Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Log-Analyse und Auswertung: UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 28.08.2013, 12:03   #1
borussiamg19
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Hallo,

ich habe mir diesen Ukash-Virus eingefangen und habe schon den OTL-Scan gemacht. Könnt Ihr mir da nochmal helfen? Zwischenzeitlich war der übrigens weg...

Hier der OTL-Scan:-danke im voraus:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/27/2013 5:38:20 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.08 Gb Total Space | 158.80 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 5.70 Gb Free Space | 28.53% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (Winmgmt)
SRV - File not found [Auto] --  -- (HWDeviceService.exe)
SRV - [2013/08/02 03:04:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/14 08:45:42 | 000,224,096 | ---- | M] () [Auto] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/07/21 05:48:29 | 000,246,112 | ---- | M] () [Auto] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/08/27 04:13:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/14 08:45:48 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2013/01/14 08:45:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2012/07/21 05:48:33 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/07/21 05:48:32 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/07/21 05:48:32 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/07/21 05:48:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/07/21 05:48:32 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/07/21 05:48:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/21 05:48:32 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/07/21 05:48:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2008/12/04 13:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 16:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 19:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/24 23:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:36226
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/04/20 17:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2013/01/14 08:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 03:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/29 03:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 03:43:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 03:43:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/29 03:43:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 03:43:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/29 03:43:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/29 03:43:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/29 03:43:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\admin_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/27 04:13:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/17 07:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/17 07:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/17 07:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/08/09 04:58:45 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg4
[2013/08/09 04:52:17 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg3
[2013/08/09 04:52:06 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg2
[2013/08/09 04:51:58 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg1
[2013/08/09 04:41:53 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\norman
[2013/08/02 03:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/30 22:36:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/27 10:28:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/27 10:28:25 | 000,008,268 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2013/08/27 10:28:02 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/27 10:27:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 10:27:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 10:27:34 | 2142,109,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/27 08:38:16 | 000,000,946 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\perdbgmwlaviwtqpbel.lnk
[2013/08/27 08:30:59 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/27 07:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/27 06:01:59 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/27 06:01:59 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/27 06:01:59 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/27 06:01:59 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/27 05:56:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/08/27 04:13:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/17 07:31:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/06 02:22:31 | 000,001,959 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/05 03:59:23 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2013/08/05 03:31:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/08/02 03:04:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/02 03:04:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/27 08:38:16 | 000,000,946 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\perdbgmwlaviwtqpbel.lnk
[2013/08/02 03:05:21 | 000,001,959 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/30 18:18:33 | 2142,109,696 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/17 08:04:09 | 000,000,017 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\blckdom.res
[2012/08/04 10:57:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/04/24 11:21:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/14 14:05:52 | 000,008,268 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2012/02/04 03:24:31 | 000,000,316 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Public (2).lnk
[2011/08/03 15:46:25 | 000,026,624 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/06/19 06:19:36 | 000,228,719 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/06/19 06:19:36 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/06/12 13:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 13:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/09 19:45:10 | 000,003,584 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:45:03 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/06/09 19:45:03 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\CF8102F615.sys
[2009/04/20 15:54:41 | 000,628,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/20 15:54:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/20 15:54:41 | 000,126,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/20 15:54:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/20 06:34:58 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/04/20 06:24:57 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/04/20 06:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,396,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2012/10/17 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.089
[2012/10/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.090
[2012/10/22 09:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.091
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ezat
[2012/05/20 10:51:25 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Fasuf
[2013/08/01 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\IBP
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\ICQ
[2012/12/20 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Icypun
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ihinqa
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Imhu
[2013/07/25 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Jpeg Resampler
[2012/10/17 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\kock
[2012/12/20 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\MediaMonkey
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Mohy
[2012/12/20 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ofely
[2012/05/14 03:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Oflev
[2012/07/02 11:07:46 | 000,000,000 | RHSD | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\System32
[2013/01/14 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\T-Mobile
[2012/05/17 04:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Taepwo
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\TeamViewer
[2012/10/18 03:18:35 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UAs
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Umgyi
[2013/08/17 07:46:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UseNeXT
[2012/10/17 08:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\xmldm
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Yrepw
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/08/27 05:56:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

