Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ukash Virus eingefangen-alle Arten des abgesicherten Mouds funktionieren nicht (https://www.trojaner-board.de/138653-ukash-virus-eingefangen-alle-arten-abgesicherten-mouds-funktionieren.html)

borussiamg19 23.07.2013 16:02
Ukash Virus eingefangen-alle Arten des abgesicherten Mouds funktionieren nicht
 
Hallo,

habe den Ukash-Virus eingefangen und wollte ihn im abgesicherten Modus durch eine Systemwiederherstellung behenen. Leider geht der abgesicherte Mous nicht, auch nicht mit Eingabeaufforderung. habe mich hier durchgelesen und diesen Boot mit OTL von CD hinbekommen. ich habe jetzt den REATOGO-Desktop und komme nicht weiter. Wer kann mir da helfen. Vorsicht, absoluter Anfänger, Nervenstärke gefragt...;-)
Danke und LG!!

schrauber 23.07.2013 16:44
hi,

dann einfach OTL öffnen und auf Scan klicken.

borussiamg19 24.07.2013 10:35
Hallo Schrauber,

das habe ich sogar noch hinbekommen, nur erkennt das Notebook sogar weder cd-Laufwerk oder usb-stick, weiß also nicht, wie ich die txt--Datei hier posten kann...;-(

schrauber 24.07.2013 11:49
Normal sollte er aber USB erkennen. Nutz den Browser in reatogo und geh direkt Online :)

borussiamg19 31.07.2013 07:21
Hallo, läuft trotz OTLPE - Boot immer noch nicht. Habe "runscan" versucht und hochgefahren-nichts:


Ergebnis "RunScan":OTL Logfile:
Code:
OTL logfile created on: 7/31/2013 8:17:40 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.08 Gb Total Space | 177.17 Gb Free Space | 63.71% Space Free | Partition Type: NTFS
Drive F: | 20.00 Gb Total Space | 5.70 Gb Free Space | 28.53% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (HWDeviceService.exe)
SRV - [2013/07/25 10:48:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/14 08:45:42 | 000,224,096 | ---- | M] () [Auto] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/07/21 05:48:29 | 000,246,112 | ---- | M] () [Auto] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/14 08:45:48 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2013/01/14 08:45:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2012/07/21 05:48:33 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/07/21 05:48:32 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/07/21 05:48:32 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/07/21 05:48:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/07/21 05:48:32 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/07/21 05:48:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/21 05:48:32 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/07/21 05:48:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2008/12/04 13:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 16:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 19:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/24 23:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:36226
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/04/20 17:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2013/01/14 08:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 03:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/29 03:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 03:43:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 03:43:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/29 03:43:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 03:43:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/29 03:43:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/29 03:43:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/29 03:43:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\admin_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Latomy]  File not found
O4 - HKU\Tel_02166-846678_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Tel 02166-846678\AppData\Local\Temp\vhicusaefbhabtgnq.exe (Cisco Systems, Inc.)
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Upgrade]  File not found
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/30 22:36:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/26 05:33:38 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\anja
[2013/07/26 02:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/26 02:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/26 02:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/15 11:58:18 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Tekeap
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Laifu
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ebvoow
[2013/07/02 10:48:37 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Local\Corel
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/30 19:37:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/30 19:31:10 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/30 18:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/30 18:23:27 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/07/30 18:23:27 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/30 18:23:27 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/07/30 18:23:27 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/30 18:19:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/30 18:18:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 18:18:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 18:18:33 | 2140,028,928 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/26 05:41:34 | 001,084,690 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\2433f433
[2013/07/26 05:41:33 | 001,084,730 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\2433f433
[2013/07/26 03:02:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/26 02:41:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/25 10:48:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/25 10:48:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/24 09:04:48 | 000,008,268 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/30 18:18:33 | 2140,028,928 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/26 05:41:33 | 001,084,730 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\2433f433
[2013/07/26 05:41:33 | 001,084,690 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\2433f433
[2012/10/17 08:04:09 | 000,000,017 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\blckdom.res
[2012/08/04 10:57:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/04/24 11:21:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/14 14:05:52 | 000,008,268 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2012/02/04 03:24:31 | 000,000,316 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Public (2).lnk
[2011/08/03 15:46:25 | 000,026,624 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/06/19 06:19:36 | 000,228,719 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/06/19 06:19:36 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/06/12 13:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 13:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/09 19:45:10 | 000,003,584 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:45:03 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/06/09 19:45:03 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\CF8102F615.sys
[2009/04/20 15:54:41 | 000,628,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/20 15:54:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/20 15:54:41 | 000,126,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/20 15:54:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/20 06:34:58 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/04/20 06:24:57 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/04/20 06:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,396,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2012/10/17 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.089
[2012/10/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.090
[2012/10/22 09:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.091
[2013/07/24 13:48:08 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ebvoow
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ezat
[2012/05/20 10:51:25 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Fasuf
[2013/01/21 07:00:03 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\IBP
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\ICQ
[2012/12/20 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Icypun
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ihinqa
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Imhu
[2013/07/25 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Jpeg Resampler
[2012/10/17 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\kock
[2013/07/10 10:07:07 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Laifu
[2012/12/20 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\MediaMonkey
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Mohy
[2012/12/20 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ofely
[2012/05/14 03:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Oflev
[2012/07/02 11:07:46 | 000,000,000 | RHSD | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\System32
[2013/01/14 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\T-Mobile
[2012/05/17 04:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Taepwo
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\TeamViewer
[2013/07/24 10:19:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Tekeap
[2012/10/18 03:18:35 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UAs
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Umgyi
[2013/07/26 05:40:50 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UseNeXT
[2012/10/17 08:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\xmldm
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Yrepw
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/07/26 03:02:46 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---




