| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Whitescreen, Keine ReaktionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.03.2012, 19:14
| #1 |
 |  Whitescreen, Keine Reaktion Hallo, Ich habe mir vor ein paar tagen eine Minecraft Mod Runtergeladen, worauf ich einen Whitescreen bekam wo nur "Verbindung wird hergestellt"  stand.Ich habe den Computer neu gestartet und es ging nicht weg, der befehl Strg+Alt+Entf geht noch. Da ich kein Computerprofi bin, weis ich nicht mehr weiter. Ich brauche unbedingt hilfe :-) und Danke im Vorraus. Mfg Sebastian |
|
15.03.2012, 19:18
| #2 |
| /// Malware-holic   | Whitescreen, Keine Reaktion Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:
__________________Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD. Lade  OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Bebilderte Anleitung: OTLpe-Scan
__________________ |
|
15.03.2012, 20:12
| #3 |
| | Whitescreen, Keine Reaktion Wenn ich auf das otlpe icon doppelklick mache öffnet sich ein fenster "Browse for folder".l
__________________ |
|
15.03.2012, 20:14
| #4 |
| /// Malware-holic | Whitescreen, Keine Reaktion klappe da mal alles auf, suche den windows ordner, klicke drauf, und weiter gehts.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.03.2012, 20:28
| #5 |
| | Whitescreen, Keine Reaktion wie soll ich das reinkopieren von diesem auf den anderen computer |
|
15.03.2012, 20:29
| #6 |
| /// Malware-holic | Whitescreen, Keine Reaktion auf nem stick, speichern und dann da öffnen und reinkopieren.
__________________ --> Whitescreen, Keine Reaktion |
|
15.03.2012, 20:31
| #7 |
| | Whitescreen, Keine Reaktion hab ich schon versucht ich kann das net einfügen auf den stick |
|
15.03.2012, 20:32
| #8 |
| /// Malware-holic | Whitescreen, Keine Reaktion nicht auf den stick einfügen, natürlich als textdatei speichern und die auf dem stick kopieren...
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.03.2012, 20:33
| #9 |
| | Whitescreen, Keine Reaktion oh ups  . |
|
15.03.2012, 20:43
| #10 |
| | Whitescreen, Keine Reaktion so PHP-Code: |
|
15.03.2012, 20:51
| #11 |
| | Whitescreen, Keine Reaktion kann ich das otl schließen? |
|
15.03.2012, 20:52
| #12 |
| | Whitescreen, Keine Reaktion was muss ich machen das ich wieder windows 7 habe? |
|
16.03.2012, 13:22
| #13 |
| /// Malware-holic | Whitescreen, Keine Reaktion bitte noch mal posten, aber nicht in php code, sonst kann mans nicht richtig bearbeiten. und hör auf zu fragen, was muss ich machen, du bekommst hilfe wenn du drann bist, wie jeder andere hier auch.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.03.2012, 17:29
| #14 |
| | Whitescreen, Keine Reaktion OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/15/2012 9:35:51 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 14.65 Gb Total Space | 10.47 Gb Free Space | 71.48% Space Free | Partition Type: NTFS
Drive D: | 451.07 Gb Total Space | 327.99 Gb Free Space | 72.71% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.05 Gb Free Space | 81.95% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/12/28 23:00:42 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/12/28 15:23:08 | 000,014,648 | ---- | M] (Alienware) [Auto] -- D:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/12/19 14:36:48 | 002,389,320 | ---- | M] (Sensible Vision ) [Auto] -- D:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/01 20:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto] -- D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012/01/12 08:34:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/05 08:39:41 | 000,069,120 | ---- | M] (BOONTY) [On_Demand] -- D:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2011/07/15 11:48:41 | 000,075,136 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/28 12:06:32 | 000,428,200 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 12:06:32 | 000,340,136 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 12:06:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 07:32:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/22 10:12:03 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto] -- D:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto] -- D:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/19 12:25:24 | 000,059,904 | ---- | M] () [Auto] -- D:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/15 09:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- D:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/06/28 12:06:33 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 12:06:33 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 02:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/29 05:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 05:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/02/22 04:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand] -- D:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/01/04 13:40:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/12/28 23:25:16 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/07 14:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/12/07 14:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/11/25 18:05:28 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/17 15:43:10 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/10 17:18:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot] -- D:\Windows\System32\drivers\johci.sys -- (johci)
