Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Nach Anmeldung in Win7 "warten Sie bis die Internetverbindung hergestellt wird" (https://www.trojaner-board.de/113250-anmeldung-win7-warten-internetverbindung-hergestellt.html)

Andi335i 06.04.2012 19:00
Nach Anmeldung in Win7 "warten Sie bis die Internetverbindung hergestellt wird"
 
Hallo miteinander,

PC bootet ganz normal, auch der Windows Start verläuft ohne Probleme.
Sofort nach dem Anmelden kommt ein weißer Bildschirm mit "warten Sie bis die Internetverbindung hergestellt wird" - Taskmananger lässt sich nicht mehr starten.

Auch im abgesicherten Modus tritt nach der Anmeldung das gleiche auf.

Habe mich schon stundenlang durch dieses sowie anderen Foren gelesen.

Bin vollkommen ratlos, wie ich das Problem beheben kann.

Bitte um Hilfe.


Gruß Andi

cosinus 06.04.2012 22:05
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

Andi335i 08.04.2012 23:55
Hallo,

vielen Dank!
hat alles bis jetzt super geklappt...

hier nun die Datei.OTL Logfile:
Code:
OTL logfile created on: 4/9/2012 1:50:50 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files
Drive C: | 100.00 Mb Total Space | 65.70 Mb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 204.23 Gb Free Space | 73.08% Space Free | Partition Type: NTFS
Drive I: | 931.41 Gb Total Space | 815.57 Gb Free Space | 87.56% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/02/28 12:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto] -- I:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/10 09:28:38 | 001,526,080 | ---- | M] (TuneUp Software) [Auto] -- I:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/10 09:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- I:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/29 12:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- I:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/09/03 09:07:46 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto] -- I:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/21 14:27:15 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand] -- I:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/06 20:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto] -- I:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/17 21:36:08 | 000,176,128 | ---- | M] (AMD) [Auto] -- I:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/23 10:05:00 | 000,045,056 | ---- | M] () [Auto] -- I:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2007/05/31 03:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 03:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - [2011/02/10 05:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- I:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/04/28 23:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand] -- I:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/11/23 12:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 12:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/21 13:28:37 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/06 20:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/23 04:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/11 07:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 07:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 07:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 07:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 07:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/08/17 22:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/07/26 10:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Andi_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Andi_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Andi_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Andi_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 1C CA 61 AC 7D CA 01  [binary data]
IE - HKU\Andi_ON_I\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Andi_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Andi_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: I:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: I:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: I:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Andi_ON_I\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - HKLM..\Run: [Launch LCDMon] I:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] I:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] I:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] I:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Start WingMan Profiler] I:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Andi_ON_I..\Run: [1X8C4VXU8ZZC7V4WOUHQFDNICMPMHW] I:\rgotgktjgbt\rgotgktjgbt.exe (HD1B)
O4 - HKU\Andi_ON_I..\Run: [BX6kRBeYBXtpN21] I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - HKU\Andi_ON_I..\Run: [DAEMON Tools Lite] I:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Andi_ON_I..\Run: [ICQ]  File not found
O4 - HKU\Andi_ON_I..\Run: [Logitech Vid] I:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\Andi_ON_I..\Run: [Pando Media Booster] I:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.27297052864423155.exe.lnk ()
O4 - Startup: I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2853242048877589.exe.lnk ()
O4 - Startup: I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - I:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - I:\Users\Andi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - I:\Users\Andi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - I:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - I:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe) - I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKLM Winlogon: UserInit - (C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe) - I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Andi_ON_I Winlogon: Shell - (C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe) - I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKU\Andi_ON_I Winlogon: UserInit - (C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe) - I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2415dc2b-d6ca-11de-bd21-0019666c2ab1}\Shell - "" = AutoRun
O33 - MountPoints2\{2415dc2b-d6ca-11de-bd21-0019666c2ab1}\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\{701fa378-b9c7-11df-a6a3-0019666c2ab1}\Shell - "" = AutoRun
O33 - MountPoints2\{701fa378-b9c7-11df-a6a3-0019666c2ab1}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/30 12:35:11 | 000,240,128 | ---- | C] (jqUhg) -- I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe
[2012/03/21 14:19:58 | 003,957,616 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntkrnlpa.exe
[2012/03/21 14:19:53 | 003,902,320 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntoskrnl.exe
[2012/03/21 14:18:17 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2012/03/21 14:18:17 | 000,000,000 | ---D | C] -- I:\Program Files\simfy
[2012/03/15 13:27:29 | 002,341,376 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\win32k.sys
[2012/03/15 13:27:23 | 001,170,944 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\d3d10warp.dll
[2012/03/15 13:27:23 | 001,074,176 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\DWrite.dll
[2012/03/15 13:27:23 | 000,739,840 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\d2d1.dll
