Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BKA Trojaner - Wie beseitigen? (https://www.trojaner-board.de/97501-bka-trojaner-beseitigen.html)

Pathe 15.04.2011 09:12
BKA Trojaner - Wie beseitigen?
 
Hallo,

ich habe mir leider auch diesen BKA-Trojaner eingefangen und kann folglich nichts mehr mit meinem Laptop anstellen.

Ich habe nun schon 1 Tag gegoogelt und diverse Foren gelesen, aber so richtig hat keiner eine Lösung.
Ich habe mir auf einem anderen Rechner bereits die Rescue CD von Avira und Kaspersky erstellt und drüber laufen lassen, vorher natürlich geupdatet.
Bei deiden Scans 0 Funde! Das ist ganz schön frustrierend, zumal der von Kaspersky bestimmt 6 Stunden gedauert hat.

Warum bekommen anderen den damit weg und bei mir gehts nicht?
Muss ich spezielle Einstellungen noch machen? Oderr soll ich noch was ganz anders ausprobieren, hat jemand noch ein Lösungsansatz?
Wäre schön wenn mir da von Euch geholfen werden kann.

markusg 15.04.2011 10:46
weil es nicht "den" trojaner gibt, sondern meistens vieieieiele variannten

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Pathe 15.04.2011 13:20
OTL Logfile:
Code:
OTL logfile created on: 4/15/2011 2:47:26 PM - Run
OTLPE by OldTimer - Version 3.1.46.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.95 Gb Total Space | 105.68 Gb Free Space | 37.22% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 0.55 Gb Free Space | 14.89% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/10/13 17:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 17:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 16:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/08/24 08:57:38 | 000,200,056 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/03/10 04:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 04:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 04:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 04:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 04:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 04:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 04:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/02/02 09:31:53 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/11/13 06:28:38 | 000,129,536 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/08/27 02:25:19 | 000,203,264 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/21 16:24:48 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/06 05:50:50 | 000,411,496 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/01 13:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/26 09:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/17 13:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009/06/11 08:51:38 | 000,361,472 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService)
SRV:64bit: - [2009/04/21 07:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV:64bit: - [2008/04/27 20:00:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto] -- C:\Windows\System32\drivers\XAudio64.exe -- (XAudioService)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/28 00:45:24 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30128\aspnet_state.exe -- (aspnet_state)
SRV - [2010/01/27 22:04:48 | 001,017,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30128\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/01/27 22:04:48 | 000,138,576 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30128\mscorsvw.exe -- (clr_optimization_v4.0.30128_64)
SRV - [2010/01/27 20:51:52 | 000,130,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe -- (clr_optimization_v4.0.30128_32)
SRV - [2009/09/11 06:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/08/04 03:58:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/07/27 11:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/27 11:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/27 11:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/27 11:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/27 11:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 05:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 05:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 05:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 10:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/06/16 03:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 04:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/01/04 13:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/10 16:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2003/04/18 13:06:26 | 000,008,192 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010/10/13 17:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 17:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 17:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/07/26 09:18:58 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/07/26 09:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- C:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/01/14 05:24:57 | 000,314,016 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/14 05:24:56 | 000,043,680 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/28 01:50:28 | 000,080,000 | ---- | M] (MARX CryptoTech LP) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CBUSB_64.sys -- (CBUSB)
DRV:64bit: - [2009/09/08 02:19:36 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/08/27 02:25:54 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/26 02:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/06/30 08:55:41 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/29 12:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/06/29 12:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009/06/29 03:09:08 | 000,403,968 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/19 22:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/04/09 07:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/03/13 06:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/02/13 06:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009/01/08 06:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008/11/18 20:08:46 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/10/22 20:02:17 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 20:02:08 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/07/17 20:05:52 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/05/28 06:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/27 20:00:38 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2008/04/27 20:00:35 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/04/27 20:00:33 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/04/27 20:00:33 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/04/24 08:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2007/04/16 14:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2010/07/26 09:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Der_Pathe_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKU\Der_Pathe_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Der_Pathe_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKU\Der_Pathe_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Der_Pathe_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Der_Pathe_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Der_Pathe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {271A3CF5-5A54-447B-A08F-BE805F0DA60A}:3.3.5.0
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
[2010/06/23 12:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Der Pathe\AppData\Roaming\Mozilla\Extensions
[2010/06/23 12:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Der Pathe\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/13 08:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Der Pathe\AppData\Roaming\Mozilla\Firefox\Profiles\zjvtbo2y.default\extensions
[2010/12/13 13:11:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Der Pathe\AppData\Roaming\Mozilla\Firefox\Profiles\zjvtbo2y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/16 06:32:28 | 000,000,000 | ---D | M] (DDBAC) -- C:\Users\Der Pathe\AppData\Roaming\Mozilla\Firefox\Profiles\zjvtbo2y.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A}
[2011/03/10 10:41:58 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Der Pathe\AppData\Roaming\Mozilla\Firefox\Profiles\zjvtbo2y.default\extensions\firebug@software.joehewitt.com
[2010/09/17 12:16:01 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Der Pathe\AppData\Roaming\Mozilla\Firefox\Profiles\zjvtbo2y.default\extensions\vshare@toolbar
