Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Gema-Virus! Bei mir geht nichts mehr. 100,-€? (https://www.trojaner-board.de/111754-gema-virus-mir-geht-nichts-mehr-100-a.html)

Fungenie 18.03.2012 12:51
Gema-Virus! Bei mir geht nichts mehr. 100,-€?
 
Hallo alle zusammen,

habe mir gestern den Gema-Virus eingefangen. Bin neu hier und habe mich hier schon mal ein wenig umgeschaut, aber keine passende Lösung gefunden...muss aber zugeben, dass ich auch nicht wirklich Ahnung habe!

Also, die Gema Seite wird angezeigt, ich kann keinen Task-Manager nutzen, habe Windows Vista in beiden abgesicherten Modi gestartet. Immer wieder der weisse Screen an dem ich nichts machen kann.

Bitte helft mir!!!

Gruss
Fungenie

markusg 18.03.2012 20:09
hi
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Fungenie 21.03.2012 08:06
Hallo,

Zitat:
Kopiere nun den Inhalt in die
Textbox.
hat nicht funktioniert -- Out of Memory.

Also habe ich den Inhalt freigelassen!! So kam die Datei zu Stande...

Code:
OTL logfile created on: 3/21/2012 9:00:44 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 47.12 Gb Free Space | 40.46% Space Free | Partition Type: NTFS
Drive D: | 114.98 Gb Total Space | 88.71 Gb Free Space | 77.16% Space Free | Partition Type: NTFS
Drive E: | 14.42 Gb Total Space | 14.29 Gb Free Space | 99.09% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto] --  -- (StarWindServiceAE)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/11 08:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 08:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/25 08:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2008/08/25 04:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/08/19 16:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/08/18 17:22:02 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/07/15 10:16:58 | 000,106,496 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/07/10 11:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/07 04:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 12:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (TpChoice)
DRV - File not found [Kernel | On_Demand] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (gtstusbser)
DRV - [2012/03/19 03:21:29 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/02/16 08:10:38 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 09:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 09:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/15 00:07:52 | 000,115,552 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/03/31 04:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/11/17 09:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/19 16:01:44 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/08/06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/31 20:40:28 | 003,894,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/15 14:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/05/07 05:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2008/02/06 18:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/12/14 05:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 08:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/17 10:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/23 10:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2003/05/07 08:16:44 | 000,099,584 | ---- | M] (Belkin Components) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bkusbxp.sys -- (FVNETusbXP) Belkin 11Mbps Wireless USB Network Adapter(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.thesun.co.uk/sol/homepage/sport/football/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\MasterP_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\MasterP_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15015&l=dis
IE - HKU\MasterP_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\MasterP_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\MasterP_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
FF - HKLM\Software\MozillaPlugins\Adobe Reader:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 15:25:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 11:14:10 | 000,000,000 | ---D | M]
 