LG

Alt 28.08.2013, 12:22   #2
schrauber
/// the machine
/// TB-Ausbilder
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________
Alt 28.08.2013, 12:43   #3
borussiamg19
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


sorry, krieg ich nicht hin. dafür bin ich wohl zu sehr Anfänger... komme nicht mal in den Reparaturmodus trotz 10maligen Versuches....;-(

geht da evt .auch was über die Fix-Option bei OTL?
LG
__________________
Alt 28.08.2013, 16:47   #4
schrauber
/// the machine
/// TB-Ausbilder
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Wenn OTL den Schädling zeigen würde, ja

Tut es aber nit. Was genau ist denn dein Problem?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.09.2013, 16:43   #5
borussiamg19
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Hallo Schrauber,

jetzt war er kurz weg um wiederzukommen :-(:

Neuer OTL-Scan bringt das OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/12/2013 7:34:52 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.08 Gb Total Space | 157.28 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 5.70 Gb Free Space | 28.53% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (HWDeviceService.exe)
SRV - [2013/09/12 02:48:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/14 08:45:42 | 000,224,096 | ---- | M] () [Auto] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/07/21 05:48:29 | 000,246,112 | ---- | M] () [Auto] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/14 08:45:48 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2013/01/14 08:45:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2012/07/21 05:48:33 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/07/21 05:48:32 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/07/21 05:48:32 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/07/21 05:48:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/07/21 05:48:32 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/07/21 05:48:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/21 05:48:32 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/07/21 05:48:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2008/12/04 13:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 16:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 19:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/24 23:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:36226
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/04/20 17:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2013/01/14 08:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 03:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/29 03:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 03:43:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 03:43:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/29 03:43:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 03:43:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/29 03:43:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/29 03:43:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/29 03:43:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\admin_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Rxa1gKilRsOh] C:\Users\Tel 02166-846678\AppData\Local\fvJcrgR.exe ()
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (C:\Users\Tel 02166-846678\AppData\Roaming\data.dat) - C:\Users\Tel 02166-846678\AppData\Roaming\data.dat ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/12 02:48:08 | 008,784,264 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/09/05 05:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(6)
[2013/09/05 05:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(7)
[2013/09/04 09:33:58 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\70
[2013/08/17 07:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(4)
[2013/08/17 07:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(5)
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/12 12:00:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/12 12:00:30 | 000,000,004 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\settings.ini
[2013/09/12 11:59:55 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/12 11:59:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/12 11:59:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/12 11:59:24 | 2140,049,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/12 10:31:03 | 000,008,268 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2013/09/12 10:31:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/12 10:30:37 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/09/12 10:30:37 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/12 10:30:37 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/09/12 10:30:37 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/12 07:37:41 | 000,180,819 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f
[2013/09/12 07:37:36 | 000,138,240 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\fvJcrgR.exe
[2013/09/12 06:48:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/12 06:17:38 | 216,518,976 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/12 02:48:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/12 02:48:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/12 02:48:08 | 008,784,264 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/09/11 11:22:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/09/10 12:15:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/10 12:15:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/03 08:29:43 | 095,025,368 | ---- | M] () -- C:\Users\Tel 02166-846678\Desktop\70rrjbnzj.pff
[2013/09/03 08:29:27 | 000,000,000 | ---- | M] () -- C:\Users\Tel 02166-846678\Desktop\70rrjbnzj.ctrl
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/12 11:59:24 | 2140,049,408 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/12 10:31:00 | 000,000,004 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\settings.ini
[2013/09/12 07:37:41 | 000,180,819 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f
[2013/09/12 07:37:38 | 000,138,240 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\fvJcrgR.exe
[2013/09/12 06:17:38 | 216,518,976 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/03 08:29:27 | 000,000,000 | ---- | C] () -- C:\Users\Tel 02166-846678\Desktop\70rrjbnzj.ctrl
[2013/09/03 08:29:20 | 095,025,368 | ---- | C] () -- C:\Users\Tel 02166-846678\Desktop\70rrjbnzj.pff
[2012/10/17 08:04:09 | 000,000,017 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\blckdom.res
[2012/08/04 10:57:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/04/24 11:21:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/14 14:05:52 | 000,008,268 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2012/02/04 03:24:31 | 000,000,316 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Public (2).lnk
[2012/01/11 06:27:13 | 000,059,920 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\data.dat
[2011/08/03 15:46:25 | 000,026,624 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/06/19 06:19:36 | 000,228,719 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/06/19 06:19:36 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/06/12 13:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 13:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/09 19:45:10 | 000,003,584 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:45:03 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/06/09 19:45:03 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\CF8102F615.sys
[2009/04/20 15:54:41 | 000,628,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/20 15:54:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/20 15:54:41 | 000,126,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/20 15:54:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/20 06:34:58 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/04/20 06:24:57 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/04/20 06:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,396,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2012/10/17 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.089
[2012/10/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.090
[2012/10/22 09:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.091
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ezat
[2012/05/20 10:51:25 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Fasuf
[2013/08/01 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\IBP
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\ICQ
[2012/12/20 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Icypun
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ihinqa
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Imhu
[2013/07/25 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Jpeg Resampler
[2012/10/17 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\kock
[2012/12/20 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\MediaMonkey
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Mohy
[2012/12/20 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ofely
[2012/05/14 03:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Oflev
[2012/07/02 11:07:46 | 000,000,000 | RHSD | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\System32
[2013/01/14 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\T-Mobile
[2012/05/17 04:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Taepwo
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\TeamViewer
[2012/10/18 03:18:35 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UAs
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Umgyi
[2013/09/04 09:57:23 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UseNeXT
[2012/10/17 08:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\xmldm
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Yrepw
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/09/11 11:22:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


