Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   bundeskriminalamt trojaner (https://www.trojaner-board.de/101731-bundeskriminalamt-trojaner.html)

ari1604 26.07.2011 16:14
bundeskriminalamt trojaner
 
hey leute hab auch diesen trojaner auf meinem rechner... hab jetzt soweit alles gemacht was ich bei den anderen gelesen habe... werd jetzt meine log und otlpe datei posten und hoffe jemand kann mir sagen wie ich dann weiter machen muss ... am besten so genau wie möglich da ich nicht viel ahnung hiervon hab... vielen dank schon mal

LG ari

cosinus 27.07.2011 11:18
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Cristina_ON_C\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKU\Cristina_ON_C\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\Cristina_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Cristina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Cristina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62465
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={7C97AC97-89BA-5E42-F20E-4C42D5FAC591}&q="
[2011/07/26 08:26:29 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2011/07/26 08:26:38 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/07/12 15:16:18 | 000,000,000 | ---D | M] (Softonic Deutsch Community Toolbar) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010/03/12 12:40:08 | 000,000,000 | ---D | M] (isoHunt Toolbar) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}
[2010/06/25 07:32:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/09/12 07:46:13 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/03/18 16:22:39 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011/06/19 15:57:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com
[2010/03/05 11:44:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\moveplayer@movenetworks.com
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Cristina_ON_C\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKU\Cristina_ON_C\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKU\Cristina_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKU\Cristina_ON_C..\Run: []  File not found
O4 - HKU\Cristina_ON_C..\Run: [{B34B0FC7-41AD-84B0-32D6-89BC05210DEE}]  File not found
O4 - HKU\Cristina_ON_C..\Run: [lrdciv] C:\users\cristina\appdata\local\lrdciv.exe (chondroblaste)
O20 - HKU\Cristina_ON_C Winlogon: Shell - (C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFUOJ3D\contacts[1].exe) - C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFUOJ3D\contacts[1].exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{69b283b3-d3a2-11df-99d6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{69b283b3-d3a2-11df-99d6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Startme.exe
[2011/07/26 08:40:47 | 000,004,401 | ---- | M] () -- C:\Users\Cristina\AppData\Local\lrdciv.dat
[2011/07/26 08:40:28 | 000,004,071 | ---- | M] () -- C:\Users\Cristina\AppData\Local\lrdciv_navps.dat
[2011/07/26 08:26:27 | 000,000,092 | ---- | M] () -- C:\Users\Cristina\AppData\Local\qmwkq.bat
[2011/07/20 00:57:40 | 000,248,578 | ---- | M] () -- C:\Users\Cristina\AppData\Local\lrdciv_nav.dat
:Files
C:\Program Files\BittorrentBar_DE
C:\Program Files\Softonic_Deutsch
C:\Program Files\ConduitEngine
C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFUOJ3D
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

ari1604 27.07.2011 18:44
also nach dem fixen bekomme ich folgendes :

Error: Unable to interpret <:OTL IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKU\Cristina_ON_C\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKU\Cristina_ON_C\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\Cristina_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKU\Cristina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Cristina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0> in the current context!
Error: Unable to interpret <.1:62465 FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={7C97AC97-89BA-5E42-F20E-4C42D5FAC591}&q=" [2011/07/26 08:26:29 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2011/07/26 08:26:38 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011/07/12 15:16:18 | 000,000,000 | ---D | M] (Softonic Deutsch Community Toolbar) > in the current context!
Error: Unable to interpret <-- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010/03/12 12:40:08 | 000,000,000 | ---D | M] (isoHunt Toolbar) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767} [2010/06/25 07:32:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009/09/12 07:46:13 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2010/03/18 16:22:39 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011/06/19 15:57:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cristina\AppData> in the current context!
Error: Unable to interpret <\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com [2010/03/05 11:44:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\moveplayer@movenetworks.com O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-> in the current context!
Error: Unable to interpret <4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKU\Cristina_ON_C\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O3 - HKU\Cristina_ON_C\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKU\Cristina_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Pro> in the current context!
Error: Unable to interpret <gram Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKU\Cristina_ON_C..\Run: [] File not found O4 - HKU\Cristina_ON_C..\Run: [{B34B0FC7-41AD-84B0-32D6-89BC05210DEE}] File not found O4 - HKU\Cristina_ON_C..\Run: [lrdciv] C:\users\cristina\appdata\local\lrdciv.exe (chondroblaste) O20 - HKU\Cristina_ON_C Winlogon: Shell - (C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFUOJ3D\contacts[1].exe) - C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFUOJ3D\contacts[1].exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{69b283b3-d3a2-11df-99d6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{69b283b3-d3a2-11df-99d6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Startme.exe [2011/07/26 08:40:47 | 000,004,401 | ---- | M] () -- C:\U> in the current context!
Error: Unable to interpret <sers\Cristina\AppData\Local\lrdciv.dat [2011/07/26 08:40:28 | 000,004,071 | ---- | M] () -- C:\Users\Cristina\AppData\Local\lrdciv_navps.dat [2011/07/26 08:26:27 | 000,000,092 | ---- | M] () -- C:\Users\Cristina\AppData\Local\qmwkq.bat [2011/07/20 00:57:40 | 000,248,578 | ---- | M] () -- C:\Users\Cristina\AppData\Local\lrdciv_nav.dat :Files C:\Program Files\BittorrentBar_DE C:\Program Files\Softonic_Deutsch C:\Program Files\ConduitEngine C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFUOJ3D :Commands [purity] [resethosts] > in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 07272011_213449


