Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner "Es besteht keine Internetverbindung" (https://www.trojaner-board.de/109190-trojaner-besteht-keine-internetverbindung.html)

Aho66 05.02.2012 21:48
Trojaner "Es besteht keine Internetverbindung"
 
Hallo Leute.
Das Notebook von meinem Freund hat folgendes Problem.
Wenn ich das Notebook einschalte, kommt ein grauer Bildschirm und "Es besteht noch keine Internetverbindung, bitte warten ". Im Forum wird empfohlen, OTL runterzuladen und die Logfiles hier zu posten.
Ich habe OTL gebrannt und damit gebootet. Bekomme aber nur die Datei "OTL.txt". Extras.txt, wird also nicht angezeigt. Außerdem erkennt das Notebook komischerweise den USB-Stick nicht, so dass ich die Datei nicht kopieren kann.
Brauche dringend eure Hilfe

cosinus 05.02.2012 22:45
Die OTL.txt allein reicht auch erstmal.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Aho66 05.02.2012 23:23
OTL Logfile:
Code:
OTL logfile created on: 2/5/2012 6:36:40 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 42.14 Mb Free Space | 42.14% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 224.05 Gb Free Space | 48.11% Space Free | Partition Type: NTFS
Drive E: | 265.77 Gb Total Space | 251.04 Gb Free Space | 94.46% Space Free | Partition Type: NTFS
Drive F: | 179.00 Gb Total Space | 116.12 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/09/16 09:44:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto] -- F:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/08/09 14:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand] -- F:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2010/07/21 07:46:28 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto] -- F:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/04/16 10:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto] -- F:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2010/04/07 08:04:24 | 000,127,800 | ---- | M] (HP) [Auto] -- F:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/09 17:06:12 | 000,342,984 | ---- | M] () [Auto] -- F:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2011/09/16 09:51:20 | 002,027,840 | ---- | M] (TuneUp Software) [Auto] -- F:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/16 09:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- F:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto] -- F:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/08/04 05:26:26 | 000,074,240 | ---- | M] (Freemake) [Auto] -- F:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2010/06/03 12:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- F:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/03 17:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/02/03 17:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 08:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/27 18:18:44 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011/12/27 18:18:44 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/12/27 18:18:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/11/07 12:48:15 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/26 19:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot] -- F:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/08 18:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 21:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- F:\Windows\System32\Drivers\NISx64\1302000.00A\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/08/02 21:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NISx64\1302000.00A\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/08/02 10:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/25 21:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS -- (SymNetS)
DRV:64bit: - [2011/07/25 21:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2011/07/25 13:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/14 12:55:41 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System] -- F:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/13 09:47:54 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System] -- F:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/30 09:45:48 | 000,394,016 | ---- | M] (Marvell) [Kernel | On_Demand] -- F:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/07/28 19:23:08 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/04/27 12:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 12:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/04/16 10:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/03/09 21:48:30 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/05 18:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2011/12/27 18:18:44 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/12/27 18:18:44 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/12/27 18:18:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/12/07 10:33:08 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111206.034\ex64.sys -- (NAVEX15)
DRV - [2011/12/07 10:33:08 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111206.034\eng64.sys -- (NAVENG)
DRV - [2011/11/15 10:12:19 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/14 14:28:01 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111123.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/10 07:53:23 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/04 09:36:18 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111206.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/19 14:09:30 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2010/11/29 13:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- F:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\NetworkService_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\Sultan_Fatih_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\Sultan_Fatih_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Sultan_Fatih_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sultan_Fatih_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/29 19:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/29 19:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011/08/13 10:14:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/11/09 06:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/31 17:15:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/12 15:43:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/19 18:31:43 | 000,000,000 | ---D | M]
 