[2012/03/15 13:27:23 | 000,218,624 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\d3d10_1core.dll
[2012/03/15 13:27:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\d3d10_1.dll
[2012/03/15 13:09:58 | 000,129,536 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpcorekmts.dll
[2012/03/15 13:09:58 | 000,057,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpwsx.dll
[2012/03/15 13:09:58 | 000,008,192 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdrmemptylst.exe
[2012/03/15 13:09:55 | 000,826,368 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpcore.dll
[2012/03/10 15:03:45 | 003,695,416 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieapfltr.dat
[2012/03/10 15:03:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtml.tlb
[2012/03/10 15:03:45 | 001,798,656 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2012/03/10 15:03:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2012/03/10 15:03:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll
[2012/03/10 15:03:45 | 000,580,608 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll
[2012/03/10 15:03:45 | 000,434,176 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieapfltr.dll
[2012/03/10 15:03:45 | 000,420,864 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\vbscript.dll
[2012/03/10 15:03:45 | 000,367,104 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\html.iec
[2012/03/10 15:03:45 | 000,353,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\dxtmsft.dll
[2012/03/10 15:03:45 | 000,353,584 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iedkcs32.dll
[2012/03/10 15:03:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\url.dll
[2012/03/10 15:03:45 | 000,227,840 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieaksie.dll
[2012/03/10 15:03:45 | 000,223,232 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\dxtrans.dll
[2012/03/10 15:03:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2012/03/10 15:03:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieakui.dll
[2012/03/10 15:03:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msrating.dll
[2012/03/10 15:03:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msls31.dll
[2012/03/10 15:03:45 | 000,152,064 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wextract.exe
[2012/03/10 15:03:45 | 000,150,528 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iexpress.exe
[2012/03/10 15:03:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe
[2012/03/10 15:03:45 | 000,130,560 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieakeng.dll
[2012/03/10 15:03:45 | 000,118,784 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iepeers.dll
[2012/03/10 15:03:45 | 000,110,592 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\IEAdvpack.dll
[2012/03/10 15:03:45 | 000,101,888 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\admparse.dll
[2012/03/10 15:03:45 | 000,086,528 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iesysprep.dll
[2012/03/10 15:03:45 | 000,078,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inseng.dll
[2012/03/10 15:03:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\SetIEInstalledDate.exe
[2012/03/10 15:03:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/10 15:03:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iesetup.dll
[2012/03/10 15:03:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ie4uinit.exe
[2012/03/10 15:03:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jsproxy.dll
[2012/03/10 15:03:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\pngfilt.dll
[2012/03/10 15:03:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtmler.dll
[2012/03/10 15:03:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeedsbs.dll
[2012/03/10 15:03:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\imgutil.dll
[2012/03/10 15:03:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iernonce.dll
[2012/03/10 15:03:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\licmgr10.dll
[2012/03/10 15:03:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeedssync.exe
[6 I:\Windows\System32\*.tmp files -> I:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/06 13:51:23 | 000,014,016 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 13:51:23 | 000,014,016 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 13:50:36 | 000,729,308 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2012/04/06 13:50:36 | 000,639,134 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2012/04/06 13:50:36 | 000,152,560 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2012/04/06 13:50:36 | 000,126,494 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2012/04/06 13:46:23 | 000,001,090 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/06 13:46:13 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2012/04/06 13:46:03 | 2314,649,600 | -HS- | M] () -- I:\hiberfil.sys
[2012/03/30 12:41:05 | 000,001,094 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/30 12:35:10 | 000,240,128 | ---- | M] (jqUhg) -- I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe
[2012/03/23 15:09:04 | 000,001,051 | ---- | M] () -- I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2853242048877589.exe.lnk
[2012/03/23 14:58:19 | 000,001,053 | ---- | M] () -- I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.27297052864423155.exe.lnk
[2012/03/23 14:13:23 | 000,435,096 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2012/03/21 14:18:17 | 000,000,803 | ---- | M] () -- I:\Users\Public\Desktop\simfy.lnk
[2012/03/21 14:18:17 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2012/03/15 13:03:28 | 000,001,403 | ---- | M] () -- I:\Users\Andi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/10 15:03:45 | 003,695,416 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\ieapfltr.dat
[2012/03/10 15:03:45 | 002,382,848 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\mshtml.tlb
[2012/03/10 15:03:45 | 001,798,656 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2012/03/10 15:03:45 | 001,427,456 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2012/03/10 15:03:45 | 000,716,800 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll
[2012/03/10 15:03:45 | 000,580,608 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll
[2012/03/10 15:03:45 | 000,434,176 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\ieapfltr.dll
[2012/03/10 15:03:45 | 000,420,864 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\vbscript.dll
[2012/03/10 15:03:45 | 000,367,104 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\html.iec
[2012/03/10 15:03:45 | 000,353,792 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\dxtmsft.dll
[2012/03/10 15:03:45 | 000,353,584 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\iedkcs32.dll
[2012/03/10 15:03:45 | 000,231,936 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\url.dll
[2012/03/10 15:03:45 | 000,227,840 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\ieaksie.dll
[2012/03/10 15:03:45 | 000,223,232 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\dxtrans.dll
[2012/03/10 15:03:45 | 000,176,640 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2012/03/10 15:03:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\ieakui.dll
[2012/03/10 15:03:45 | 000,162,304 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\msrating.dll
