Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "please wait the connection is being established" - vista 32 bit (https://www.trojaner-board.de/125719-please-wait-the-connection-is-being-established-vista-32-bit.html)

CptArrgh 15.10.2012 17:17
"please wait the connection is being established" - vista 32 bit
 
Mir wurde von meinen Nachbarn ein computer gegeben der mit dem Virus verseucht ist, welcher beim Starten einen weißen Bildschirm liefert auf dem "please wait the connection is being established" steht.
Dies scheint ein gäniger Virus zus sein. Doch da die meisten Lösungen nur individuel für die Problembeschreibenen gemacht wurden, dachte ich das ich mein Probem hier auch mal poste.

Ich habe bereits verucht ein OTLPE txt file zu erstellen, doch wenn ich auf dem infizierten Computer auf den Shortcut names OTLPE klicke und das Laufwerg auf dem Vista ist anklicke sagt mir das Pogramm dass meine Windows version "2000 or later" ist.

Danke im Vorraus für Hilfe.

cosinus 16.10.2012 12:47
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

CptArrgh 17.10.2012 08:23
Ne, der abgesicherte Modus funktioniert nicht.

cosinus 17.10.2012 15:31
Dann weiter mit OTLPE

Zitat:
Ich habe bereits verucht ein OTLPE txt file zu erstellen, doch wenn ich auf dem infizierten Computer auf den Shortcut names OTLPE klicke und das Laufwerg auf dem Vista ist anklicke sagt mir das Pogramm dass meine Windows version "2000 or later" ist.

Diese Meldung bekommt man wenn man nicht wie in der Anleitung beschrieben den Windows-Ordner auswählt sondern einfach nur die Windowspartition

CptArrgh 18.10.2012 09:35
Okay hier ist die Datei, eine Extras.txt Datei wurde aber nicht erstellt also nur diese eine.

Danke schonmal im Vorraus.

cosinus 18.10.2012 12:20
Die Logs bitte nur in den Anhang (gezippt) legen, wenn sie zu groß sind um direkt gepostet zu werden!
Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher übersichtlicher und man spart sich ne Menge Rumklickerei

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

CptArrgh 18.10.2012 18:42
OTL Logfile:
Code:
OTL logfile created on: 10/17/2012 8:17:48 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 9.20 Gb Free Space | 16.53% Space Free | Partition Type: NTFS
Drive D: | 54.66 Gb Total Space | 9.65 Gb Free Space | 17.65% Space Free | Partition Type: NTFS
Drive E: | 14.92 Gb Total Space | 14.81 Gb Free Space | 99.23% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (gusvc)
SRV - File not found [On_Demand] --  -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - File not found [Auto] --  -- (gupdate) Google Update Service (gupdate)
SRV - [2012/05/20 14:18:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/02 16:10:54 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/27 19:05:40 | 003,417,376 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2010/03/09 20:01:00 | 003,589,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/05 16:05:46 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/18 15:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 04:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/16 18:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 09:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/24 20:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 11:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/09 10:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/11/21 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/08/23 22:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 06:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 20:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/24 19:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 06:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 09:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2006/08/23 10:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (XDva375)
DRV - File not found [Kernel | On_Demand] --  -- (XDva370)
DRV - File not found [Kernel | On_Demand] --  -- (XDva362)
DRV - File not found [Kernel | On_Demand] --  -- (XDva358)
DRV - File not found [Kernel | On_Demand] --  -- (XDva352)
DRV - File not found [Kernel | On_Demand] --  -- (XDva349)
DRV - File not found [Kernel | On_Demand] --  -- (XDva347)
DRV - File not found [Kernel | On_Demand] --  -- (XDva346)
DRV - File not found [Kernel | On_Demand] --  -- (XDva343)
DRV - File not found [Kernel | On_Demand] --  -- (XDva341)
DRV - File not found [Kernel | On_Demand] --  -- (XDva337)
DRV - File not found [Kernel | On_Demand] --  -- (XDva332)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - File not found [Kernel | On_Demand] --  -- (cpuz132)
DRV - [2010/02/03 09:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/08 14:07:55 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/08/18 09:10:58 | 000,012,048 | ---- | M] () [Kernel | On_Demand] -- C:\Users\inti chaski\AppData\Local\Temp\ALHF1DC.tmp -- (GarenaPEngine)
DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/28 14:44:23 | 000,137,344 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2009/02/28 14:44:11 | 000,009,472 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lemsgt.sys -- (lemsgt)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/17 04:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 04:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/07/18 13:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/15 04:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/26 04:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/11/09 09:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/24 06:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 01:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 03:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 03:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 03:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 03:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/04/23 05:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/28 16:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006/11/28 16:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006/11/20 08:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 05:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.netcologne.de
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.netcologne.de
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\inti_chaski_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/02 16:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 17:45:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\inti chaski\AppData\Roaming\12010 [2012/05/22 05:55:49 | 000,000,000 | ---D | M]
 
