Trojaner - GVU/Bundespolizei/ PC-Sperrung

BigÖ · 15.07.2012, 14:37

Hallo Zusammen,

auch mich hat es erwischt.

Der Trojaner ist im Forum bereits bekannt, darum brauche ich nicht nochmal es schildern.

Vielen Dank im vorraus und viele Grüße

Code:

ATTFilter

OTL logfile created on: 7/15/2012 3:12:43 PM - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\yanlizkurt\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.48 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 81.64% Memory free
6.96 Gb Paging File | 6.41 Gb Available in Paging File | 92.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 41.01 Gb Free Space | 18.20% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 129.76 Gb Free Space | 57.58% Space Free | Partition Type: NTFS
 
Computer Name: YANLIZKURT-PC | User Name: yanlizkurt | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\yanlizkurt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (DynDNS Updater) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={3C241B0F-18BF-4DDE-9F37-6627498E763E}&mid=3406b9f5591c47d1a9aad16d12b9847a-f2a5a10bb3c5516acc246fa036eb063c9a5dc6c5&lang=de&ds=od011&pr=sa&d=2012-05-19 01:19:40&v=11.1.0.7&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE368
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={3C241B0F-18BF-4DDE-9F37-6627498E763E}&mid=3406b9f5591c47d1a9aad16d12b9847a-f2a5a10bb3c5516acc246fa036eb063c9a5dc6c5&lang=de&ds=od011&pr=sa&d=2012-05-19 01:19:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =  127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Be584a816-e922-4aaf-bae4-bcf1e5f26c57%7D&mid=3406b9f5591c47d1a9aad16d12b9847a-f2a5a10bb3c5516acc246fa036eb063c9a5dc6c5&ds=od011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-19%2001%3A19%3A40&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\yanlizkurt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/25 22:49:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/09 21:08:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\yanlizkurt\AppData\Roaming\IDM\idmmzcc5 [2012/01/22 00:24:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/25 22:49:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/09 21:08:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\yanlizkurt\AppData\Roaming\IDM\idmmzcc5 [2012/01/22 00:24:27 | 000,000,000 | ---D | M]
 
