Trojaner "Es besteht keine Internetverbindung"

Aho66 · 05.02.2012, 21:48

Hallo Leute.
Das Notebook von meinem Freund hat folgendes Problem.
Wenn ich das Notebook einschalte, kommt ein grauer Bildschirm und "Es besteht noch keine Internetverbindung, bitte warten ". Im Forum wird empfohlen, OTL runterzuladen und die Logfiles hier zu posten.
Ich habe OTL gebrannt und damit gebootet. Bekomme aber nur die Datei "OTL.txt". Extras.txt, wird also nicht angezeigt. Außerdem erkennt das Notebook komischerweise den USB-Stick nicht, so dass ich die Datei nicht kopieren kann.
Brauche dringend eure Hilfe

cosinus · 05.02.2012, 22:45

Die OTL.txt allein reicht auch erstmal.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Aho66 · 05.02.2012, 23:23

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 2/5/2012 6:36:40 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 42.14 Mb Free Space | 42.14% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 224.05 Gb Free Space | 48.11% Space Free | Partition Type: NTFS
Drive E: | 265.77 Gb Total Space | 251.04 Gb Free Space | 94.46% Space Free | Partition Type: NTFS
Drive F: | 179.00 Gb Total Space | 116.12 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/09/16 09:44:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto] -- F:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/08/09 14:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand] -- F:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2010/07/21 07:46:28 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto] -- F:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/04/16 10:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto] -- F:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2010/04/07 08:04:24 | 000,127,800 | ---- | M] (HP) [Auto] -- F:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/09 17:06:12 | 000,342,984 | ---- | M] () [Auto] -- F:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2011/09/16 09:51:20 | 002,027,840 | ---- | M] (TuneUp Software) [Auto] -- F:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/16 09:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- F:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto] -- F:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/08/04 05:26:26 | 000,074,240 | ---- | M] (Freemake) [Auto] -- F:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2010/06/03 12:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- F:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/03 17:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/02/03 17:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 08:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/27 18:18:44 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011/12/27 18:18:44 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/12/27 18:18:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/11/07 12:48:15 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/26 19:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot] -- F:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/08 18:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 21:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- F:\Windows\System32\Drivers\NISx64\1302000.00A\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/08/02 21:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NISx64\1302000.00A\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/08/02 10:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/25 21:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS -- (SymNetS)
DRV:64bit: - [2011/07/25 21:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2011/07/25 13:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/14 12:55:41 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System] -- F:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/13 09:47:54 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System] -- F:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/30 09:45:48 | 000,394,016 | ---- | M] (Marvell) [Kernel | On_Demand] -- F:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/07/28 19:23:08 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/04/27 12:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 12:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/04/16 10:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/03/09 21:48:30 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/05 18:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2011/12/27 18:18:44 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/12/27 18:18:44 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/12/27 18:18:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/12/07 10:33:08 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111206.034\ex64.sys -- (NAVEX15)
DRV - [2011/12/07 10:33:08 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111206.034\eng64.sys -- (NAVENG)
DRV - [2011/11/15 10:12:19 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/14 14:28:01 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111123.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/10 07:53:23 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/04 09:36:18 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111206.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/19 14:09:30 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2010/11/29 13:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- F:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\NetworkService_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\Sultan_Fatih_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\Sultan_Fatih_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Sultan_Fatih_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sultan_Fatih_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/29 19:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/29 19:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011/08/13 10:14:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/11/09 06:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/31 17:15:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/12 15:43:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/19 18:31:43 | 000,000,000 | ---D | M]
 