[2012/03/10 15:03:45 | 000,161,792 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\msls31.dll
[2012/03/10 15:03:45 | 000,152,064 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\wextract.exe
[2012/03/10 15:03:45 | 000,150,528 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\iexpress.exe
[2012/03/10 15:03:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe
[2012/03/10 15:03:45 | 000,130,560 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\ieakeng.dll
[2012/03/10 15:03:45 | 000,118,784 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\iepeers.dll
[2012/03/10 15:03:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\IEAdvpack.dll
[2012/03/10 15:03:45 | 000,101,888 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\admparse.dll
[2012/03/10 15:03:45 | 000,086,528 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\iesysprep.dll
[2012/03/10 15:03:45 | 000,078,848 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\inseng.dll
[2012/03/10 15:03:45 | 000,076,800 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\SetIEInstalledDate.exe
[2012/03/10 15:03:45 | 000,074,752 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/10 15:03:45 | 000,074,752 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\iesetup.dll
[2012/03/10 15:03:45 | 000,074,240 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\ie4uinit.exe
[2012/03/10 15:03:45 | 000,072,822 | ---- | M] () -- I:\Windows\System32\ieuinit.inf
[2012/03/10 15:03:45 | 000,065,024 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\jsproxy.dll
[2012/03/10 15:03:45 | 000,054,272 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\pngfilt.dll
[2012/03/10 15:03:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\mshtmler.dll
[2012/03/10 15:03:45 | 000,041,472 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\msfeedsbs.dll
[2012/03/10 15:03:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\imgutil.dll
[2012/03/10 15:03:45 | 000,031,744 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\iernonce.dll
[2012/03/10 15:03:45 | 000,023,552 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\licmgr10.dll
[2012/03/10 15:03:45 | 000,010,752 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\msfeedssync.exe
[6 I:\Windows\System32\*.tmp files -> I:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/23 15:09:04 | 000,001,051 | ---- | C] () -- I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2853242048877589.exe.lnk
[2012/03/23 14:58:19 | 000,001,053 | ---- | C] () -- I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.27297052864423155.exe.lnk
[2012/03/15 13:03:28 | 000,001,409 | ---- | C] () -- I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/10 15:03:45 | 000,072,822 | ---- | C] () -- I:\Windows\System32\ieuinit.inf
[2011/10/14 14:11:53 | 000,000,118 | ---- | C] () -- I:\Windows\System32\MRT.INI
[2011/08/16 14:30:06 | 000,003,584 | ---- | C] () -- I:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- I:\Windows\System32\xlive.dll.cat
[2011/03/12 13:38:48 | 000,000,532 | ---- | C] () -- I:\Windows\eReg.dat
[2010/10/22 10:47:40 | 000,000,193 | ---- | C] () -- I:\Windows\WORDPAD.INI
[2010/10/18 11:01:27 | 002,601,752 | ---- | C] () -- I:\Windows\System32\pbsvc_moh.exe
[2010/06/19 14:51:14 | 000,151,848 | -H-- | C] () -- I:\Windows\System32\mlfcache.dat
[2010/03/10 11:57:57 | 000,139,128 | ---- | C] () -- I:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/10 11:57:51 | 000,138,056 | ---- | C] () -- I:\Users\Andi\AppData\Roaming\PnkBstrK.sys
[2010/03/10 11:57:19 | 000,215,128 | ---- | C] () -- I:\Windows\System32\PnkBstrB.exe
[2010/03/10 11:57:19 | 000,075,064 | ---- | C] () -- I:\Windows\System32\PnkBstrA.exe
[2010/03/10 11:57:18 | 002,434,856 | ---- | C] () -- I:\Windows\System32\pbsvc_bc2.exe
[2010/02/24 09:19:06 | 000,111,932 | ---- | C] () -- I:\Windows\System32\EPPICPrinterDB.dat
[2010/02/24 09:19:06 | 000,031,053 | ---- | C] () -- I:\Windows\System32\EPPICPattern131.dat
[2010/02/24 09:19:06 | 000,027,417 | ---- | C] () -- I:\Windows\System32\EPPICPattern121.dat
[2010/02/24 09:19:06 | 000,026,154 | ---- | C] () -- I:\Windows\System32\EPPICPattern1.dat
[2010/02/24 09:19:06 | 000,024,903 | ---- | C] () -- I:\Windows\System32\EPPICPattern3.dat
[2010/02/24 09:19:06 | 000,021,390 | ---- | C] () -- I:\Windows\System32\EPPICPattern5.dat
[2010/02/24 09:19:06 | 000,020,148 | ---- | C] () -- I:\Windows\System32\EPPICPattern2.dat
[2010/02/24 09:19:06 | 000,011,811 | ---- | C] () -- I:\Windows\System32\EPPICPattern4.dat
[2010/02/24 09:19:06 | 000,004,943 | ---- | C] () -- I:\Windows\System32\EPPICPattern6.dat
[2010/02/24 09:19:06 | 000,001,146 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_DU.dat
[2010/02/24 09:19:06 | 000,001,139 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_PT.dat
[2010/02/24 09:19:06 | 000,001,139 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_BP.dat
[2010/02/24 09:19:06 | 000,001,136 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_ES.dat
[2010/02/24 09:19:06 | 000,001,129 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_FR.dat
[2010/02/24 09:19:06 | 000,001,129 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_CF.dat
[2010/02/24 09:19:06 | 000,001,120 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_IT.dat
[2010/02/24 09:19:06 | 000,001,107 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_GE.dat
[2010/02/24 09:19:06 | 000,001,104 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_EN.dat
[2010/02/24 09:19:06 | 000,000,097 | ---- | C] () -- I:\Windows\System32\PICSDK.ini
[2010/01/24 12:07:00 | 000,000,056 | -H-- | C] () -- I:\Windows\System32\ezsidmv.dat
[2009/11/21 13:00:59 | 000,000,000 | ---- | C] () -- I:\Windows\ativpsrm.bin
[2009/10/06 20:46:36 | 000,025,752 | ---- | C] () -- I:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/06 20:23:08 | 000,013,584 | ---- | C] () -- I:\Windows\System32\drivers\iKeyLFT2.dll
[2009/07/14 04:47:43 | 000,729,308 | ---- | C] () -- I:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- I:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,152,560 | ---- | C] () -- I:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- I:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,435,096 | ---- | C] () -- I:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,639,134 | ---- | C] () -- I:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- I:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,126,494 | ---- | C] () -- I:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- I:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- I:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- I:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- I:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- I:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- I:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\System32\BWContextHandler.dll
[2009/06/18 14:29:04 | 000,197,654 | ---- | C] () -- I:\Windows\System32\atiicdxx.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\System32\mlang.dat
[2009/02/18 12:55:22 | 000,294,912 | ---- | C] () -- I:\Windows\System32\ATIODE.exe
[2009/02/03 15:52:04 | 000,045,056 | ---- | C] () -- I:\Windows\System32\ATIODCLI.exe
[2008/07/26 09:42:52 | 000,066,482 | ---- | C] () -- I:\Windows\System32\lvcoinst.ini
 
