Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "please wait the connection is being established" - vista 32 bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.10.2012, 17:17   #1
CptArrgh
 
"please wait the connection is being established" - vista 32 bit - Standard

"please wait the connection is being established" - vista 32 bit



Mir wurde von meinen Nachbarn ein computer gegeben der mit dem Virus verseucht ist, welcher beim Starten einen weißen Bildschirm liefert auf dem "please wait the connection is being established" steht.
Dies scheint ein gäniger Virus zus sein. Doch da die meisten Lösungen nur individuel für die Problembeschreibenen gemacht wurden, dachte ich das ich mein Probem hier auch mal poste.

Ich habe bereits verucht ein OTLPE txt file zu erstellen, doch wenn ich auf dem infizierten Computer auf den Shortcut names OTLPE klicke und das Laufwerg auf dem Vista ist anklicke sagt mir das Pogramm dass meine Windows version "2000 or later" ist.

Danke im Vorraus für Hilfe.

Alt 16.10.2012, 12:47   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"please wait the connection is being established" - vista 32 bit - Standard

"please wait the connection is being established" - vista 32 bit



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 17.10.2012, 08:23   #3
CptArrgh
 
"please wait the connection is being established" - vista 32 bit - Standard

"please wait the connection is being established" - vista 32 bit



Ne, der abgesicherte Modus funktioniert nicht.
__________________

Alt 17.10.2012, 15:31   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"please wait the connection is being established" - vista 32 bit - Standard

"please wait the connection is being established" - vista 32 bit



Dann weiter mit OTLPE

Zitat:
Ich habe bereits verucht ein OTLPE txt file zu erstellen, doch wenn ich auf dem infizierten Computer auf den Shortcut names OTLPE klicke und das Laufwerg auf dem Vista ist anklicke sagt mir das Pogramm dass meine Windows version "2000 or later" ist.

Diese Meldung bekommt man wenn man nicht wie in der Anleitung beschrieben den Windows-Ordner auswählt sondern einfach nur die Windowspartition
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.10.2012, 09:35   #5
CptArrgh
 
"please wait the connection is being established" - vista 32 bit - Standard

"please wait the connection is being established" - vista 32 bit



Okay hier ist die Datei, eine Extras.txt Datei wurde aber nicht erstellt also nur diese eine.

Danke schonmal im Vorraus.


Alt 18.10.2012, 12:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"please wait the connection is being established" - vista 32 bit - Standard

"please wait the connection is being established" - vista 32 bit



Die Logs bitte nur in den Anhang (gezippt) legen, wenn sie zu groß sind um direkt gepostet zu werden!
Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher übersichtlicher und man spart sich ne Menge Rumklickerei

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> "please wait the connection is being established" - vista 32 bit