DRV:64bit: - [2009/10/12 10:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/29 19:45:20 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/06/26 17:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot] -- D:\Windows\System32\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/25 08:34:54 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009/05/25 08:34:54 | 000,139,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009/05/25 08:34:54 | 000,135,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009/05/25 08:34:52 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009/05/25 08:34:52 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009/05/25 08:34:50 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009/05/25 08:34:48 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV:64bit: - [2009/04/08 08:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/09/24 23:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/01/17 10:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2008/01/09 05:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- D:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/06/26 17:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot] -- D:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)
DRV - [2009/04/16 01:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/04 19:04:40] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sebastian_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienware.com/
IE - HKU\Sebastian_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com [binary data]
IE - HKU\Sebastian_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Sebastian_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\Sebastian_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\Sebastian_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 43 3A BB 62 24 CB 01 [binary data]
IE - HKU\Sebastian_ON_D\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_D\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_D\..\URLSearchHook: {1f6dc435-8d54-4f86-8ab5-07ae110f7ee8} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_D\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_D\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_D\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_D\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_D\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_D\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sebastian_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@bittorrent.com/BitTorrentDNA: D:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\2.bin [2011/12/09 09:30:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/02 15:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/11 10:26:56 | 000,000,000 | ---D | M]
[2012/03/02 15:41:09 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/02 15:41:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/02 15:40:59 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/02 15:40:59 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/02 15:40:59 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/02 15:40:59 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/02 15:40:59 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/02 15:40:59 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (virusctools Toolbar) - {1f6dc435-8d54-4f86-8ab5-07ae110f7ee8} - D:\Program Files (x86)\virusctools\tbvir0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - D:\Program Files (x86)\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - D:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - D:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - D:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - D:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - D:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (virusctools Toolbar) - {1f6dc435-8d54-4f86-8ab5-07ae110f7ee8} - D:\Program Files (x86)\virusctools\tbvir0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - D:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - D:\Program Files (x86)\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - D:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - D:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - D:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (virusctools Toolbar) - {1F6DC435-8D54-4F86-8AB5-07AE110F7EE8} - D:\Program Files (x86)\virusctools\tbvir0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - D:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - D:\Program Files (x86)\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - D:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - D:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - D:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - D:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - D:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (virusctools Toolbar) - {1F6DC435-8D54-4F86-8AB5-07AE110F7EE8} - D:\Program Files (x86)\virusctools\tbvir0.dll (Conduit Ltd.)
O3:64bit: - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - D:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll ()