Habe run fix versucht, vorher den code im Feld unter Custom scan/Files eingegeben-auch nichts (Ergebnis habe ich unten aufgeführt)
:OTL

O4 - HKU\flora_toskan_ON_I..\Run: [AdobeBridge] File not found
O4 - HKU\flora_toskan_ON_I..\Run: [cmkxrusp] I:\Users\flora toskan\AppData\Local\gvoafquh.exe ()
O20 - HKU\flora_toskan_ON_I Winlogon: Shell - (C:\Users\flora toskan\AppData\Roaming\skype.dat) - I:\Users\flora toskan\AppData\Roaming\skype.dat ()
[2013/01/28 04:28:20 | 000,095,744 | ---- | M] () -- I:\Users\flora toskan\AppData\Local\urpkrxia.exe
[2013/01/28 04:23:10 | 000,023,552 | ---- | M] () -- I:\Users\flora toskan\AppData\Local\gvoafquh.exe

:Files

ipconfig /flushdns /c
:Commands
[emptytemp]

Ergebnis "RunFix":


========== OTL ==========
Registry key HKEY_USERS\flora_toskan_ON_I\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\flora_toskan_ON_I\Software\Microsoft\Windows\CurrentVersion\Run not found.
File I:\Users\flora toskan\AppData\Local\gvoafquh.exe not found.
Registry key HKEY_USERS\flora_toskan_ON_I\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found.
File I:\Users\flora toskan\AppData\Roaming\skype.dat not found.
File I:\Users\flora toskan\AppData\Local\urpkrxia.exe not found.
File I:\Users\flora toskan\AppData\Local\gvoafquh.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
-> No Temporary Internet Files cache folder defined!

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Gast
-> No Temporary Internet Files cache folder defined!

User: Medion
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

User: Tel 02166-846678
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1155 bytes

Total Files Cleaned = 0.00 mb

Habt Ihr noch eine Lösung parat?

Danke und Gruss aus Mönchengladbach!
Heiko

schrauber 31.07.2013 09:52
Wo zur Hölle hast Du diesen Fix her? :wtf:


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Latomy]  File not found
O4 - HKU\Tel_02166-846678_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Tel 02166-846678\AppData\Local\Temp\vhicusaefbhabtgnq.exe (Cisco Systems, Inc.)
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Upgrade]  File not found
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Tekeap
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Laifu
[2013/07/10 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ebvoow
[2013/07/26 05:41:34 | 001,084,690 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\2433f433
[2013/07/26 05:41:33 | 001,084,730 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\2433f433
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


neu starten, freuen :)

borussiamg19 31.07.2013 10:48
hatte ich vom Trojanerboard;-), ok ich versuch das jetzt

schrauber 31.07.2013 11:48
Der Fix ist immer speziell für diesen einen User :)

borussiamg19 31.07.2013 12:08
Hi Schrauber,

hab meinDestop wieder und auch die Datei geschickt..warum finde ich das hier in den Antworten nicht..grübel

Komme jetzt wohl nicht ins Internet..