Alt 18.10.2012, 18:42   #7
CptArrgh
 
"please wait the connection is being established" - vista 32 bit - Standard

"please wait the connection is being established" - vista 32 bit



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/17/2012 8:17:48 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 9.20 Gb Free Space | 16.53% Space Free | Partition Type: NTFS
Drive D: | 54.66 Gb Total Space | 9.65 Gb Free Space | 17.65% Space Free | Partition Type: NTFS
Drive E: | 14.92 Gb Total Space | 14.81 Gb Free Space | 99.23% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (gusvc)
SRV - File not found [On_Demand] --  -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - File not found [Auto] --  -- (gupdate) Google Update Service (gupdate)
SRV - [2012/05/20 14:18:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/02 16:10:54 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/27 19:05:40 | 003,417,376 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2010/03/09 20:01:00 | 003,589,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/05 16:05:46 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/18 15:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 04:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/16 18:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 09:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/24 20:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 11:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/09 10:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/11/21 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/08/23 22:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 06:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 20:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/24 19:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 06:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 09:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2006/08/23 10:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (XDva375)
DRV - File not found [Kernel | On_Demand] --  -- (XDva370)
DRV - File not found [Kernel | On_Demand] --  -- (XDva362)
DRV - File not found [Kernel | On_Demand] --  -- (XDva358)
DRV - File not found [Kernel | On_Demand] --  -- (XDva352)
DRV - File not found [Kernel | On_Demand] --  -- (XDva349)
DRV - File not found [Kernel | On_Demand] --  -- (XDva347)
DRV - File not found [Kernel | On_Demand] --  -- (XDva346)
DRV - File not found [Kernel | On_Demand] --  -- (XDva343)
DRV - File not found [Kernel | On_Demand] --  -- (XDva341)
DRV - File not found [Kernel | On_Demand] --  -- (XDva337)
DRV - File not found [Kernel | On_Demand] --  -- (XDva332)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - File not found [Kernel | On_Demand] --  -- (cpuz132)
DRV - [2010/02/03 09:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/08 14:07:55 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/08/18 09:10:58 | 000,012,048 | ---- | M] () [Kernel | On_Demand] -- C:\Users\inti chaski\AppData\Local\Temp\ALHF1DC.tmp -- (GarenaPEngine)
DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/28 14:44:23 | 000,137,344 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2009/02/28 14:44:11 | 000,009,472 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lemsgt.sys -- (lemsgt)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/17 04:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 04:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/07/18 13:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/15 04:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/26 04:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/11/09 09:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/24 06:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 01:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 03:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 03:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 03:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 03:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/04/23 05:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/28 16:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006/11/28 16:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006/11/20 08:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 05:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.netcologne.de
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.netcologne.de
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\inti_chaski_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\inti_chaski_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/02 16:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 17:45:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\inti chaski\AppData\Roaming\12010 [2012/05/22 05:55:49 | 000,000,000 | ---D | M]
 