[2011/07/19 17:45:06 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/12 15:43:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/06 08:49:05 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/20 05:54:06 | 000,002,428 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/06 08:49:05 | 000,002,252 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/06 08:49:05 | 000,001,153 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/06 08:49:05 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/07/19 13:14:43 | 000,002,501 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/10/06 08:49:05 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 08:49:05 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/09/15 13:20:53 | 000,437,695 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15052 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - F:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] F:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] F:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] F:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] F:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [bPk0yiZRB98vWmQ] F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe (Pinnacle Systems)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] F:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe (Corel Corporation)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Sultan_Fatih_ON_F..\Run: [bPk0yiZRB98vWmQ] F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe (Pinnacle Systems)
O4 - HKU\Sultan_Fatih_ON_F..\Run: [DAEMON Tools Lite] F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Sultan_Fatih_ON_F..\Run: [Facebook Update] F:\Users\Sultan Fatih\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Sultan_Fatih_ON_F..\Run: [SpybotSD TeaTimer] F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] F:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: []  File not found
O4 - HKU\LocalService_ON_F..\RunOnce: []  File not found
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: []  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Lake = C:\Users\Sultan Fatih\AppData\Roaming\csrss.exe ()
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Sultan_Fatih_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files (x86)\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - F:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (C:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe) - F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe (Pinnacle Systems)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Sultan_Fatih_ON_F Winlogon: Shell - (C:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe) - F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe (Pinnacle Systems)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/05 18:06:08 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2012/01/21 06:10:48 | 000,095,744 | ---- | C] (Kassl GmbH) -- F:\Users\Sultan Fatih\AppData\Roaming\dwlGina3.dll
[2012/01/20 08:52:43 | 000,360,448 | ---- | C] (Pinnacle Systems) -- F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/04 17:34:54 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/02/04 08:26:31 | 000,000,214 | ---- | M] () -- F:\Windows\tasks\AutoKMS.job
[2012/02/04 08:24:43 | 2076,610,559 | -HS- | M] () -- F:\hiberfil.sys
[2012/01/31 17:23:26 | 000,013,936 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 17:23:26 | 000,013,936 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/21 06:10:48 | 000,095,744 | ---- | M] (Kassl GmbH) -- F:\Users\Sultan Fatih\AppData\Roaming\dwlGina3.dll
[2012/01/20 08:52:41 | 000,360,448 | ---- | M] (Pinnacle Systems) -- F:\Users\Sultan Fatih\AppData\Roaming\w3tygaw4ya4y.exe
[2012/01/20 08:51:01 | 000,000,956 | ---- | M] () -- F:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1252512109-3750120672-4145686215-1000UA.job
[2012/01/17 12:48:19 | 000,020,408 | ---- | M] () -- F:\Users\Sultan Fatih\Desktop\alu-skin-blau.jpg
[2012/01/16 10:45:43 | 000,664,822 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/01/16 10:45:43 | 000,624,964 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/01/16 10:45:43 | 000,134,958 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/01/16 10:45:43 | 000,110,602 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/01/13 17:51:00 | 000,000,934 | ---- | M] () -- F:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1252512109-3750120672-4145686215-1000Core.job
[2012/01/07 07:39:40 | 000,433,192 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/01/17 12:48:18 | 000,020,408 | ---- | C] () -- F:\Users\Sultan Fatih\Desktop\alu-skin-blau.jpg
[2011/12/27 19:07:04 | 000,000,100 | ---- | C] () -- F:\Users\Sultan Fatih\AppData\Local\fusioncache.dat
[2011/12/27 19:01:05 | 000,000,198 | ---- | C] () -- F:\Windows\ODBCINST.ini
[2011/12/27 19:00:55 | 000,192,512 | ---- | C] () -- F:\Windows\SysWow64\LXPrnUtil10.dll
[2011/12/27 19:00:55 | 000,065,536 | ---- | C] () -- F:\Windows\SysWow64\PXTToolVC7.dll
[2011/12/27 18:58:39 | 001,554,122 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/14 09:03:06 | 000,000,008 | ---- | C] () -- F:\Users\Sultan Fatih\AppData\Roaming\5354zrttknuphmqo.dat
[2011/07/28 19:46:49 | 000,017,408 | ---- | C] () -- F:\Users\Sultan Fatih\AppData\Local\WebpageIcons.db
[2011/07/28 18:49:57 | 000,614,400 | ---- | C] () -- F:\Windows\AutoKMS.exe
[2011/06/09 10:40:07 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/09 10:40:07 | 000,031,232 | -HS- | C] () -- F:\Users\Sultan Fatih\AppData\Roaming\csrss.exe
[2011/03/15 15:01:24 | 000,014,529 | ---- | C] () -- F:\Users\Sultan Fatih\AppData\Roaming\UserTile.png
[2011/03/13 10:19:09 | 000,000,135 | ---- | C] () -- F:\Windows\AutoKMS.ini
[2011/03/05 06:05:16 | 000,142,704 | ---- | C] () -- F:\Windows\wiainst64.exe
[2011/03/05 06:04:13 | 000,258,864 | ---- | C] () -- F:\Windows\SUPDRun.exe
[2010/10/24 22:16:57 | 000,307,200 | ---- | C] () -- F:\Windows\SetDisplayResolution.exe
[2010/10/24 21:12:02 | 000,001,238 | ---- | C] () -- F:\Windows\HotFixList.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- F:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- F:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- F:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- F:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2009/04/01 04:48:16 | 000,053,478 | ---- | C] () -- F:\Windows\mvtcpui.ini
[2005/11/09 06:18:38 | 000,282,679 | ---- | C] () -- F:\Windows\SysWow64\dnt27.dll
[2005/11/09 06:17:36 | 000,077,882 | ---- | C] () -- F:\Windows\SysWow64\dntvmc27.dll
[2005/11/09 06:17:28 | 000,073,785 | ---- | C] () -- F:\Windows\SysWow64\dntvm27.dll
[2005/11/09 06:13:48 | 000,282,624 | ---- | C] () -- F:\Windows\SysWow64\dnt27VC7.dll
[2005/11/09 06:11:46 | 000,086,016 | ---- | C] () -- F:\Windows\SysWow64\dntvmc27VC7.dll
[2005/11/09 06:11:30 | 000,077,824 | ---- | C] () -- F:\Windows\SysWow64\dntvm27VC7.dll
[2001/12/12 06:41:36 | 000,041,472 | ---- | C] () -- F:\Windows\SysWow64\W32btstp.dll
[2001/12/12 06:41:36 | 000,025,088 | ---- | C] () -- F:\Windows\SysWow64\W32btxlt.dll
[2000/12/04 14:27:06 | 000,320,512 | ---- | C] () -- F:\Windows\SysWow64\W32MKDE.EXE
[2000/12/04 14:27:06 | 000,110,080 | ---- | C] () -- F:\Windows\SysWow64\W32MKRC.DLL
[1999/05/14 09:05:22 | 000,015,627 | ---- | C] () -- F:\Windows\SysWow64\WBROLLRS.DLL
 
