. Warum sollen sie sich auch nur dumm verdienen, besser sie verdienen sich dumm und daemlich.

Versuche es mit diesem Skript:

Code:

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Csl-Computer.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Csl-Computer.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Csl-Computer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Csl-Computer.com
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 80 A3 A2 01 38 02 A2 01 02 00 02 00 F4 01 0F 00 90 A3 A2 01 28 02 A2 01 02 00 02 00 EA 01 0C 00 A0 A3 A2 01 18 02 A2 01 02 00 02 00 E8 01 0C 00 00 00 00 00  [binary data]
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKU\S-1-5-21-1390067357-73586283-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3031778&SearchSource=3&q={searchTerms}"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.04.14 21:41:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O4 - HKLM..\Run: []  File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233133477390 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O20 - HKU\S-1-5-21-1390067357-73586283-1417001333-1004 Winlogon: Shell - (c:\dokumente und einstellungen\nadja\anwendungsdaten\hw56suzj11.exe) -  File not found
O33 - MountPoints2\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\Shell - "" = AutoRun
O33 - MountPoints2\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\Shell\AutoRun\command - "" = E:\UploadtoYouTube.exe
[2012.04.14 21:39:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
@Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0CE7F3C9
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" =-
"2869:TCP" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Cyanide\GameCenter\GameCenter.exe" =-
"C:\Programme\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe" =-
"C:\Programme\Landwirtschafts Simulator 2011\game.exe" =-
"C:\Programme\FireFly Studios\Stronghold 2\Stronghold2.exe" =-
"C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe" =-
"C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" =-
"C:\Programme\FireFly Studios\Stronghold Legends\StrongholdLegends.exe" =-

:Files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\System32\perf????.dat

ciao, andreas

**jonny666111** · 17.04.2012, 15:57

Diesmal hat es funktioniert. Hier das Log dazu...

Code:

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1390067357-73586283-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1390067357-73586283-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390067357-73586283-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390067357-73586283-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1390067357-73586283-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3031778&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Folder C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {6414512B-B978-451D-A0D8-FCFDF33E833C}
C:\WINDOWS\Downloaded Program Files\wuweb.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry value HKEY_USERS\S-1-5-21-1390067357-73586283-1417001333-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:c:\dokumente und einstellungen\nadja\anwendungsdaten\hw56suzj11.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45cb4e1c-298c-11e1-ad3d-0021008613c9}\ not found.
File E:\UploadtoYouTube.exe not found.
Folder C:\Config.Msi\ not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0CE7F3C9 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Cyanide\GameCenter\GameCenter.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Landwirtschafts Simulator 2011\game.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\FireFly Studios\Stronghold 2\Stronghold2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\FireFly Studios\Stronghold Legends\StrongholdLegends.exe deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\System32\perfc007.dat moved successfully.
C:\WINDOWS\System32\perfc009.dat moved successfully.
C:\WINDOWS\System32\perfd007.dat moved successfully.
C:\WINDOWS\System32\perfd009.dat moved successfully.
C:\WINDOWS\System32\perfh007.dat moved successfully.
C:\WINDOWS\System32\perfh009.dat moved successfully.
C:\WINDOWS\System32\perfi007.dat moved successfully.
C:\WINDOWS\System32\perfi009.dat moved successfully.
 
OTL by OldTimer - Version 3.2.39.2 log created on 04172012_165410

Ich starte nun neu und mach dann den Punkt 6 durch, soweit läuft der Rechner seit her wieder normal.

Nochmal wegen den AUtostart POrogramme ... um welche geht es denn ich denk da kann man schon einige löschen...

**john.doe** · 17.04.2012, 18:26

Nochmal wegen den AUtostart POrogramme ... um welche geht es denn ich denk da kann man schon einige löschen...

Jede Menge. Wollte nur erstmal die Reste killen, bevor wir anfangen zu optimieren.

Jetzt noch die Logs von RSIT, dann kann ich deine Frage beantworten.

Systemdetails mit RSIT prüfen

Lade Random's System Information Tool (RSIT) von random/random herunter
(im Fall von 64Bit-Systemem bitte diese Version herunterladen RSITx64.exe benutzen),
speichere es auf Deinem Desktop.
Schließe alle Fenster und Programme inkl. Browser.
Starte mit Doppelklick die RSIT.exe.
Vista-User mit Rechtsklick => Als Administrator ausführen => Ausführen => Zulassen.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro für HJT akzeptieren I accept.
Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Lade C:\rsit\log.txt und C:\rsit\info.txt (<= wird minimiert in der Taskleiste dargestellt) als Anhänge über Erweitert und Anhänge verwalten hier in den Thread.

Hm. Entweder mein Weg oder der aus irgendwelchen Foren. Das ist jetzt deine/eure Entscheidung.

ciao, andreas

**jonny666111** · 17.04.2012, 18:58

Hatte erneut eine Begegnung mit Iminent. Beim Firefox kam anstatt der google suche automatisch diese Iminent suche.... Hab unter Software nichts mehr dazu gefunden.
AUch unter Firfox Add-ons etc nichts mehr drin.

info.txt

log.txt

Gruß Jonny

**john.doe** · 17.04.2012, 22:11

Moin,

1.) Deinstalliere:

Software Informer 1.0 BETA

2.) Exportiere die Lesezeichen des Firefox, deinstalliere FF, installiere FF, importiere deine Lesezeichen.

Fuer das Skript bin ich jetzt zu muede, kommt morgen abend.

ciao, andreas