Ukash Virus eingefangen-alle Arten des abgesicherten Mouds funktionieren nicht

borussiamg19 · 23.07.2013, 16:02

Hallo,

habe den Ukash-Virus eingefangen und wollte ihn im abgesicherten Modus durch eine Systemwiederherstellung behenen. Leider geht der abgesicherte Mous nicht, auch nicht mit Eingabeaufforderung. habe mich hier durchgelesen und diesen Boot mit OTL von CD hinbekommen. ich habe jetzt den REATOGO-Desktop und komme nicht weiter. Wer kann mir da helfen. Vorsicht, absoluter Anfänger, Nervenstärke gefragt...;-)
Danke und LG!!

schrauber · 23.07.2013, 16:44

hi,

dann einfach OTL öffnen und auf Scan klicken.

borussiamg19 · 24.07.2013, 10:35

Hallo Schrauber,

das habe ich sogar noch hinbekommen, nur erkennt das Notebook sogar weder cd-Laufwerk oder usb-stick, weiß also nicht, wie ich die txt--Datei hier posten kann...;-(

schrauber · 24.07.2013, 11:49

Normal sollte er aber USB erkennen. Nutz den Browser in reatogo und geh direkt Online

borussiamg19 · 31.07.2013, 07:21

Hallo, läuft trotz OTLPE - Boot immer noch nicht. Habe "runscan" versucht und hochgefahren-nichts:

Ergebnis "RunScan":OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 7/31/2013 8:17:40 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.08 Gb Total Space | 177.17 Gb Free Space | 63.71% Space Free | Partition Type: NTFS
Drive F: | 20.00 Gb Total Space | 5.70 Gb Free Space | 28.53% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (HWDeviceService.exe)
SRV - [2013/07/25 10:48:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/14 08:45:42 | 000,224,096 | ---- | M] () [Auto] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/07/21 05:48:29 | 000,246,112 | ---- | M] () [Auto] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/14 08:45:48 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2013/01/14 08:45:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2012/07/21 05:48:33 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/07/21 05:48:32 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/07/21 05:48:32 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/07/21 05:48:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/07/21 05:48:32 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/07/21 05:48:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/21 05:48:32 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/07/21 05:48:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2008/12/04 13:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 16:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 19:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/24 23:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:36226
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/04/20 17:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2013/01/14 08:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 03:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/29 03:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 03:43:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 03:43:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/29 03:43:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 03:43:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/29 03:43:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/29 03:43:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/29 03:43:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\admin_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Latomy]  File not found
O4 - HKU\Tel_02166-846678_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Tel 02166-846678\AppData\Local\Temp\vhicusaefbhabtgnq.exe (Cisco Systems, Inc.)
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Upgrade]  File not found
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/30 22:36:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/26 05:33:38 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\anja
[2013/07/26 02:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/26 02:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/26 02:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/15 11:58:18 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Tekeap
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Laifu
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ebvoow
[2013/07/02 10:48:37 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Local\Corel
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/30 19:37:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/30 19:31:10 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/30 18:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/30 18:23:27 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/07/30 18:23:27 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/30 18:23:27 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/07/30 18:23:27 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/30 18:19:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/30 18:18:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 18:18:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 18:18:33 | 2140,028,928 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/26 05:41:34 | 001,084,690 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\2433f433
[2013/07/26 05:41:33 | 001,084,730 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\2433f433
[2013/07/26 03:02:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/26 02:41:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/25 10:48:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/25 10:48:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/24 09:04:48 | 000,008,268 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/30 18:18:33 | 2140,028,928 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/26 05:41:33 | 001,084,730 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\2433f433
[2013/07/26 05:41:33 | 001,084,690 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\2433f433
[2012/10/17 08:04:09 | 000,000,017 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\blckdom.res
[2012/08/04 10:57:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/04/24 11:21:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/14 14:05:52 | 000,008,268 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2012/02/04 03:24:31 | 000,000,316 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Public (2).lnk
[2011/08/03 15:46:25 | 000,026,624 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/06/19 06:19:36 | 000,228,719 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/06/19 06:19:36 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/06/12 13:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 13:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/09 19:45:10 | 000,003,584 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:45:03 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/06/09 19:45:03 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\CF8102F615.sys
[2009/04/20 15:54:41 | 000,628,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/20 15:54:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/20 15:54:41 | 000,126,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/20 15:54:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/20 06:34:58 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/04/20 06:24:57 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/04/20 06:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,396,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2012/10/17 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.089
[2012/10/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.090
[2012/10/22 09:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.091
[2013/07/24 13:48:08 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ebvoow
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ezat
[2012/05/20 10:51:25 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Fasuf
[2013/01/21 07:00:03 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\IBP
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\ICQ
[2012/12/20 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Icypun
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ihinqa
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Imhu
[2013/07/25 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Jpeg Resampler
[2012/10/17 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\kock
[2013/07/10 10:07:07 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Laifu
[2012/12/20 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\MediaMonkey
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Mohy
[2012/12/20 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ofely
[2012/05/14 03:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Oflev
[2012/07/02 11:07:46 | 000,000,000 | RHSD | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\System32
[2013/01/14 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\T-Mobile
[2012/05/17 04:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Taepwo
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\TeamViewer
[2013/07/24 10:19:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Tekeap
[2012/10/18 03:18:35 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UAs
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Umgyi
[2013/07/26 05:40:50 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UseNeXT
[2012/10/17 08:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\xmldm
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Yrepw
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/07/26 03:02:46 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Habe run fix versucht, vorher den code im Feld unter Custom scan/Files eingegeben-auch nichts (Ergebnis habe ich unten aufgeführt)
:OTL