LG
Heiko


Alt 13.09.2013, 07:52   #6
schrauber
/// the machine
/// TB-Ausbilder
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - HKU\Tel_02166-846678_ON_C..\Run: [Rxa1gKilRsOh] C:\Users\Tel 02166-846678\AppData\Local\fvJcrgR.exe ()
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (C:\Users\Tel 02166-846678\AppData\Roaming\data.dat) - C:\Users\Tel 02166-846678\AppData\Roaming\data.dat ()
:files
C:\Users\Tel 02166-846678\AppData\Roaming\data.dat
C:\Users\Tel 02166-846678\AppData\Roaming\data.ini
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich

Alt 16.09.2013, 07:35   #7
borussiamg19
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Hallo Schrauber,

besten Dank, anbei das Ergebnis:

========== OTL ==========
Registry value HKEY_USERS\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Rxa1gKilRsOh deleted successfully.
C:\Users\Tel 02166-846678\AppData\Local\fvJcrgR.exe moved successfully.
Registry value HKEY_USERS\Tel_02166-846678_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Tel 02166-846678\AppData\Roaming\data.dat deleted successfully.
C:\Users\Tel 02166-846678\AppData\Roaming\data.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Tel 02166-846678\AppData\Roaming\data.dat not found.
File\Folder C:\Users\Tel 02166-846678\AppData\Roaming\data.ini not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 09162013_123039


Vielen Dan k und Gruss
H.

Alt 16.09.2013, 10:30   #8
schrauber
/// the machine
/// TB-Ausbilder
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Startet der Rechner wieder normal?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.09.2013, 12:51   #9
borussiamg19
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


hallo schrauber,

also entweder kommt der Virus immer wieder oder kanne s sein, daß ich mir das beim Musikladen über usenext immer wieder einfange?