========== LOP Check ==========
 
[2009/11/21 13:13:37 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2011/05/24 13:03:54 | 000,000,000 | ---D | M] -- I:\ProgramData\AVG10
[2011/05/22 03:57:45 | 000,000,000 | ---D | M] -- I:\ProgramData\avg9
[2010/10/18 11:12:47 | 000,000,000 | ---D | M] -- I:\ProgramData\Codemasters
[2011/05/22 04:21:59 | 000,000,000 | -H-D | M] -- I:\ProgramData\Common Files
[2009/11/21 13:27:55 | 000,000,000 | ---D | M] -- I:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2009/11/21 13:13:37 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2009/11/21 13:13:37 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2009/11/22 03:32:30 | 000,000,000 | ---D | M] -- I:\ProgramData\ICQ
[2011/05/23 10:47:52 | 000,000,000 | ---D | M] -- I:\ProgramData\MFAData
[2011/07/27 15:23:46 | 000,000,000 | ---D | M] -- I:\ProgramData\PMB Files
[2011/03/14 16:31:39 | 000,000,000 | ---D | M] -- I:\ProgramData\SimCity Societies
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2009/11/21 13:13:37 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2011/04/21 12:20:16 | 000,000,000 | ---D | M] -- I:\ProgramData\TuneUp Software
[2009/11/21 13:13:37 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2011/04/21 12:16:50 | 000,000,000 | -HSD | M] -- I:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/03/31 13:45:47 | 000,000,000 | ---D | M] -- I:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/22 08:36:00 | 000,000,000 | ---D | M] -- I:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/21 13:54:11 | 000,000,000 | -HSD | M] -- I:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/01/02 14:41:15 | 000,032,632 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---