O3 - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - D:\Program Files (x86)\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - D:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - D:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - D:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - D:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] D:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] D:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] D:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] D:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] D:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] D:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Logitech G35] D:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [Lycosa] D:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] D:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] D:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] D:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] D:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Sebastian_ON_D..\Run: [BitTorrent DNA] D:\Users\Sebastian\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\Sebastian_ON_D..\Run: [MyWebSearch Email Plugin] D:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\Sebastian_ON_D..\Run: [Pando Media Booster] D:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Sebastian_ON_D..\Run: [Steam] D:\Users\Sebastian\Desktop\gaming\Steam\steam.exe (Valve Corporation)
O4 - HKU\Sebastian_ON_D..\Run: [VX2bt1oYNKCLnkO] D:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O4 - HKLM..\RunOnce: [Launcher] D:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\Sebastian_ON_D..\RunOnce: [FlashPlayerUpdate] D:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Sebastian_ON_D\..Trusted Ranges: Range1 ([*] in Vertrauenswürdige Sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Sebastian_ON_D Winlogon: Shell - (C:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe) - D:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O20 - HKU\Sebastian_ON_D Winlogon: UserInit - (C:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe) - D:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll - D:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/03/03 13:41:33 | 000,305,664 | ---- | C] (Cutting Edge Software Inc.) -- D:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe
[2012/03/03 12:55:28 | 000,000,000 | R--D | C] -- D:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/02/16 13:36:19 | 000,509,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntshrui.dll
[2012/02/16 13:36:13 | 000,515,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\timedate.cpl
[2012/02/16 13:36:12 | 000,478,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\timedate.cpl
[2012/02/16 13:35:55 | 000,634,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msvcrt.dll
[2012/02/16 13:35:14 | 000,702,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/02/16 13:35:14 | 000,599,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2012/02/16 13:35:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/02/16 13:35:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/02/16 13:35:11 | 000,097,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/02/16 13:35:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2012/02/16 13:35:08 | 000,134,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/02/16 13:35:07 | 000,132,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/02/15 16:12:57 | 000,000,000 | ---D | C] -- D:\Users\Sebastian\AppData\Roaming\TuneUp Software
[2012/02/15 16:11:27 | 000,000,000 | ---D | C] -- D:\ProgramData\TuneUp Software
[2012/02/15 16:11:12 | 000,000,000 | -HSD | C] -- D:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/02/15 15:53:23 | 000,000,000 | ---D | C] -- D:\ProgramData\IBUpdaterService
[2012/02/15 15:53:11 | 000,000,000 | ---D | C] -- D:\Users\Sebastian\AppData\Roaming\PerformerSoft
[2012/02/15 15:53:06 | 000,016,752 | ---- | C] (PerformerSoft LLC) -- D:\Windows\System32\roboot64.exe
========== Files - Modified Within 30 Days ==========
[2012/03/14 16:44:02 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/14 15:57:45 | 1554,632,704 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/14 15:51:50 | 000,065,536 | ---- | M] () -- D:\Windows\System32\Ikeext.etl
[2012/03/14 15:51:50 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 12:39:46 | 000,014,256 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 12:39:46 | 000,014,256 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 12:37:12 | 000,001,136 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2654860860-2458858577-2634600420-1000UA.job
[2012/03/03 13:41:31 | 000,305,664 | ---- | M] (Cutting Edge Software Inc.) -- D:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe
[2012/03/03 13:37:04 | 000,001,084 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2654860860-2458858577-2634600420-1000Core.job
[2012/03/03 13:20:11 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 15:41:08 | 000,002,050 | ---- | M] () -- D:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/02 14:00:02 | 000,000,506 | -H-- | M] () -- D:\Windows\tasks\Norton Security Scan for Sebastian.job
[2012/02/24 15:09:45 | 000,648,704 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/02/24 15:09:45 | 000,611,332 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/02/24 15:09:45 | 000,128,930 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/02/24 15:09:45 | 000,105,512 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/02/17 09:52:39 | 000,291,520 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2011/11/11 08:51:17 | 000,000,995 | ---- | C] () -- D:\Windows\eReg.dat
[2011/07/14 19:13:02 | 002,434,856 | ---- | C] () -- D:\Windows\SysWow64\pbsvc_bc2.exe