[2012/06/09 10:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Extensions
[2012/07/09 17:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Firefox\Profiles\q0395kdr.default\extensions
[2012/07/09 17:25:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Firefox\Profiles\q0395kdr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/19 20:24:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Firefox\Profiles\q0395kdr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/25 12:23:57 | 000,002,101 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Mozilla\Firefox\Profiles\q0395kdr.default\searchplugins\googlede.xml
[2012/06/03 16:31:34 | 000,002,519 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Mozilla\Firefox\Profiles\q0395kdr.default\searchplugins\Search_Results.xml
[2012/06/09 10:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/09/19 01:42:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/06 11:58:28 | 000,004,404 | ---- | M] () (No name found) -- C:\USERS\YANLIZKURT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q0395KDR.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012/06/25 22:49:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/15 20:30:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2012/02/15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/06/25 22:49:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/19 01:19:37 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/25 22:49:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/25 22:49:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/25 22:49:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/03 16:31:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/25 22:49:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/25 22:49:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78822B92-53DD-4B3F-BDB0-A61922311C23}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C9125E-ABB3-4B4B-8C16-D91B52605446}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA5FFB13-942A-4BFE-8062-4E8F59AD1F02}: NameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1af43214-009a-11e1-8b29-0024545d6d89}\Shell - "" = AutoRun
O33 - MountPoints2\{1af43214-009a-11e1-8b29-0024545d6d89}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{341ec7a0-9db6-11e0-9629-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{341ec7a0-9db6-11e0-9629-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{56805564-13b8-11e0-9d4d-0024545d6d89}\Shell - "" = AutoRun
O33 - MountPoints2\{56805564-13b8-11e0-9d4d-0024545d6d89}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/15 15:07:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\yanlizkurt\Desktop\OTL.exe
[2012/07/15 12:13:04 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{DEAA88FE-43D9-4CFA-A0B9-CCA1D6894595}
[2012/07/15 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{81C31EBA-34AE-4B30-9749-8A6D6603915D}
[2012/07/14 22:26:32 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{06D7EB8D-0651-4F39-84B8-813B51874284}
[2012/07/14 22:26:21 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{41895321-2680-489A-81DD-393D512AFF8E}
[2012/07/14 11:17:52 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\Macromedia
[2012/07/14 10:26:58 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/07/14 10:25:52 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{A72A1ADC-2B62-4587-A803-DA11B5043C0C}
[2012/07/14 10:25:41 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{702BCE6F-B0C7-43D5-A083-79AB6719DD60}
[2012/07/13 12:30:12 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{FE6925B6-270E-4434-9DCE-22DF3907C73F}
[2012/07/13 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{5FC34DF3-AF9F-4F56-B84B-3B0DB4243144}
[2012/07/12 22:18:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{012F87EB-855E-4ABC-9422-B23F5E50116E}
[2012/07/12 22:18:11 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{C72DD0D8-638C-48A8-A191-2017DE7DF496}
[2012/07/12 15:39:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/07/12 15:39:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/07/12 15:39:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/07/12 15:39:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/07/12 15:39:51 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/07/12 15:39:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/07/12 15:39:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/07/12 15:34:53 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/07/11 13:32:53 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2012/07/11 13:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll
[2012/07/11 13:32:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2012/07/11 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{BFFF880E-A7C4-4CA0-8C84-CB0EACEF38A9}
[2012/07/11 13:25:34 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{FF99A628-037D-4BAC-BA71-429E3C77B50A}
[2012/07/10 12:28:36 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{197A8874-0566-40DE-AD8A-84875ED7AFEF}
[2012/07/10 12:28:25 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{70D7D413-19A1-4B36-9B07-F3CC663705E3}
[2012/07/09 18:16:01 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\windows\System32\Newtonsoft.Json.Net20.dll
[2012/07/09 18:15:11 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoft
[2012/07/09 12:33:34 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{2E6E986F-0CB5-43A9-B616-11379EE1D351}
[2012/07/09 12:33:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{78A3C4E4-60EC-417F-ACD5-9476D507386F}
[2012/07/08 18:33:17 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\Desktop\Neuer Ordner
[2012/07/08 15:11:27 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{A1107CDB-243F-4ACD-ADBE-0469E76D4AF6}
[2012/07/08 15:11:15 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{336CBDD7-E7EE-4A59-B9F8-7EDE7BB355BA}
[2012/07/07 11:53:33 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F87CA0B5-4E32-4E67-B5A9-78217C6B2F6E}
[2012/07/07 11:53:21 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{A1015CA5-B452-4DFB-B9E0-719CE589D3F9}
[2012/07/06 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{358006F2-89A3-46E2-93C7-4323DC1CE9E6}
[2012/07/06 11:32:28 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{1B7893DF-A2C2-446B-9260-479E67D5EF86}