Hier ist leider wieder der nächste OTL-Report:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/27/2013 12:45:39 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.08 Gb Total Space | 154.25 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 5.70 Gb Free Space | 28.53% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (HWDeviceService.exe)
SRV - [2013/09/20 07:48:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/14 08:45:42 | 000,224,096 | ---- | M] () [Auto] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/07/21 05:48:29 | 000,246,112 | ---- | M] () [Auto] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/14 08:45:48 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2013/01/14 08:45:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2012/07/21 05:48:33 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/07/21 05:48:32 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/07/21 05:48:32 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/07/21 05:48:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/07/21 05:48:32 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/07/21 05:48:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/21 05:48:32 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/07/21 05:48:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2008/12/04 13:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 16:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 19:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/24 23:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:36226
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/04/20 17:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2013/01/14 08:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 03:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/29 03:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 03:43:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 03:43:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/29 03:43:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 03:43:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/29 03:43:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/29 03:43:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/29 03:43:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\admin_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (C:\Users\Tel 02166-846678\AppData\Roaming\data.dat) - C:\Users\Tel 02166-846678\AppData\Roaming\data.dat ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/12 02:48:08 | 003,723,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/09/05 05:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(6)
[2013/09/05 05:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(7)
[2013/09/04 09:33:58 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\70
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/27 05:14:25 | 000,000,004 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\settings.ini
[2013/09/27 05:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/27 05:13:31 | 000,008,268 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2013/09/27 05:12:30 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/27 05:12:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/27 05:12:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/27 05:12:04 | 2142,109,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/27 03:31:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/27 03:21:03 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/27 03:21:02 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/09/27 03:21:02 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/09/27 03:21:02 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/25 11:35:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/09/25 10:48:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 07:48:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/20 07:48:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/20 07:48:24 | 003,723,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/09/12 07:37:41 | 000,180,819 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f
[2013/09/12 06:17:38 | 216,518,976 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/10 12:15:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/10 12:15:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/03 08:29:43 | 095,025,368 | ---- | M] () -- C:\Users\Tel 02166-846678\Desktop\70rrjbnzj.pff
[2013/09/03 08:29:27 | 000,000,000 | ---- | M] () -- C:\Users\Tel 02166-846678\Desktop\70rrjbnzj.ctrl
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/27 05:12:04 | 2142,109,696 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/12 10:31:00 | 000,000,004 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\settings.ini
[2013/09/12 07:37:41 | 000,180,819 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f
[2013/09/12 06:17:38 | 216,518,976 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/03 08:29:27 | 000,000,000 | ---- | C] () -- C:\Users\Tel 02166-846678\Desktop\70rrjbnzj.ctrl
[2013/09/03 08:29:20 | 095,025,368 | ---- | C] () -- C:\Users\Tel 02166-846678\Desktop\70rrjbnzj.pff
[2012/10/17 08:04:09 | 000,000,017 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\blckdom.res
[2012/08/04 10:57:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/04/24 11:21:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/14 14:05:52 | 000,008,268 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2012/02/04 03:24:31 | 000,000,316 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Public (2).lnk
[2012/01/11 06:27:13 | 000,173,056 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\data.dat
[2011/08/03 15:46:25 | 000,026,624 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/06/19 06:19:36 | 000,228,719 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/06/19 06:19:36 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/06/12 13:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 13:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/09 19:45:10 | 000,003,584 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:45:03 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/06/09 19:45:03 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\CF8102F615.sys
[2009/04/20 15:54:41 | 000,628,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/20 15:54:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/20 15:54:41 | 000,126,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/20 15:54:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/20 06:34:58 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/04/20 06:24:57 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/04/20 06:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,396,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2012/10/17 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.089
[2012/10/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.090
[2012/10/22 09:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.091
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ezat
[2012/05/20 10:51:25 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Fasuf
[2013/08/01 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\IBP
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\ICQ
[2012/12/20 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Icypun
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ihinqa
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Imhu
[2013/07/25 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Jpeg Resampler
[2012/10/17 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\kock
[2012/12/20 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\MediaMonkey
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Mohy
[2012/12/20 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ofely
[2012/05/14 03:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Oflev
[2012/07/02 11:07:46 | 000,000,000 | RHSD | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\System32
[2013/01/14 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\T-Mobile
[2012/05/17 04:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Taepwo
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\TeamViewer
[2012/10/18 03:18:35 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UAs
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Umgyi
[2013/09/04 09:57:23 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UseNeXT
[2012/10/17 08:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\xmldm
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Yrepw
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/09/25 11:35:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


Wäre nett, wenn Du den nochmal checken könntest, ichglaube ich lade dann nix mehr.