[2009/01/12 13:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Extensions
[2012/05/02 09:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions
[2010/06/26 13:52:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/26 01:40:57 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/16 11:36:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/16 14:42:50 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/04/16 14:49:33 | 000,000,873 | ---- | M] () -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\searchplugins\conduit.xml
[2012/01/12 10:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/12 10:02:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2012/05/22 05:55:49 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\INTI CHASKI\APPDATA\ROAMING\12010
[2012/05/02 16:10:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 17:45:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/24 17:45:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/24 17:45:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/24 17:45:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009/12/09 05:46:54 | 000,000,832 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearch.xml
[2012/02/24 17:45:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/24 17:45:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Little Fighter 2 Toolbar Helper) - {AE90C38C-97CF-4696-B290-C7973DC9675E} -  File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
O3 - HKLM\..\Toolbar: (Little Fighter 2 Toolbar) - {C3CD744D-2FAE-4640-8297-16B5DA423104} -  File not found
O3 - HKU\inti_chaski_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\inti_chaski_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\inti_chaski_ON_C\..\Toolbar\WebBrowser: (Little Fighter 2 Toolbar) - {C3CD744D-2FAE-4640-8297-16B5DA423104} -  File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [Google EULA Launcher]  File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\inti_chaski_ON_C..\Run: [Akamai NetSession Interface] C:\Users\inti chaski\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\inti_chaski_ON_C..\Run: [ALYQ3CgTRBSYLwE] C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O4 - HKU\inti_chaski_ON_C..\Run: [Firewall Administrating]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [gema]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [KPeerNexonEU]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [Userinit] C:\Users\inti chaski\AppData\Roaming\appconf32.exe ()
O4 - HKU\inti_chaski_ON_C..\Run: [vasja] C:\Users\inti chaski\AppData\Local\Temp\wpbt0.dll ()
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\inti chaski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} -  File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\inti_chaski_ON_C Winlogon: Shell - (C:\Users\inti chaski\AppData\Roaming\bauesch.exe) - C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O20 - HKU\inti_chaski_ON_C Winlogon: UserInit - (C:\Users\inti chaski\AppData\Roaming\bauesch.exe) - C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{54c9b3b6-762b-11df-9298-8a955677badc}\Shell - "" = AutoRun
O33 - MountPoints2\{54c9b3b6-762b-11df-9298-8a955677badc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{a20f1e95-0f98-11e0-80e9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\inti chaski\AppData\Roaming\*.tmp files -> C:\Users\inti chaski\AppData\Roaming\*.tmp -> ]
[1 C:\Users\inti chaski\AppData\Local\*.tmp files -> C:\Users\inti chaski\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/15 12:57:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/15 12:56:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/15 12:56:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/15 12:56:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/15 12:55:58 | 2009,079,808 | -HS- | M] () -- C:\hiberfil.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\inti chaski\AppData\Roaming\*.tmp files -> C:\Users\inti chaski\AppData\Roaming\*.tmp -> ]
[1 C:\Users\inti chaski\AppData\Local\*.tmp files -> C:\Users\inti chaski\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/15 11:03:24 | 2009,079,808 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/22 08:44:18 | 000,230,400 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\bauesch.exe
[2012/05/22 05:55:38 | 000,370,144 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\AcroIEHelpe127.dll
[2012/05/22 05:55:38 | 000,007,016 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\BAcroIEHelpe127.dll
[2012/05/17 20:56:47 | 000,000,080 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\blckdom.res
[2010/03/08 14:28:34 | 000,000,552 | ---- | C] () -- C:\Users\inti chaski\AppData\Local\d3d8caps.dat
[2009/07/22 09:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2009/05/26 14:39:01 | 000,000,301 | ---- | C] () -- C:\Windows\thug2.ini
[2009/05/02 21:02:05 | 000,000,680 | ---- | C] () -- C:\Users\inti chaski\AppData\Local\d3d9caps.dat
[2009/04/19 07:22:46 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe
[2009/02/28 14:44:23 | 000,137,344 | ---- | C] () -- C:\Windows\System32\drivers\hwpsgt.sys
[2009/02/28 14:44:11 | 000,009,472 | ---- | C] () -- C:\Windows\System32\drivers\lemsgt.sys
[2009/02/24 07:36:27 | 000,000,000 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\wklnhst.dat
[2009/01/08 14:42:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/08 14:42:14 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/24 15:25:39 | 000,025,600 | ---- | C] () -- C:\Users\inti chaski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/24 15:15:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/12/09 11:23:13 | 000,050,208 | RHS- | C] () -- C:\Users\inti chaski\AppData\Roaming\appconf32.exe
[2008/11/25 05:40:58 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/11/25 05:40:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/11/25 05:40:58 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/11/25 05:40:58 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/13 07:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/13 07:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/13 07:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/13 07:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/13 07:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/13 07:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/13 07:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/13 07:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/13 07:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/13 07:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/13 07:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/13 06:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/21 04:21:25 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 04:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 04:21:25 | 000,131,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 04:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,373,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,600,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012/05/17 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\12008
[2012/05/21 10:38:12 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\12009
[2012/05/22 05:55:49 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\12010
[2011/05/01 10:04:45 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\3404004
[2011/01/01 09:44:52 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\Ableton
[2012/01/08 08:18:34 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\Cycling '74
[2011/05/09 10:20:09 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\DataCast
[2010/08/16 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\DVDVideoSoftIEHelpers
[2008/12/26 13:00:10 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\FairStars CD Ripper
[2012/02/24 10:15:11 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\gema
[2009/06/07 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\gtk-2.0
[2012/05/17 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\kock
[2012/01/07 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\LolClient
[2009/04/06 04:40:14 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\myphotobook
[2009/02/01 06:27:32 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\TOSHIBA
[2010/11/02 14:19:28 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\Ulead Systems
[2012/05/17 20:56:30 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\xmldm
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/05/21 13:14:20 | 000,000,000 | ---D | M] -- C:\ProgramData\gema
[2010/03/19 16:46:52 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2011/05/20 10:32:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2011/05/20 10:32:44 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonEU
[2010/09/06 14:12:11 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2012/04/04 11:00:48 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/12/16 15:32:21 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/11/25 05:41:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2008/12/24 15:12:41 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2008/08/13 07:58:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/08/23 10:51:01 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/08/13 08:24:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/04/14 19:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2012/01/31 20:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012/05/21 17:39:25 | 000,032,518 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/17 10:42:57 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2DD28428-2274-4814-B3B2-8D8262715328}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
< End of report >
--- --- ---