Gruss Andi

cosinus 09.04.2012 15:32
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Andi_ON_I\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - HKU\Andi_ON_I..\Run: [1X8C4VXU8ZZC7V4WOUHQFDNICMPMHW] I:\rgotgktjgbt\rgotgktjgbt.exe (HD1B)
O4 - HKU\Andi_ON_I..\Run: [BX6kRBeYBXtpN21] I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - Startup: I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.27297052864423155.exe.lnk ()
O4 - Startup: I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2853242048877589.exe.lnk ()
O7 - HKU\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe) - I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKLM Winlogon: UserInit - (C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe) - I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKU\Andi_ON_I Winlogon: Shell - (C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe) - I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKU\Andi_ON_I Winlogon: UserInit - (C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe) - I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2415dc2b-d6ca-11de-bd21-0019666c2ab1}\Shell - "" = AutoRun
O33 - MountPoints2\{2415dc2b-d6ca-11de-bd21-0019666c2ab1}\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\{701fa378-b9c7-11df-a6a3-0019666c2ab1}\Shell - "" = AutoRun
O33 - MountPoints2\{701fa378-b9c7-11df-a6a3-0019666c2ab1}\Shell\AutoRun\command - "" = K:\Autorun.exe
[2012/03/30 12:35:11 | 000,240,128 | ---- | C] (jqUhg) -- I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe
[2012/03/30 12:35:10 | 000,240,128 | ---- | M] (jqUhg) -- I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe
[2012/03/23 15:09:04 | 000,001,051 | ---- | M] () -- I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2853242048877589.exe.lnk
[2012/03/23 14:58:19 | 000,001,053 | ---- | M] () -- I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.27297052864423155.exe.lnk
[2012/03/15 13:03:28 | 000,001,409 | ---- | C] () -- I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Andi335i 15.04.2012 11:11
Vielen Dank fuer die Hilfe...

anbei die Logfile...

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\Andi_ON_I\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BX6kRBeYBXtpN21 deleted successfully.
I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe moved successfully.
Registry value HKEY_USERS\Andi_ON_I\Software\Microsoft\Windows\CurrentVersion\Run\\1X8C4VXU8ZZC7V4WOUHQFDNICMPMHW deleted successfully.
I:\rgotgktjgbt\rgotgktjgbt.exe moved successfully.
Registry value HKEY_USERS\Andi_ON_I\Software\Microsoft\Windows\CurrentVersion\Run\\BX6kRBeYBXtpN21 deleted successfully.
File I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe not found.
I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.27297052864423155.exe.lnk moved successfully.
I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2853242048877589.exe.lnk moved successfully.
Registry value HKEY_USERS\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Andi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe deleted successfully.
File I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe deleted successfully.
File I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe not found.
Registry value HKEY_USERS\Andi_ON_I\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe deleted successfully.
File I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe not found.
Registry value HKEY_USERS\Andi_ON_I\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe deleted successfully.
File I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
I:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2415dc2b-d6ca-11de-bd21-0019666c2ab1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2415dc2b-d6ca-11de-bd21-0019666c2ab1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2415dc2b-d6ca-11de-bd21-0019666c2ab1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2415dc2b-d6ca-11de-bd21-0019666c2ab1}\ not found.
File L:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{701fa378-b9c7-11df-a6a3-0019666c2ab1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701fa378-b9c7-11df-a6a3-0019666c2ab1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{701fa378-b9c7-11df-a6a3-0019666c2ab1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701fa378-b9c7-11df-a6a3-0019666c2ab1}\ not found.
File K:\Autorun.exe not found.
File I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe not found.6
File I:\Users\Andi\AppData\Roaming\y6drxuj c7ti.exe not found.
File I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2853242048877589.exe.lnk not found.
File I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.27297052864423155.exe.lnk not found.
I:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk moved successfully.
========== COMMANDS ==========
I:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 04152012_141112

cosinus 15.04.2012 16:18
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131