[2010/09/17 12:16:06 | 000,001,583 | ---- | M] () -- C:\Users\Der Pathe\AppData\Roaming\Mozilla\Firefox\Profiles\zjvtbo2y.default\searchplugins\web-search.xml
[2010/03/17 13:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/09 02:52:22 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010/10/13 17:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/12 14:21:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/12/12 14:21:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/12/12 14:21:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/17 14:25:20 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/12/12 14:21:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/12/12 14:21:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101123175526.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (XML Class) - {500BCA15-57A7-4eaf-8143-8C619470B13D} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101123175526.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Der_Pathe_ON_C..\Run: [AdobeBridge]  File not found
O4 - HKU\Der_Pathe_ON_C..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\Der_Pathe_ON_C..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Der_Pathe_ON_C..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 5.0 - C:\Program Files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - C:\Program Files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Der_Pathe_ON_C\..Trusted Domains: basketball4u.de ([www] https in Trusted sites)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1818/plugin/AXFOAM.CAB (DataDesign DDBAC Plug-In)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Der_Pathe_ON_C Winlogon: Shell - (C:\Users\DERPAT~1\AppData\Local\Temp\0.30382708419380455.exe) - C:\Users\Der Pathe\AppData\Local\Temp\0.30382708419380455.exe (Rksklbux Nvyddrp)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{49e930f5-6052-11df-873c-00243374506a}\Shell - "" = AutoRun
O33 - MountPoints2\{49e930f5-6052-11df-873c-00243374506a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8314fc54-f917-11de-82f1-00243374506a}\Shell - "" = AutoRun
O33 - MountPoints2\{8314fc54-f917-11de-82f1-00243374506a}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{980c33eb-e1a2-11df-a082-00243374506a}\Shell - "" = AutoRun
O33 - MountPoints2\{980c33eb-e1a2-11df-a082-00243374506a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{980c33f6-e1a2-11df-a082-00243374506a}\Shell - "" = AutoRun
O33 - MountPoints2\{980c33f6-e1a2-11df-a082-00243374506a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cc2a8f48-e364-11df-bde2-00243374506a}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2a8f48-e364-11df-bde2-00243374506a}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cc2a8f51-e364-11df-bde2-00243374506a}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2a8f51-e364-11df-bde2-00243374506a}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/15 14:37:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/15 03:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/04/14 11:50:31 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/04/13 08:29:00 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/13 08:29:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/13 08:28:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/13 08:28:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/13 08:28:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/13 08:28:52 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/13 08:28:52 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 08:28:52 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/13 08:28:52 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/13 08:28:47 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 08:28:47 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/13 08:28:47 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 08:28:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/13 08:28:32 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 08:28:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/13 08:28:31 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 08:28:31 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 08:28:31 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/13 08:28:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/13 08:28:31 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011/04/13 08:28:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/13 08:28:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 08:28:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/13 08:28:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/13 08:28:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 08:28:30 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 08:28:30 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/13 08:28:03 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2011/04/13 08:28:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 08:28:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/13 08:28:02 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/13 08:27:59 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/04/13 08:27:58 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.efi
[2011/04/13 08:27:58 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.efi
[2011/04/13 08:27:58 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/04/13 08:27:58 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011/04/13 08:27:58 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/04/13 08:27:58 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011/04/12 12:17:04 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2011/03/25 04:24:00 | 000,000,000 | ---D | C] -- C:\Users\Der Pathe\Desktop\Neuer Ordner
[2011/03/16 15:58:52 | 000,000,000 | --SD | C] -- C:\Users\Der Pathe\Documents\Meine Datenquellen
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/15 06:05:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/15 06:04:33 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/15 06:04:33 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2011/04/15 06:04:31 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2011/04/15 06:04:22 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/04/15 06:04:04 | 3195,289,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/15 03:58:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/04/14 08:45:01 | 003,142,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/14 05:44:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/14 03:50:23 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/14 03:50:23 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 15:32:27 | 000,696,370 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/13 15:32:27 | 000,651,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/13 15:32:27 | 000,147,634 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/13 15:32:27 | 000,120,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 12:17:00 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2011/03/24 08:20:16 | 000,002,441 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2011/04/12 12:17:05 | 000,000,224 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2011/04/12 12:17:04 | 000,000,224 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job
[2010/10/11 16:06:13 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/02/13 09:17:24 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/04 14:29:29 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/04 13:41:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/10 06:34:08 | 000,450,560 | ---- | C] () -- C:\Windows\SysWow64\PEGRC32B.dll
[2009/11/10 06:34:08 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\PEGRC32A.dll
[2009/11/10 06:34:02 | 016,130,048 | ---- | C] () -- C:\Windows\SysWow64\Mh3dGlob10.dll
[2009/11/10 06:34:02 | 000,991,232 | ---- | C] () -- C:\Windows\SysWow64\MhCglobal10.dll
[2009/08/22 12:36:52 | 000,130,818 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/08/22 12:36:33 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/08/15 06:58:31 | 000,000,233 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/07/19 08:10:37 | 000,000,000 | ---- | C] () -- C:\Users\Der Pathe\AppData\Roaming\wklnhst.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/27 17:54:00 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/06/27 17:07:19 | 000,003,871 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2009/06/16 07:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/20 05:36:18 | 000,002,054 | ---- | C] () -- C:\Windows\bthservsdp.dat
 