[/code]

cosinus 18.10.2012 20:35
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKU\inti_chaski_ON_C..\Run: [ALYQ3CgTRBSYLwE] C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O4 - HKU\inti_chaski_ON_C..\Run: [Firewall Administrating]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [gema]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [KPeerNexonEU]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [Userinit] C:\Users\inti chaski\AppData\Roaming\appconf32.exe ()
O4 - HKU\inti_chaski_ON_C..\Run: [vasja] C:\Users\inti chaski\AppData\Local\Temp\wpbt0.dll ()
O4 - Startup: C:\Users\inti chaski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\inti_chaski_ON_C Winlogon: Shell - (C:\Users\inti chaski\AppData\Roaming\bauesch.exe) - C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O20 - HKU\inti_chaski_ON_C Winlogon: UserInit - (C:\Users\inti chaski\AppData\Roaming\bauesch.exe) - C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
:Files
C:\Users\inti chaski\AppData\Roaming\bauesch.exe
C:\Users\inti chaski\AppData\Roaming\AcroIEHelpe127.dll
C:\Users\inti chaski\AppData\Roaming\BAcroIEHelpe127.dll
C:\Users\inti chaski\AppData\Roaming\blckdom.res
C:\Users\inti chaski\AppData\Roaming\12008
C:\Users\inti chaski\AppData\Roaming\12009
C:\Users\inti chaski\AppData\Roaming\12010
C:\Users\inti chaski\AppData\Roaming\3404004
C:\Users\inti chaski\AppData\Roaming\kock
C:\Users\inti chaski\AppData\Roaming\xmldm
C:\Users\inti chaski\AppData\Roaming\UAs
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131