[2009/01/12 13:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Extensions
[2012/05/02 09:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions
[2010/06/26 13:52:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/26 01:40:57 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/16 11:36:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/16 14:42:50 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/04/16 14:49:33 | 000,000,873 | ---- | M] () -- C:\Users\inti chaski\AppData\Roaming\Mozilla\Firefox\Profiles\c10mdd27.default\searchplugins\conduit.xml
[2012/01/12 10:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/12 10:02:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
[2012/05/22 05:55:49 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\INTI CHASKI\APPDATA\ROAMING\12010
[2012/05/02 16:10:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 17:45:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/24 17:45:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/24 17:45:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/24 17:45:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009/12/09 05:46:54 | 000,000,832 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearch.xml
[2012/02/24 17:45:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/24 17:45:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Little Fighter 2 Toolbar Helper) - {AE90C38C-97CF-4696-B290-C7973DC9675E} -  File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
O3 - HKLM\..\Toolbar: (Little Fighter 2 Toolbar) - {C3CD744D-2FAE-4640-8297-16B5DA423104} -  File not found
O3 - HKU\inti_chaski_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\inti_chaski_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\inti_chaski_ON_C\..\Toolbar\WebBrowser: (Little Fighter 2 Toolbar) - {C3CD744D-2FAE-4640-8297-16B5DA423104} -  File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [Google EULA Launcher]  File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\inti_chaski_ON_C..\Run: [Akamai NetSession Interface] C:\Users\inti chaski\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\inti_chaski_ON_C..\Run: [ALYQ3CgTRBSYLwE] C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O4 - HKU\inti_chaski_ON_C..\Run: [Firewall Administrating]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [gema]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [KPeerNexonEU]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [Userinit] C:\Users\inti chaski\AppData\Roaming\appconf32.exe ()
O4 - HKU\inti_chaski_ON_C..\Run: [vasja] C:\Users\inti chaski\AppData\Local\Temp\wpbt0.dll ()
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\inti chaski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} -  File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\inti_chaski_ON_C Winlogon: Shell - (C:\Users\inti chaski\AppData\Roaming\bauesch.exe) - C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O20 - HKU\inti_chaski_ON_C Winlogon: UserInit - (C:\Users\inti chaski\AppData\Roaming\bauesch.exe) - C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{54c9b3b6-762b-11df-9298-8a955677badc}\Shell - "" = AutoRun
O33 - MountPoints2\{54c9b3b6-762b-11df-9298-8a955677badc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{a20f1e95-0f98-11e0-80e9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\inti chaski\AppData\Roaming\*.tmp files -> C:\Users\inti chaski\AppData\Roaming\*.tmp -> ]
[1 C:\Users\inti chaski\AppData\Local\*.tmp files -> C:\Users\inti chaski\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/15 12:57:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/15 12:56:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/15 12:56:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/15 12:56:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/15 12:55:58 | 2009,079,808 | -HS- | M] () -- C:\hiberfil.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\inti chaski\AppData\Roaming\*.tmp files -> C:\Users\inti chaski\AppData\Roaming\*.tmp -> ]
[1 C:\Users\inti chaski\AppData\Local\*.tmp files -> C:\Users\inti chaski\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/15 11:03:24 | 2009,079,808 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/22 08:44:18 | 000,230,400 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\bauesch.exe
[2012/05/22 05:55:38 | 000,370,144 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\AcroIEHelpe127.dll
[2012/05/22 05:55:38 | 000,007,016 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\BAcroIEHelpe127.dll
[2012/05/17 20:56:47 | 000,000,080 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\blckdom.res
[2010/03/08 14:28:34 | 000,000,552 | ---- | C] () -- C:\Users\inti chaski\AppData\Local\d3d8caps.dat
[2009/07/22 09:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2009/05/26 14:39:01 | 000,000,301 | ---- | C] () -- C:\Windows\thug2.ini
[2009/05/02 21:02:05 | 000,000,680 | ---- | C] () -- C:\Users\inti chaski\AppData\Local\d3d9caps.dat
[2009/04/19 07:22:46 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe
[2009/02/28 14:44:23 | 000,137,344 | ---- | C] () -- C:\Windows\System32\drivers\hwpsgt.sys
[2009/02/28 14:44:11 | 000,009,472 | ---- | C] () -- C:\Windows\System32\drivers\lemsgt.sys
[2009/02/24 07:36:27 | 000,000,000 | ---- | C] () -- C:\Users\inti chaski\AppData\Roaming\wklnhst.dat
[2009/01/08 14:42:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/08 14:42:14 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/24 15:25:39 | 000,025,600 | ---- | C] () -- C:\Users\inti chaski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/24 15:15:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/12/09 11:23:13 | 000,050,208 | RHS- | C] () -- C:\Users\inti chaski\AppData\Roaming\appconf32.exe
[2008/11/25 05:40:58 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/11/25 05:40:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/11/25 05:40:58 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/11/25 05:40:58 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/13 07:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/13 07:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/13 07:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/13 07:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/13 07:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/13 07:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/13 07:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/13 07:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/13 07:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/13 07:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/13 07:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/13 06:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/21 04:21:25 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 04:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 04:21:25 | 000,131,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 04:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,373,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,600,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012/05/17 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\12008
[2012/05/21 10:38:12 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\12009
[2012/05/22 05:55:49 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\12010
[2011/05/01 10:04:45 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\3404004
[2011/01/01 09:44:52 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\Ableton
[2012/01/08 08:18:34 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\Cycling '74
[2011/05/09 10:20:09 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\DataCast
[2010/08/16 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\DVDVideoSoftIEHelpers
[2008/12/26 13:00:10 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\FairStars CD Ripper
[2012/02/24 10:15:11 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\gema
[2009/06/07 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\gtk-2.0
[2012/05/17 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\kock
[2012/01/07 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\LolClient
[2009/04/06 04:40:14 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\myphotobook
[2009/02/01 06:27:32 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\TOSHIBA
[2010/11/02 14:19:28 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\Ulead Systems
[2012/05/17 20:56:30 | 000,000,000 | ---D | M] -- C:\Users\inti chaski\AppData\Roaming\xmldm
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/05/21 13:14:20 | 000,000,000 | ---D | M] -- C:\ProgramData\gema
[2010/03/19 16:46:52 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2011/05/20 10:32:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2011/05/20 10:32:44 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonEU
[2010/09/06 14:12:11 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2012/04/04 11:00:48 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/12/16 15:32:21 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/11/25 05:41:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2008/12/24 15:12:41 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2008/08/13 07:58:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/12/24 15:08:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/08/23 10:51:01 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/08/13 08:24:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/04/14 19:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2012/01/31 20:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012/05/21 17:39:25 | 000,032,518 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/17 10:42:57 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2DD28428-2274-4814-B3B2-8D8262715328}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
< End of report >
         
--- --- ---

[/code]

Alt 18.10.2012, 20:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"please wait the connection is being established" - vista 32 bit - Standard