LG
heiko

Alt 28.09.2013, 08:38   #10
schrauber
/// the machine
/// TB-Ausbilder
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Zitat:
daß ich mir das beim Musikladen über usenext immer wieder einfange?
das is illegal, und die Dinger sind meist verseucht.

Und da Du nie bis zum Ende mit machst ist das Wieder-Verseuchen nur ene Frage der Zeit.

Lass nochmal den gleichen Fix wie oben laufen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.09.2013, 07:11   #11
borussiamg19
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Hallo Schrsaiber,
danke. Was meinstDu mit "nie zu Ende machen".
Hier das Ergebnis:

========== OTL ==========
Registry value HKEY_USERS\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Rxa1gKilRsOh not found.
File C:\Users\Tel 02166-846678\AppData\Local\fvJcrgR.exe not found.
Registry value HKEY_USERS\Tel_02166-846678_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Tel 02166-846678\AppData\Roaming\data.dat deleted successfully.
C:\Users\Tel 02166-846678\AppData\Roaming\data.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Tel 02166-846678\AppData\Roaming\data.dat not found.
File\Folder C:\Users\Tel 02166-846678\AppData\Roaming\data.ini not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 09302013_110124


lg
hEIKO

Alt 30.09.2013, 11:05   #12
schrauber
/// the machine
/// TB-Ausbilder
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


Ich hab am 16ten ne Frage gestellt, danach wäre die bereinigung weiter gegangen. Du hast dich aber erst wieder gemeldet 11 Tage fpäter als die Seuche wieder da war.

Startet der Rechner wieder normal?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich
.dll, administrator, adobe, adobe flash player, autorun, bho, bonjour, desktop, error, explorer, firefox, flash player, format, helper, home, launch, logfile, malwarebytes, microsoft, nvidia, object, plug-in, realtek, registry, ukash, usb, vista, yahoo


« Windows 8: Pup.Optional gefunden | Malwarebytes hat Trojan.Bitminer und Heuristics.Shuriken gefunden! »


Ähnliche Themen: UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


  1. Virus aber Programm findet nichts
    Log-Analyse und Auswertung - 02.04.2015 (3)
  2. OTLPE Scan gemacht, was nun? (AKM-Trojaner?)
    Log-Analyse und Auswertung - 08.02.2015 (15)
  3. Ukash Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (19)
  4. Windows 7: Kaspersky findet nichts aber der Rechner verhält sich sehr auffällig
    Log-Analyse und Auswertung - 31.05.2013 (20)
  5. Masterboot Virus, glaube ich, aber es wird nichts erkannt
    Mülltonne - 11.05.2013 (0)
  6. Ukash Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  7. Bundespolizeitrojaner - Scan ist gemacht - wie weiter
    Plagegeister aller Art und deren Bekämpfung - 19.03.2013 (13)
  8. T-Online sagt Virus aber nichts wird gefunden...
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (5)
  9. Ukash Virus eingefangen
    Log-Analyse und Auswertung - 27.10.2012 (35)
  10. Ukash Polizei Virus eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (29)
  11. Ukash Trojaner eingefangen, OTL-Scan ausgeführt
    Log-Analyse und Auswertung - 19.08.2012 (2)
  12. Bundespolizei Virus (mit Ukash) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (2)
  13. Bundespolizei Virus, OTL Scan gemacht. Wie weiter?
    Log-Analyse und Auswertung - 10.10.2011 (24)
  14. Virus eingefangen aber welcher? Einstellungen ändern sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (1)
  15. Desktop schon lange sichtbar, aber nichts reagiert - Virus?
    Log-Analyse und Auswertung - 26.03.2010 (3)
  16. Ich hoffe, ich hab nichts noch schlimmer gemacht
    Log-Analyse und Auswertung - 26.02.2008 (6)
  17. HiJackThis Scan gemacht und nun?
    Mülltonne - 05.09.2007 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Hallo, ich habe mir diesen Ukash-Virus eingefangen und habe schon den OTL-Scan gemacht. Könnt Ihr mir da nochmal helfen? Zwischenzeitlich war der übrigens weg... Hier der OTL-Scan:-danke im voraus:OTL Logfile: - UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich...
Archiv
Du betrachtest: UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54