Schon mal viele Dank bis hierhin.
LG
heiko

Wow, klappt jetzt, drahtlosverbindung war inaktiv! Super, besten Dank für alles! Gelobt hab ich Dich auch schon;-)

schrauber 31.07.2013 15:20
Wir sind aber noch nit fertig :)

Kontrollscans im normalen Modus:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


borussiamg19 09.08.2013 14:46
Hallo Schrauber,

habe denselben Mist schon wieder. Ergebnis OTL-Scan:OTL Logfile:
Code:
OTL logfile created on: 8/9/2013 4:25:28 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.08 Gb Total Space | 176.56 Gb Free Space | 63.49% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 7.47 Gb Free Space | 99.43% Space Free | Partition Type: FAT32
Drive F: | 20.00 Gb Total Space | 5.70 Gb Free Space | 28.53% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (HWDeviceService.exe)
SRV - [2013/08/02 03:04:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/14 08:45:42 | 000,224,096 | ---- | M] () [Auto] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/07/21 05:48:29 | 000,246,112 | ---- | M] () [Auto] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/08/09 08:01:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/14 08:45:48 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2013/01/14 08:45:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2012/07/21 05:48:33 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/07/21 05:48:32 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/07/21 05:48:32 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/07/21 05:48:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/07/21 05:48:32 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/07/21 05:48:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/21 05:48:32 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/07/21 05:48:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2008/12/04 13:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 16:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 19:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/24 23:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:36226
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/04/20 17:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2013/01/14 08:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 03:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/29 03:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 03:43:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 03:43:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/29 03:43:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 03:43:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/29 03:43:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/29 03:43:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/29 03:43:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\admin_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/09 07:56:22 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/09 04:58:45 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg4
[2013/08/09 04:52:17 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg3
[2013/08/09 04:52:06 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg2
[2013/08/09 04:51:58 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg1
[2013/08/09 04:41:53 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\norman
[2013/08/02 03:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/30 22:36:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/26 05:33:38 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\anja
[2013/07/26 02:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/26 02:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/26 02:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/15 11:58:18 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/09 09:11:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 09:11:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 09:11:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 09:11:15 | 2142,109,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/09 08:04:59 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/09 08:04:59 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/09 08:04:59 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/09 08:04:59 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/09 08:01:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/09 08:00:29 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 07:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/09 06:31:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/07 11:04:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/08/06 02:22:31 | 000,001,959 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/05 03:59:23 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2013/08/05 03:31:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/08/02 03:04:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/02 03:04:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/26 02:41:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/24 09:04:48 | 000,008,268 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/02 03:05:21 | 000,001,959 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/30 18:18:33 | 2142,109,696 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/17 08:04:09 | 000,000,017 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\blckdom.res
[2012/08/04 10:57:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/04/24 11:21:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/14 14:05:52 | 000,008,268 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2012/02/04 03:24:31 | 000,000,316 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Public (2).lnk
[2011/08/03 15:46:25 | 000,026,624 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/06/19 06:19:36 | 000,228,719 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/06/19 06:19:36 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/06/12 13:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 13:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/09 19:45:10 | 000,003,584 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:45:03 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/06/09 19:45:03 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\CF8102F615.sys
[2009/04/20 15:54:41 | 000,628,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/20 15:54:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/20 15:54:41 | 000,126,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/20 15:54:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/20 06:34:58 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/04/20 06:24:57 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/04/20 06:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,396,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2012/10/17 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.089
[2012/10/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.090
[2012/10/22 09:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.091
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ezat
[2012/05/20 10:51:25 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Fasuf
[2013/08/01 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\IBP
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\ICQ
[2012/12/20 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Icypun
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ihinqa
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Imhu
[2013/07/25 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Jpeg Resampler
[2012/10/17 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\kock
[2012/12/20 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\MediaMonkey
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Mohy
[2012/12/20 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ofely
[2012/05/14 03:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Oflev
[2012/07/02 11:07:46 | 000,000,000 | RHSD | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\System32
[2013/01/14 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\T-Mobile
[2012/05/17 04:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Taepwo
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\TeamViewer
[2012/10/18 03:18:35 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UAs
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Umgyi
[2013/08/09 05:00:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UseNeXT
[2012/10/17 08:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\xmldm
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Yrepw
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/08/07 11:04:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

Kannst Du da nochmal prüfen? danke im voraus
:dankeschoen:Heiko

schrauber 10.08.2013 09:25
Was haste denn gemacht?

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


borussiamg19 14.08.2013 15:15
Wenn ich das wüßte, hab zwei stunden vorher Musik geladen über Usenext...habe dann den OTL-Boot laufen lassen

schrauber 14.08.2013 19:52
mach mal obiges :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131