[2011/07/19 17:45:06 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/12 15:43:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/06 08:49:05 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/20 05:54:06 | 000,002,428 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/06 08:49:05 | 000,002,252 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/06 08:49:05 | 000,001,153 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/06 08:49:05 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/07/19 13:14:43 | 000,002,501 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/10/06 08:49:05 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 08:49:05 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/09/15 13:20:53 | 000,437,695 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 15052 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - F:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] F:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] F:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] F:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] F:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [bPk0yiZRB98vWmQ] F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe (Pinnacle Systems)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] F:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe (Corel Corporation)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Sultan_Fatih_ON_F..\Run: [bPk0yiZRB98vWmQ] F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe (Pinnacle Systems)
O4 - HKU\Sultan_Fatih_ON_F..\Run: [DAEMON Tools Lite] F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Sultan_Fatih_ON_F..\Run: [Facebook Update] F:\Users\Sultan Fatih\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Sultan_Fatih_ON_F..\Run: [SpybotSD TeaTimer] F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] F:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: []  File not found
O4 - HKU\LocalService_ON_F..\RunOnce: []  File not found
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: []  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Lake = C:\Users\Sultan Fatih\AppData\Roaming\csrss.exe ()
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files (x86)\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - F:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (C:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe) - F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe (Pinnacle Systems)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Sultan_Fatih_ON_F Winlogon: Shell - (C:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe) - F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe (Pinnacle Systems)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/05 18:06:08 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2012/01/21 06:10:48 | 000,095,744 | ---- | C] (Kassl GmbH) -- F:\Users\Sultan Fatih\AppData\Roaming\dwlGina3.dll
[2012/01/20 08:52:43 | 000,360,448 | ---- | C] (Pinnacle Systems) -- F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/04 17:34:54 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/02/04 08:26:31 | 000,000,214 | ---- | M] () -- F:\Windows\tasks\AutoKMS.job
[2012/02/04 08:24:43 | 2076,610,559 | -HS- | M] () -- F:\hiberfil.sys
[2012/01/31 17:23:26 | 000,013,936 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 17:23:26 | 000,013,936 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/21 06:10:48 | 000,095,744 | ---- | M] (Kassl GmbH) -- F:\Users\Sultan Fatih\AppData\Roaming\dwlGina3.dll
[2012/01/20 08:52:41 | 000,360,448 | ---- | M] (Pinnacle Systems) -- F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe
[2012/01/20 08:51:01 | 000,000,956 | ---- | M] () -- F:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1252512109-3750120672-4145686215-1000UA.job
[2012/01/17 12:48:19 | 000,020,408 | ---- | M] () -- F:\Users\Sultan Fatih\Desktop\alu-skin-blau.jpg
[2012/01/16 10:45:43 | 000,664,822 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/01/16 10:45:43 | 000,624,964 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/01/16 10:45:43 | 000,134,958 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/01/16 10:45:43 | 000,110,602 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/01/13 17:51:00 | 000,000,934 | ---- | M] () -- F:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1252512109-3750120672-4145686215-1000Core.job
[2012/01/07 07:39:40 | 000,433,192 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/01/17 12:48:18 | 000,020,408 | ---- | C] () -- F:\Users\Sultan Fatih\Desktop\alu-skin-blau.jpg
[2011/12/27 19:07:04 | 000,000,100 | ---- | C] () -- F:\Users\Sultan Fatih\AppData\Local\fusioncache.dat
[2011/12/27 19:01:05 | 000,000,198 | ---- | C] () -- F:\Windows\ODBCINST.ini
[2011/12/27 19:00:55 | 000,192,512 | ---- | C] () -- F:\Windows\SysWow64\LXPrnUtil10.dll
[2011/12/27 19:00:55 | 000,065,536 | ---- | C] () -- F:\Windows\SysWow64\PXTToolVC7.dll
[2011/12/27 18:58:39 | 001,554,122 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/14 09:03:06 | 000,000,008 | ---- | C] () -- F:\Users\Sultan Fatih\AppData\Roaming\5354zrttknuphmqo.dat
[2011/07/28 19:46:49 | 000,017,408 | ---- | C] () -- F:\Users\Sultan Fatih\AppData\Local\WebpageIcons.db
[2011/07/28 18:49:57 | 000,614,400 | ---- | C] () -- F:\Windows\AutoKMS.exe
[2011/06/09 10:40:07 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/09 10:40:07 | 000,031,232 | -HS- | C] () -- F:\Users\Sultan Fatih\AppData\Roaming\csrss.exe
[2011/03/15 15:01:24 | 000,014,529 | ---- | C] () -- F:\Users\Sultan Fatih\AppData\Roaming\UserTile.png
[2011/03/13 10:19:09 | 000,000,135 | ---- | C] () -- F:\Windows\AutoKMS.ini
[2011/03/05 06:05:16 | 000,142,704 | ---- | C] () -- F:\Windows\wiainst64.exe
[2011/03/05 06:04:13 | 000,258,864 | ---- | C] () -- F:\Windows\SUPDRun.exe
[2010/10/24 22:16:57 | 000,307,200 | ---- | C] () -- F:\Windows\SetDisplayResolution.exe
[2010/10/24 21:12:02 | 000,001,238 | ---- | C] () -- F:\Windows\HotFixList.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- F:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- F:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- F:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- F:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2009/04/01 04:48:16 | 000,053,478 | ---- | C] () -- F:\Windows\mvtcpui.ini
[2005/11/09 06:18:38 | 000,282,679 | ---- | C] () -- F:\Windows\SysWow64\dnt27.dll
[2005/11/09 06:17:36 | 000,077,882 | ---- | C] () -- F:\Windows\SysWow64\dntvmc27.dll
[2005/11/09 06:17:28 | 000,073,785 | ---- | C] () -- F:\Windows\SysWow64\dntvm27.dll
[2005/11/09 06:13:48 | 000,282,624 | ---- | C] () -- F:\Windows\SysWow64\dnt27VC7.dll
[2005/11/09 06:11:46 | 000,086,016 | ---- | C] () -- F:\Windows\SysWow64\dntvmc27VC7.dll
[2005/11/09 06:11:30 | 000,077,824 | ---- | C] () -- F:\Windows\SysWow64\dntvm27VC7.dll
[2001/12/12 06:41:36 | 000,041,472 | ---- | C] () -- F:\Windows\SysWow64\W32btstp.dll
[2001/12/12 06:41:36 | 000,025,088 | ---- | C] () -- F:\Windows\SysWow64\W32btxlt.dll
[2000/12/04 14:27:06 | 000,320,512 | ---- | C] () -- F:\Windows\SysWow64\W32MKDE.EXE
[2000/12/04 14:27:06 | 000,110,080 | ---- | C] () -- F:\Windows\SysWow64\W32MKRC.DLL
[1999/05/14 09:05:22 | 000,015,627 | ---- | C] () -- F:\Windows\SysWow64\WBROLLRS.DLL
 