[2011/06/26 15:35:32 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/26 17:19:11 | 000,280,768 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/05/26 17:18:54 | 000,075,136 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2010/12/23 15:49:49 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/10/15 16:41:35 | 000,007,599 | ---- | C] () -- D:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
[2010/06/19 17:37:47 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2010/06/08 09:19:24 | 000,692,224 | ---- | C] () -- D:\Windows\SysWow64\libeay32.dll
[2010/06/08 09:19:24 | 000,151,552 | ---- | C] () -- D:\Windows\SysWow64\ssleay32.dll
[2010/04/20 10:31:43 | 000,936,832 | ---- | C] () -- D:\Windows\SysWow64\M2ElevatedCalls.dll
[2010/03/04 13:43:56 | 000,146,432 | ---- | C] () -- D:\Windows\SysWow64\APOMngr.DLL
[2010/03/04 13:43:56 | 000,072,704 | ---- | C] () -- D:\Windows\SysWow64\CmdRtr.DLL
[2010/01/21 22:53:36 | 000,982,220 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2010/01/21 22:53:35 | 000,134,592 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin
[2010/01/21 22:53:35 | 000,092,216 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2010/01/21 22:53:33 | 000,439,300 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2009/12/28 15:32:34 | 000,097,584 | ---- | C] () -- D:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009/12/19 14:38:21 | 000,089,416 | ---- | C] () -- D:\Windows\SysWow64\FAIEExtension.dll
[2009/12/19 14:37:19 | 000,059,208 | ---- | C] () -- D:\Windows\SysWow64\FAib.dll
[2009/12/19 14:36:21 | 000,236,872 | ---- | C] () -- D:\Windows\SysWow64\FACrashRpt.dll
[2009/09/09 20:18:28 | 000,577,536 | ---- | C] () -- D:\Windows\SysWow64\EMSC.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2008/04/28 05:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/04/28 05:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/04/28 05:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/04/28 05:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/04/28 05:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/04/28 05:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelKorean.dll
[2008/04/28 05:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/04/28 05:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelGerman.dll
[2008/04/28 05:11:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelFrench.dll
========== LOP Check ==========
[2010/03/12 09:40:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Alienware
[2010/03/10 09:27:32 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/09/05 08:39:53 | 000,000,000 | ---D | M] -- D:\ProgramData\BOONTY
[2010/09/30 09:46:05 | 000,000,000 | ---D | M] -- D:\ProgramData\BVRP Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/03/10 09:27:32 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2010/03/10 09:27:32 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/02/15 15:53:23 | 000,000,000 | ---D | M] -- D:\ProgramData\IBUpdaterService
[2010/04/01 11:45:02 | 000,000,000 | ---D | M] -- D:\ProgramData\ICQ
[2011/03/04 12:49:51 | 000,000,000 | ---D | M] -- D:\ProgramData\mquadr.at
[2010/04/03 17:02:36 | 000,000,000 | ---D | M] -- D:\ProgramData\NexonEU
[2010/11/19 14:52:38 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/03/12 08:05:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Razer
[2010/07/16 15:42:33 | 000,000,000 | ---D | M] -- D:\ProgramData\Screaming Bee
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/03/10 09:27:32 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/03/04 21:14:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/02/15 16:15:00 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software
[2010/03/04 20:56:25 | 000,000,000 | ---D | M] -- D:\ProgramData\Vista32
[2010/03/04 20:56:25 | 000,000,000 | ---D | M] -- D:\ProgramData\Vista64
[2010/03/10 09:27:32 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2010/03/04 21:16:01 | 000,000,000 | ---D | M] -- D:\ProgramData\Win732
[2010/03/04 21:16:01 | 000,000,000 | ---D | M] -- D:\ProgramData\Win764
[2010/03/04 20:56:25 | 000,000,000 | ---D | M] -- D:\ProgramData\XP32
[2010/03/24 11:27:36 | 000,000,000 | ---D | M] -- D:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2012/02/15 16:11:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010/04/04 16:31:23 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/03/04 12:47:17 | 000,000,000 | -H-D | M] -- D:\ProgramData\{E20C9620-7DFA-4C75-8F3B-02E4B3F4D981}
[2011/10/08 07:37:38 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
|
|
16.03.2012, 17:38
| #15 |
| /// Malware-holic | Whitescreen, Keine Reaktion auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O4 - HKU\Sebastian_ON_D..\Run: [VX2bt1oYNKCLnkO] D:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4:64bit: - HKLM..\Run: [] File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\Sebastian_ON_D Winlogon: Shell - (C:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe) - D:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe (Cutting
Edge Software Inc.)
O20 - HKU\Sebastian_ON_D Winlogon: UserInit - (C:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe) - D:\Users\Sebastian\AppData\Roaming\h6s5ruij653.exe
(Cutting Edge Software Inc.)
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Whitescreen, Keine Reaktion |
| bedingt, befehl, brauche, compu, computer, gestartet, hergestellt, keine reaktion, minecraft, neu, nicht mehr, reaktion, runtergeladen, strg, tagen, trojaner, unbedingt, verbindung, verbindung wird hergestellt, whitescreen |
Linear-Darstellung