========== LOP Check ==========
 
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2011/03/13 09:34:53 | 000,000,000 | ---D | M] -- F:\ProgramData\ashampoo
[2011/07/20 08:41:08 | 000,000,000 | ---D | M] -- F:\ProgramData\boost_interprocess
[2011/03/14 12:59:26 | 000,000,000 | ---D | M] -- F:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2011/05/01 06:15:14 | 000,000,000 | ---D | M] -- F:\ProgramData\Eastman Kodak Company
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2011/08/06 19:37:53 | 000,000,000 | ---D | M] -- F:\ProgramData\FloodLightGames
[2011/07/03 09:07:43 | 000,000,000 | ---D | M] -- F:\ProgramData\Freemake
[2011/05/01 06:14:57 | 000,000,000 | ---D | M] -- F:\ProgramData\kds_kodak
[2011/12/27 19:07:05 | 000,000,000 | ---D | M] -- F:\ProgramData\Lexware
[2010/10/24 22:17:00 | 000,000,000 | ---D | M] -- F:\ProgramData\SAMSUNG
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2011/03/05 06:05:40 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2011/03/13 09:42:00 | 000,000,000 | ---D | M] -- F:\ProgramData\TuneUp Software
[2011/08/06 19:37:09 | 000,000,000 | ---D | M] -- F:\ProgramData\WildTangent
[2011/04/08 19:05:24 | 000,000,000 | ---D | M] -- F:\ProgramData\WinClon
[2011/03/13 09:40:22 | 000,000,000 | -HSD | M] -- F:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/10/19 18:34:50 | 000,000,000 | ---D | M] -- F:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/02/04 08:26:31 | 000,000,214 | ---- | M] () -- F:\Windows\Tasks\AutoKMS.job
[2012/01/13 17:51:00 | 000,000,934 | ---- | M] () -- F:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1252512109-3750120672-4145686215-1000Core.job
[2012/01/20 08:51:01 | 000,000,956 | ---- | M] () -- F:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1252512109-3750120672-4145686215-1000UA.job
[2011/12/02 09:56:17 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

cosinus · 05.02.2012, 23:47

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Aho66 · 06.02.2012, 01:23

Wie soll ich Malwarebytes aktualisieren, wenn ich keine Internetverbindung habe?
Hab versucht mit LAN-Kabel zu verbinden. Geht leider nicht.

cosinus · 06.02.2012, 09:19

Sry, ich dachte du hättest den abgesicherten Modus mit Netzwerk erfolgreich gestartet.
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Aho66 · 06.02.2012, 14:06

Nein funktioniert auch nicht. Nur der abgesicherte Modus mit Eingabeaufforderung funktioniert.
Wenn ich die Funktion "automatischer Neustart bei Systemfehler" deaktiviere, kommt der STOP-Fehler: 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC0000034, 0x0000000000000000, 0x0000000000000000)

cosinus · 06.02.2012, 15:23

Zitat:

F:\Windows\AutoKMS.exe

In deinem OTLPE-Log bin ich darauf gestoßen und das ist offensichtlich ein Activation-Crack für MS-Office!

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

Aho66 · 06.02.2012, 16:18

Wie gesagt, das Notebook ist von meinem Freund.
Werde es weiterleiten.

Aho66 · 06.02.2012, 17:21

Jetzt kommt also nurnoch der STOP-Fehler.
0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC0000034, 0x0000000000000000, 0x0000000000000000)

cosinus · 06.02.2012, 19:50

Das Teil sollte so oder so neu installiert werden

Aho66 · 07.02.2012, 23:41

Also wir haben es ohne Neuinsallation geschafft, nur zur Info.
Vielen Dank für die Hilfe.

05.02.2012, 22:45	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner "Es besteht keine Internetverbindung" Die OTL.txt allein reicht auch erstmal. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: ATTFilter hier steht das Log __________________ __________________

06.02.2012, 19:50	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner "Es besteht keine Internetverbindung" Das Teil sollte so oder so neu installiert werden __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner "Es besteht keine Internetverbindung"

Plagegeister aller Art und deren Bekämpfung: Trojaner "Es besteht keine Internetverbindung"