========== LOP Check ==========
 
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2011/03/13 09:34:53 | 000,000,000 | ---D | M] -- F:\ProgramData\ashampoo
[2011/07/20 08:41:08 | 000,000,000 | ---D | M] -- F:\ProgramData\boost_interprocess
[2011/03/14 12:59:26 | 000,000,000 | ---D | M] -- F:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2011/05/01 06:15:14 | 000,000,000 | ---D | M] -- F:\ProgramData\Eastman Kodak Company
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2011/08/06 19:37:53 | 000,000,000 | ---D | M] -- F:\ProgramData\FloodLightGames
[2011/07/03 09:07:43 | 000,000,000 | ---D | M] -- F:\ProgramData\Freemake
[2011/05/01 06:14:57 | 000,000,000 | ---D | M] -- F:\ProgramData\kds_kodak
[2011/12/27 19:07:05 | 000,000,000 | ---D | M] -- F:\ProgramData\Lexware
[2010/10/24 22:17:00 | 000,000,000 | ---D | M] -- F:\ProgramData\SAMSUNG
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2011/03/05 06:05:40 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2011/03/13 09:42:00 | 000,000,000 | ---D | M] -- F:\ProgramData\TuneUp Software
[2011/08/06 19:37:09 | 000,000,000 | ---D | M] -- F:\ProgramData\WildTangent
[2011/04/08 19:05:24 | 000,000,000 | ---D | M] -- F:\ProgramData\WinClon
[2011/03/13 09:40:22 | 000,000,000 | -HSD | M] -- F:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/10/19 18:34:50 | 000,000,000 | ---D | M] -- F:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/02/04 08:26:31 | 000,000,214 | ---- | M] () -- F:\Windows\Tasks\AutoKMS.job
[2012/01/13 17:51:00 | 000,000,934 | ---- | M] () -- F:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1252512109-3750120672-4145686215-1000Core.job
[2012/01/20 08:51:01 | 000,000,956 | ---- | M] () -- F:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1252512109-3750120672-4145686215-1000UA.job
[2011/12/02 09:56:17 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

cosinus 05.02.2012 23:47
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Aho66 06.02.2012 01:23
Wie soll ich Malwarebytes aktualisieren, wenn ich keine Internetverbindung habe?
Hab versucht mit LAN-Kabel zu verbinden. Geht leider nicht.

cosinus 06.02.2012 09:19
Sry, ich dachte du hättest den abgesicherten Modus mit Netzwerk erfolgreich gestartet.
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

Aho66 06.02.2012 14:06
Nein funktioniert auch nicht. Nur der abgesicherte Modus mit Eingabeaufforderung funktioniert.
Wenn ich die Funktion "automatischer Neustart bei Systemfehler" deaktiviere, kommt der STOP-Fehler: 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC0000034, 0x0000000000000000, 0x0000000000000000)

cosinus 06.02.2012 15:23
Zitat:
F:\Windows\AutoKMS.exe
In deinem OTLPE-Log bin ich darauf gestoßen und das ist offensichtlich ein Activation-Crack für MS-Office! :pfui:

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

Aho66 06.02.2012 16:18
Wie gesagt, das Notebook ist von meinem Freund.
Werde es weiterleiten.

Aho66 06.02.2012 17:21
Jetzt kommt also nurnoch der STOP-Fehler.
0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC0000034, 0x0000000000000000, 0x0000000000000000)

cosinus 06.02.2012 19:50
Das Teil sollte so oder so neu installiert werden :D

Aho66 07.02.2012 23:41
Also wir haben es ohne Neuinsallation geschafft, nur zur Info.
Vielen Dank für die Hilfe.:cool:


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131