========== LOP Check ==========
 
[2010/09/03 08:00:54 | 000,000,000 | -HSD | M] -- C:\Users\Der Pathe\AppData\Roaming\.#
[2009/12/04 14:05:37 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Ashampoo
[2010/03/03 06:18:20 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Autodesk
[2010/10/16 06:55:43 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\DataDesign
[2011/03/08 16:01:00 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\FileZilla
[2010/10/15 05:47:46 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\gtk-2.0
[2011/04/14 03:46:46 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\ICQ
[2009/12/04 14:05:41 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Image Zone Express
[2009/12/04 14:05:41 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\InterVideo
[2010/12/11 06:12:07 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Leadertech
[2009/12/04 14:05:42 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Menerga
[2009/12/04 14:05:42 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\mh-software
[2009/12/04 14:05:50 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Printer Info Cache
[2010/10/08 09:17:47 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Samsung
[2010/04/15 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\TS3Client
[2010/01/14 06:04:15 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Ubisoft
[2010/10/27 08:41:36 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Vodafone
[2010/01/04 12:00:37 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Western Digital
[2009/12/04 14:05:50 | 000,000,000 | ---D | M] -- C:\Users\Der Pathe\AppData\Roaming\Zeon
[2009/12/04 14:29:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/12/04 13:55:34 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2010/03/03 06:18:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/12/04 14:29:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/01/03 12:48:36 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/01/03 12:48:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/12/04 13:55:34 | 000,000,000 | ---D | M] -- C:\ProgramData\eSellerate
[2009/12/04 14:29:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/03/17 13:10:35 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/12/04 13:55:36 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2010/01/29 05:56:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Mindjet
[2009/12/04 13:56:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Nuance
[2010/09/20 05:15:39 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2009/12/04 13:56:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2010/10/08 09:17:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2009/12/04 13:56:09 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2009/12/04 13:56:10 | 000,000,000 | ---D | M] -- C:\ProgramData\SmartSound Software Inc
[2011/01/03 12:17:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/12/04 14:29:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/01/19 06:01:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/12/04 13:56:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2010/10/27 08:40:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2009/12/04 14:29:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/01/04 12:00:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Western Digital
[2009/12/04 13:56:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Zeon
[2011/04/15 06:04:22 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011/04/13 12:17:00 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2011/04/13 06:34:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/15 06:04:31 | 000,000,248 | -H-- | M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2011/04/15 06:04:33 | 000,000,296 | -H-- | M] () -- C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

markusg 15.04.2011 14:21
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:


Code:
:OTL
O20 - HKU\Der_Pathe_ON_C Winlogon: Shell - (C:\Users\DERPAT~1\AppData\Local\Temp\0.30382708419380455.exe) - C:\Users\Der Pathe\AppData\Local\Temp\0.30382708419380455.exe
(Rksklbux Nvyddrp)
:files
C:\Users\Der Pathe\AppData\Local\Temp\0.30382708419380455.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt auf deinem stick.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
öffne computer, öffne c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html
.

Pathe 15.04.2011 14:45
Leider komme ich erst garnicht soweit.
Ich kann die fix.txt nicht suchen im Fenster, es kommt sofort wenn ich auf die Auswahl gehe eine Fehlermeldung. Acces Violation at adress 7CA0C936 in module 'shell32.dll' Read of address 00000006

markusg 15.04.2011 15:02
tippe das script mal per hand ein.