[2010/05/21 04:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gast\AppData\Roaming\Mozilla\Extensions
[2010/05/21 04:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\uz40yd2y.default\extensions
[2010/05/21 04:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\uz40yd2y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/21 04:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\uz40yd2y.default\extensions\staged-xpis
[2012/01/08 10:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/20 15:25:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/16 10:35:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/16 10:35:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/16 10:35:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/16 10:35:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/16 10:35:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/16 10:35:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\Gast_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\MasterP_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\MasterP_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\MasterP_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng]  File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Gast_ON_C..\Run: [swg]  File not found
O4 - HKU\Gast_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\MasterP_ON_C..\Run: [AlcoholAutomount]  File not found
O4 - HKU\MasterP_ON_C..\Run: [TOSCDSPD]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/19 03:36:17 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\MasterP\Desktop\OTLPENet(1).exe
[2012/03/19 03:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012/03/19 03:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/03/18 09:00:48 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/18 09:00:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/18 09:00:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/18 09:00:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/18 09:00:44 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/18 09:00:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/18 09:00:03 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/18 08:37:10 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Nero
[2012/03/18 08:37:02 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Apple Computer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/20 15:29:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 15:29:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 15:29:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 02:56:55 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\MasterP\Desktop\OTLPENet(1).exe
[2012/03/19 03:37:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/03/19 03:37:24 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/19 03:37:24 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/03/19 03:37:24 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/19 03:32:41 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/03/19 03:30:15 | 3215,863,808 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 03:18:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/03/18 22:06:41 | 000,347,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/15 18:15:33 | 000,013,134 | ---- | M] () -- C:\Users\MasterP\Desktop\HAusmodernisierung.ods
[2012/03/12 16:14:48 | 000,161,792 | ---- | M] () -- C:\Users\MasterP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/04 06:36:13 | 000,078,476 | ---- | M] () -- C:\Users\MasterP\Desktop\Haushaltsbuch.ods
[2012/02/23 04:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/18 08:27:50 | 3215,863,808 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/22 05:16:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012/01/22 05:16:08 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009/11/19 14:53:22 | 000,000,962 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2009/10/28 16:12:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/10/28 16:12:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/10/20 14:49:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 14:49:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/29 10:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 10:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/28 23:11:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/16 04:39:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/02 11:00:23 | 000,000,680 | ---- | C] () -- C:\Users\MasterP\AppData\Local\d3d9caps.dat
[2009/01/06 18:03:33 | 000,000,278 | ---- | C] () -- C:\Users\MasterP\AppData\Roaming\default.rss
[2009/01/06 18:03:32 | 000,000,000 | ---- | C] () -- C:\Users\MasterP\AppData\Roaming\downloads.m3u
[2009/01/01 15:08:41 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/12/29 08:30:02 | 000,161,792 | ---- | C] () -- C:\Users\MasterP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 11:06:29 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/12/27 11:06:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/12/27 11:06:29 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/12/27 11:06:29 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/12/27 11:01:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/09/22 09:36:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/22 09:27:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/09/22 09:18:41 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC.dat
[2008/09/22 09:18:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/09/22 09:18:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/09/22 09:18:41 | 000,000,160 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/09/22 09:18:28 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/09/22 09:18:28 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/09/22 09:18:28 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/09/22 09:18:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/09/22 09:18:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/09/22 09:18:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/09/22 09:05:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/24 03:08:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2008/01/21 03:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/12/21 10:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/10/25 12:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/09/04 06:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,347,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/07/22 15:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2009/10/29 08:17:19 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite
[2011/11/27 06:16:33 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\biu software
[2008/12/31 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\DAEMON Tools
[2008/12/31 21:08:12 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\DAEMON Tools Lite
[2009/01/01 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\DAEMON Tools Pro
[2012/01/22 05:16:07 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\FreePDF
[2008/12/29 08:31:08 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\myphotobook
[2011/11/16 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\OpenOffice.org
[2009/10/28 16:38:45 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\PC Suite
[2011/06/07 16:54:39 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\Samsung
[2009/01/11 08:50:24 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\temp
[2008/12/27 12:46:06 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\Toshiba
[2009/06/21 17:43:27 | 000,000,000 | ---D | M] -- C:\Users\MasterP\AppData\Roaming\VistaCodecs
[2008/12/27 12:17:32 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/12/31 21:06:21 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/12/27 12:17:32 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/12/27 12:17:32 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/10/18 02:01:23 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
[2008/12/29 08:18:19 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2009/10/28 16:38:45 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2011/02/12 13:12:41 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/12/27 12:17:32 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/12/27 12:28:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2008/12/27 12:22:16 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2011/10/31 16:15:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/09/22 09:33:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Vista32
[2008/09/22 09:30:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Vista64
[2009/06/21 17:43:27 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2008/12/27 12:17:32 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/08/03 15:31:10 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/09/22 09:30:02 | 000,000,000 | ---D | M] -- C:\ProgramData\XP
[2008/09/22 11:48:56 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/11/22 20:55:36 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/20 15:29:17 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

markusg 21.03.2012 15:30
hattest du bei benutzernamen auf den nutzernamen deines kontos geklickt? falls nein scan noch mal ausführen

Fungenie 22.03.2012 08:04
ja hatte ich. run scan läuft. am ende steht manual file scan-getting folder structure...und dann irgendwann die meldung out of memory.

markusg 22.03.2012 12:40
laut dem log ist da keine malware, prüfe noch mal ob du deinen nutzernamen gewählt hast, scanne erneut und hänge das log an.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55