O4 - HKU\flora_toskan_ON_I..\Run: [AdobeBridge] File not found
O4 - HKU\flora_toskan_ON_I..\Run: [cmkxrusp] I:\Users\flora toskan\AppData\Local\gvoafquh.exe ()
O20 - HKU\flora_toskan_ON_I Winlogon: Shell - (C:\Users\flora toskan\AppData\Roaming\skype.dat) - I:\Users\flora toskan\AppData\Roaming\skype.dat ()
[2013/01/28 04:28:20 | 000,095,744 | ---- | M] () -- I:\Users\flora toskan\AppData\Local\urpkrxia.exe
[2013/01/28 04:23:10 | 000,023,552 | ---- | M] () -- I:\Users\flora toskan\AppData\Local\gvoafquh.exe

:Files

ipconfig /flushdns /c
:Commands
[emptytemp]

Ergebnis "RunFix":

========== OTL ==========
Registry key HKEY_USERS\flora_toskan_ON_I\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\flora_toskan_ON_I\Software\Microsoft\Windows\CurrentVersion\Run not found.
File I:\Users\flora toskan\AppData\Local\gvoafquh.exe not found.
Registry key HKEY_USERS\flora_toskan_ON_I\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found.
File I:\Users\flora toskan\AppData\Roaming\skype.dat not found.
File I:\Users\flora toskan\AppData\Local\urpkrxia.exe not found.
File I:\Users\flora toskan\AppData\Local\gvoafquh.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
-> No Temporary Internet Files cache folder defined!

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Gast
-> No Temporary Internet Files cache folder defined!

User: Medion
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

User: Tel 02166-846678
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1155 bytes

Total Files Cleaned = 0.00 mb

Habt Ihr noch eine Lösung parat?

Danke und Gruss aus Mönchengladbach!
Heiko

schrauber · 31.07.2013, 09:52

Wo zur Hölle hast Du diesen Fix her?

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Latomy]  File not found
O4 - HKU\Tel_02166-846678_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Tel 02166-846678\AppData\Local\Temp\vhicusaefbhabtgnq.exe (Cisco Systems, Inc.)
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Upgrade]  File not found
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Tekeap
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Laifu
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ebvoow
[2013/07/26 05:41:34 | 001,084,690 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\2433f433
[2013/07/26 05:41:33 | 001,084,730 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\2433f433
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

neu starten, freuen

borussiamg19 · 31.07.2013, 10:48

hatte ich vom Trojanerboard;-), ok ich versuch das jetzt

schrauber · 31.07.2013, 11:48

Der Fix ist immer speziell für diesen einen User

borussiamg19 · 31.07.2013, 12:08

Hi Schrauber,

hab meinDestop wieder und auch die Datei geschickt..warum finde ich das hier in den Antworten nicht..grübel

Komme jetzt wohl nicht ins Internet..

Schon mal viele Dank bis hierhin.
LG
heiko

Wow, klappt jetzt, drahtlosverbindung war inaktiv! Super, besten Dank für alles! Gelobt hab ich Dich auch schon;-)

schrauber · 31.07.2013, 15:20

Wir sind aber noch nit fertig

Kontrollscans im normalen Modus:

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

borussiamg19 · 09.08.2013, 14:46

Hallo Schrauber,

habe denselben Mist schon wieder. Ergebnis OTL-Scan:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 8/9/2013 4:25:28 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.08 Gb Total Space | 176.56 Gb Free Space | 63.49% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 7.47 Gb Free Space | 99.43% Space Free | Partition Type: FAT32
Drive F: | 20.00 Gb Total Space | 5.70 Gb Free Space | 28.53% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (HWDeviceService.exe)
SRV - [2013/08/02 03:04:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/14 08:45:42 | 000,224,096 | ---- | M] () [Auto] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/07/21 05:48:29 | 000,246,112 | ---- | M] () [Auto] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/08/09 08:01:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/14 08:45:48 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2013/01/14 08:45:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2012/07/21 05:48:33 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/07/21 05:48:32 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/07/21 05:48:32 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/07/21 05:48:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/07/21 05:48:32 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/07/21 05:48:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/21 05:48:32 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/07/21 05:48:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2008/12/04 13:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 16:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 19:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/24 23:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:36226
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/04/20 17:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2013/01/14 08:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 03:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/29 03:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 03:43:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 03:43:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/29 03:43:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 03:43:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/29 03:43:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/29 03:43:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/29 03:43:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\admin_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/09 07:56:22 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/09 04:58:45 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg4
[2013/08/09 04:52:17 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg3
[2013/08/09 04:52:06 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg2
[2013/08/09 04:51:58 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg1
[2013/08/09 04:41:53 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\norman
[2013/08/02 03:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/30 22:36:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/26 05:33:38 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\anja
[2013/07/26 02:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/26 02:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/26 02:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/15 11:58:18 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/09 09:11:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 09:11:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 09:11:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 09:11:15 | 2142,109,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/09 08:04:59 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/09 08:04:59 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/09 08:04:59 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/09 08:04:59 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/09 08:01:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/09 08:00:29 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 07:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/09 06:31:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/07 11:04:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/08/06 02:22:31 | 000,001,959 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/05 03:59:23 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2013/08/05 03:31:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/08/02 03:04:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/02 03:04:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/26 02:41:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/24 09:04:48 | 000,008,268 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/02 03:05:21 | 000,001,959 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/30 18:18:33 | 2142,109,696 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/17 08:04:09 | 000,000,017 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\blckdom.res
[2012/08/04 10:57:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/04/24 11:21:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/14 14:05:52 | 000,008,268 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2012/02/04 03:24:31 | 000,000,316 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Public (2).lnk
[2011/08/03 15:46:25 | 000,026,624 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/06/19 06:19:36 | 000,228,719 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/06/19 06:19:36 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/06/12 13:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 13:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/09 19:45:10 | 000,003,584 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:45:03 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/06/09 19:45:03 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\CF8102F615.sys
[2009/04/20 15:54:41 | 000,628,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/20 15:54:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/20 15:54:41 | 000,126,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/20 15:54:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/20 06:34:58 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/04/20 06:24:57 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/04/20 06:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,396,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2012/10/17 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.089
[2012/10/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.090
[2012/10/22 09:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.091
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ezat
[2012/05/20 10:51:25 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Fasuf
[2013/08/01 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\IBP
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\ICQ
[2012/12/20 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Icypun
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ihinqa
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Imhu
[2013/07/25 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Jpeg Resampler
[2012/10/17 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\kock
[2012/12/20 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\MediaMonkey
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Mohy
[2012/12/20 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ofely
[2012/05/14 03:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Oflev
[2012/07/02 11:07:46 | 000,000,000 | RHSD | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\System32
[2013/01/14 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\T-Mobile
[2012/05/17 04:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Taepwo
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\TeamViewer
[2012/10/18 03:18:35 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UAs
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Umgyi
[2013/08/09 05:00:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UseNeXT
[2012/10/17 08:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\xmldm
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Yrepw
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/08/07 11:04:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Kannst Du da nochmal prüfen? danke im voraus

Heiko

schrauber · 10.08.2013, 09:25

Was haste denn gemacht?

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

borussiamg19 · 14.08.2013, 15:15

Wenn ich das wüßte, hab zwei stunden vorher Musik geladen über Usenext...habe dann den OTL-Boot laufen lassen

schrauber · 14.08.2013, 19:52

mach mal obiges

23.07.2013, 16:44	#2
schrauber /// the machine /// TB-Ausbilder	Ukash Virus eingefangen-alle Arten des abgesicherten Mouds funktionieren nicht hi, dann einfach OTL öffnen und auf Scan klicken. __________________ __________________

24.07.2013, 11:49	#4
schrauber /// the machine /// TB-Ausbilder	Ukash Virus eingefangen-alle Arten des abgesicherten Mouds funktionieren nicht Normal sollte er aber USB erkennen. Nutz den Browser in reatogo und geh direkt Online __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

31.07.2013, 11:48	#8
schrauber /// the machine /// TB-Ausbilder	Ukash Virus eingefangen-alle Arten des abgesicherten Mouds funktionieren nicht Der Fix ist immer speziell für diesen einen User __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

14.08.2013, 19:52	#14
schrauber /// the machine /// TB-Ausbilder	Ukash Virus eingefangen-alle Arten des abgesicherten Mouds funktionieren nicht mach mal obiges __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Ukash Virus eingefangen-alle Arten des abgesicherten Mouds funktionieren nicht

Log-Analyse und Auswertung: Ukash Virus eingefangen-alle Arten des abgesicherten Mouds funktionieren nicht