Pathe 15.04.2011 15:28
Leider keine Veränderung...
(Also ich habe das auf dem 2. Rechner geschrieben im Editor und denn als fix.txt auf dem Usb Stick gespeichert und denn am andreren versucht)

markusg 15.04.2011 15:33
ja und was ist dann passiert. du sitzt vor dem pc nicht ich, also gib mir genaue beschreibung, wurde der fix gestartet, ist der pc neu gestartet etc.

Pathe 15.04.2011 15:41
Nein wie bereits oben geschrieben kann ich die fix.txt nicht vom Datenträger auswählen, weil diese Fehlermeldung kommt: Acces Violation at adress 7CA0C936 in module 'shell32.dll' Read of address 00000006
Klicke ich die weg, kann ich nichts mehr außer schließen in dem Programm drücke. Deine Idee mit dem selber schreiben brachte keine Verbesserung.

Hier nochmal mein Ablauf wie ich vorgeh ( vl mach ich da ja einen Fehler ):
1. fix.txt vom sauberen Pc auf einen Usb Stick
2. OTLPE gestartet, Windowas Ordner ausgewählt, Profil ausgewählt, automtically... weggeklickt
3. Fix Run gedrückt
4. Pop up möchte File loaden - ja
5. Möchte Usb Stick anwählen - geht nicht>Fehlermeldung

markusg 15.04.2011 15:56
und was passiert wenn du das script eintippst und dann auf fix klickst? das selbe?

Pathe 15.04.2011 16:15
Ich hab nun einfach per Copy den Text dort im Programfenster einegfügt und den Run fix gestartet.
Er hat auch was gemacht und mich nach einem reboot gefragt aber nicht ausgeführt.
Ich mache mal manuel und berichte dann.

Pathe 15.04.2011 16:35
Ein Logfile habe ich nicht mehr bekommen. Habe manuell den Restart gemacht und dann hat Win selbst noch irgendwas überprüft, dauerte ein paar Minuten und jetzt ist der Rechner wieder lebendig!
WOW! Riesen Dank dafür!
Ich lade die File gleich noch hoch.
Was schlägst du vor nun zu tun? Kann ich so weiter machen mit dem System oder sollte ich nun noch auf was achten oder machen?

Pathe 15.04.2011 16:47
Doch hier hab ich die Log gefunden:
========== OTL ==========
Registry value HKEY_USERS\Der_Pathe_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\DERPAT~1\AppData\Local\Temp\0.30382708419380455.exe deleted successfully.
File C:\Users\Der Pathe\AppData\Local\Temp\0.30382708419380455.exe not found.
========== FILES ==========
File\Folder C:\Users\Der Pathe\AppData\Local\Temp\0.30382708419380455.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Der Pathe

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Der Pathe

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80990529 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes

Total Files Cleaned = 77.00 mb


OTLPE by OldTimer - Version 3.1.46.0 log created on 04152011_191752

markusg 15.04.2011 16:57
bitte jetzt den upload.

Pathe 15.04.2011 17:20
Upload habe ich gemacht.
Muss ich nun noch etwas machen oder beachten oder kann ich den Fiesling nun löschen und mein System weiter verwenden?
Scan lasse ich gerade ausführen.

markusg 15.04.2011 18:45
welchen scan lässt du ausführen?

Pathe 15.04.2011 22:17
Virenscan über mein normales McAfee Internet Security.
Soll ich den OLT Ordner mit dem Virus drinne löschen?
Wenn ja normal oder mit einem besonderen Programm?
Kann ich ansonsten meinen Laptop wieder für das Internet nutzen und davon ausgehen das der Virus nun weg ist?

markusg 16.04.2011 10:11
du kannst den ordner löschen, ganz normal und dann den papierkorb leeren
hat dein virensanner was gefunden?
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Pathe 16.04.2011 12:08
Nein McAfee hatte NICHTS gefunden!
Malwarebytes hingegen 12!
Hier der Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6373

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.04.2011 12:57:46
mbam-log-2011-04-16 (12-57-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 382318
Laufzeit: 1 Stunde(n), 19 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233C3C0-1472-4091-A505-5580A23BB4AC} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PopRock (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\der pathe\AppData\LocalLow\Sun\Java\deployment\cache\6.0\57\14a5c0b9-7f31ac2e (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

markusg 16.04.2011 12:53
ok, jetzt mal windows update auf suchen, servicepack1 + sonstigen wichtigen updates drauf


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131