hoffe das ich das richtig gemacht habe ... werde nun den rechner neu starten... und das mit dem quarantäne ordner machen... schon mal danke bis hier hin ;)

ari1604 27.07.2011 19:03
ok glaub da war was falsch... hab es jetzt nochmal gemacht... da kam folgendes:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
C:\Program Files\BittorrentBar_DE\tbBitt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
C:\Program Files\Softonic_Deutsch\tbSoft.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Program Files\DVDVideoSoft\tbDVDV.dll moved successfully.
Registry value HKEY_USERS\Cristina_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Program Files\BittorrentBar_DE\tbBitt.dll not found.
Registry value HKEY_USERS\Cristina_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_USERS\Cristina_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
HKU\Cristina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Cristina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={7C97AC97-89BA-5E42-F20E-4C42D5FAC591}&q=" removed from keyword.URL
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\searchplugin folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\modules folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\META-INF folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\defaults folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\components folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\modules folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\searchplugin folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\modules folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\META-INF folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\defaults folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\chrome folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\searchplugin folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\META-INF folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\lib folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\defaults folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\chrome folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767} folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}\META-INF folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}\chrome folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\moveplayer@movenetworks.com\platform folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\moveplayer@movenetworks.com\META-INF folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\moveplayer@movenetworks.com\components folder moved successfully.
C:\Users\Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\6evvgjfs.default\extensions\moveplayer@movenetworks.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Program Files\BittorrentBar_DE\tbBitt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Program Files\BittorrentBar_DE\tbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0943516-5076-4020-A3B5-AEFAF26AB263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0943516-5076-4020-A3B5-AEFAF26AB263}\ deleted successfully.
C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_USERS\Cristina_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
File C:\Program Files\BittorrentBar_DE\tbBitt.dll not found.
Registry value HKEY_USERS\Cristina_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_USERS\Cristina_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_USERS\Cristina_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\Cristina_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\{B34B0FC7-41AD-84B0-32D6-89BC05210DEE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B34B0FC7-41AD-84B0-32D6-89BC05210DEE}\ not found.
Registry value HKEY_USERS\Cristina_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\lrdciv deleted successfully.
C:\Users\Cristina\AppData\Local\lrdciv.exe moved successfully.
Registry value HKEY_USERS\Cristina_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFUOJ3D\contacts[1].exe deleted successfully.
C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFUOJ3D\contacts[1].exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b283b3-d3a2-11df-99d6-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b283b3-d3a2-11df-99d6-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b283b3-d3a2-11df-99d6-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b283b3-d3a2-11df-99d6-806e6f6e6963}\ not found.
File F:\Startme.exe not found.
C:\Users\Cristina\AppData\Local\lrdciv.dat moved successfully.
C:\Users\Cristina\AppData\Local\lrdciv_navps.dat moved successfully.
C:\Users\Cristina\AppData\Local\qmwkq.bat moved successfully.
C:\Users\Cristina\AppData\Local\lrdciv_nav.dat moved successfully.
========== FILES ==========
C:\Program Files\BittorrentBar_DE folder moved successfully.
C:\Program Files\Softonic_Deutsch folder moved successfully.
C:\Program Files\ConduitEngine folder moved successfully.
C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFUOJ3D folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 07272011_225850



hab den rechner neu gestartet... sieht so aus als würde alles wieder gehen ... vielen vielen dank :)

cosinus 28.07.2011 10:06
Du hast die Datei im UpChannel aber noch nicht hochgeladen, sag Bescheid wenn du das gemacht hast. Dann gehts weiter.

ari1604 29.07.2011 17:12
also ich dachte eigentlihc schon das ich das gemacht habe ... was muss ich nochmal genau machen??

cosinus 30.07.2011 18:23
Zitat:
... was muss ich nochmal genau machen??
Anleitung hab ich dazu oben gepostet bzw. verlinkt!


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:44 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129