"please wait the connection is being established" - vista 32 bit



Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKU\inti_chaski_ON_C..\Run: [ALYQ3CgTRBSYLwE] C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O4 - HKU\inti_chaski_ON_C..\Run: [Firewall Administrating]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [gema]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [KPeerNexonEU]  File not found
O4 - HKU\inti_chaski_ON_C..\Run: [Userinit] C:\Users\inti chaski\AppData\Roaming\appconf32.exe ()
O4 - HKU\inti_chaski_ON_C..\Run: [vasja] C:\Users\inti chaski\AppData\Local\Temp\wpbt0.dll ()
O4 - Startup: C:\Users\inti chaski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\inti_chaski_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\inti_chaski_ON_C Winlogon: Shell - (C:\Users\inti chaski\AppData\Roaming\bauesch.exe) - C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
O20 - HKU\inti_chaski_ON_C Winlogon: UserInit - (C:\Users\inti chaski\AppData\Roaming\bauesch.exe) - C:\Users\inti chaski\AppData\Roaming\bauesch.exe ()
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
:Files
C:\Users\inti chaski\AppData\Roaming\bauesch.exe
C:\Users\inti chaski\AppData\Roaming\AcroIEHelpe127.dll
C:\Users\inti chaski\AppData\Roaming\BAcroIEHelpe127.dll
C:\Users\inti chaski\AppData\Roaming\blckdom.res
C:\Users\inti chaski\AppData\Roaming\12008
C:\Users\inti chaski\AppData\Roaming\12009
C:\Users\inti chaski\AppData\Roaming\12010
C:\Users\inti chaski\AppData\Roaming\3404004
C:\Users\inti chaski\AppData\Roaming\kock
C:\Users\inti chaski\AppData\Roaming\xmldm
C:\Users\inti chaski\AppData\Roaming\UAs
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu "please wait the connection is being established" - vista 32 bit
32 bit, beim starten, bildschirm, computer, connection, erstellen, file, gen, infizierte, infizierten, klicke, liefert, lösungen, nachbar, please, schei, starte, starten, verseucht, version, virus, virus verseucht, vista, weiße, windows




Ähnliche Themen: "please wait the connection is being established" - vista 32 bit


  1. Weisser Bildschirm und "please wait while the connection ist being established"
    Log-Analyse und Auswertung - 07.02.2015 (21)
  2. Weisser Bildschirm und die Meldung "please wait while the connection is being established"
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (10)
  3. Weißer Bildschirm "Please wait while the connection is being established"
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  4. Trojaner "please wait while the connection is being established" unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (19)
  5. Zugriff auf Rechner blockiert-White Screen+"Please wait while the connection is being established"
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (22)
  6. Weißer Bildschirm "Please wait while the connection is beeing established"
    Log-Analyse und Auswertung - 13.06.2012 (3)
  7. Weißer Bildschirm "Please wait while the connection is beeing established"
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (22)
  8. weißer Bildschirm mit der Meldung "Please wait while the connection is being established"
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (6)
  9. "Wait while the connection is been established" - Virus/Freezer/Trojaner/...
    Plagegeister aller Art und deren Bekämpfung - 19.05.2012 (1)
  10. Windows Desktop blockiert - white screen - "Please wait while the connection is beeing established"
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (21)
  11. "please wait while the connection is being established" - weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (17)
  12. weißer Bildschirm mit der Meldung "Please wait while the connection is being established"
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (7)
  13. Fehlermeldung: "Please wait while the connection is being established" und Weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (1)
  14. Fehlermeldung: "Please wait while the connection is being established" und Weißer Bildschirm
    Log-Analyse und Auswertung - 01.04.2012 (5)
  15. Weißer Bildschirm "Please wait while the connection is beeing established"
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (25)
  16. Weißer Bildschirm mit Fehlermeldung "Please wait while connection is being established"
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (17)
  17. Weißer Bildschirm "Please wait while the connection is beeing established"
    Log-Analyse und Auswertung - 24.03.2012 (11)

Zum Thema "please wait the connection is being established" - vista 32 bit - Mir wurde von meinen Nachbarn ein computer gegeben der mit dem Virus verseucht ist, welcher beim Starten einen weißen Bildschirm liefert auf dem "please wait the connection is being established" - "please wait the connection is being established" - vista 32 bit...
Archiv
Du betrachtest: "please wait the connection is being established" - vista 32 bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.