[2012/07/05 09:50:46 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{2CE276D3-6A01-4332-B7EF-E33FEB5801F1}
[2012/07/05 09:50:35 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{54143BEA-B10B-4EE3-93E1-A49FCB1949D4}
[2012/07/04 13:07:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F35761BD-EA71-46DF-A278-02999C065898}
[2012/07/04 13:07:08 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{31922701-CE8F-46D7-B6CC-011F76F22281}
[2012/07/02 13:37:05 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F00FF05F-7D39-4FBA-BFED-CD9FB24BB296}
[2012/07/02 13:36:54 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F75B457F-CA25-4B86-9156-25B51CC7040F}
[2012/07/01 02:56:58 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{2FACBC32-EE70-4A6F-9E7A-5C62ADC14C94}
[2012/07/01 02:56:47 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{E85EA0D8-FAFE-4997-B585-25AFC1789743}
[2012/06/30 14:56:24 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{CCE938A9-4029-4E04-BAE2-45C9E9E9D2FE}
[2012/06/30 14:56:02 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{D1CEA874-54DA-45EC-8306-DAFFCC18B88B}
[2012/06/29 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{AC8A0A75-F44C-41D9-8593-4E05731A3DE7}
[2012/06/29 11:47:37 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{6D41689C-7555-4872-B13E-99F15DB907D5}
[2012/06/28 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{AA6F73AA-3C84-4515-8BD5-B712D37F3466}
[2012/06/28 22:24:11 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{29DA704F-974C-4418-B158-C88FB5ADC0CC}
[2012/06/28 06:49:58 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{02CD61A8-D1AD-49C6-83D2-A89B0E32317E}
[2012/06/28 06:49:47 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{1683BC4F-0844-4452-88F4-14629C5286C2}
[2012/06/27 13:48:08 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{053ED358-BCBB-4692-ABA8-9A461B841D52}
[2012/06/27 13:47:57 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{55BD9951-AF89-4665-86D9-26E700084406}
[2012/06/26 15:04:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{EBA55469-8355-4ACA-A32D-5508A0BE959B}
[2012/06/26 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{B0110DD4-A1D4-49CC-8919-6DEC9F336039}
[2012/06/26 14:53:38 | 000,000,000 | ---D | C] -- C:\windows\de
[2012/06/26 14:46:04 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\Windows Live
[2012/06/23 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2012/06/23 21:58:07 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/06/23 21:58:07 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/23 21:57:50 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/23 21:57:50 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2012/06/23 21:57:50 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/23 21:57:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2012/06/23 21:57:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/15 15:07:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\yanlizkurt\Desktop\OTL.exe
[2012/07/15 14:56:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/15 14:56:39 | 2804,121,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/15 14:54:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012/07/15 14:53:49 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cd062172871c2c.job
[2012/07/15 14:51:35 | 000,001,893 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/15 14:46:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/15 14:26:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/15 13:06:21 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 13:06:21 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 12:50:12 | 000,140,800 | ---- | M] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2012/07/15 12:50:05 | 000,283,304 | ---- | M] () -- C:\windows\System32\PnkBstrB.xtr
[2012/07/15 12:50:00 | 000,280,904 | ---- | M] () -- C:\windows\System32\PnkBstrB.ex0
[2012/07/14 11:26:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/07/14 11:26:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/07/14 10:33:58 | 000,003,584 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 15:49:34 | 000,683,390 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/07/13 15:49:34 | 000,624,572 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/07/13 15:49:34 | 000,139,118 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/07/13 15:49:34 | 000,114,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/07/12 22:16:28 | 000,429,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/07/10 14:50:28 | 000,138,056 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\PnkBstrK.sys
[2012/07/05 15:46:37 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/06/22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\windows\System32\Newtonsoft.Json.Net20.dll
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/15 14:51:35 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012/07/15 14:51:35 | 000,001,893 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/14 10:26:59 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/10 14:49:57 | 002,580,552 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2012/07/05 15:46:37 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/06/26 14:52:54 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/06/26 14:52:33 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/06/26 14:52:10 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/06/26 14:51:39 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/15 20:16:18 | 000,000,600 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Local\PUTTY.RND
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/08/14 17:30:09 | 000,007,605 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Local\Resmon.ResmonCfg
[2011/08/01 11:53:48 | 000,138,056 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Roaming\PnkBstrK.sys
[2011/08/01 11:53:26 | 002,434,856 | ---- | C] () -- C:\windows\System32\pbsvc_bc2.exe
[2011/06/24 11:04:27 | 000,140,800 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/06/23 19:45:51 | 000,283,304 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/06/23 19:45:50 | 002,601,752 | ---- | C] () -- C:\windows\System32\pbsvc_moh.exe
[2011/06/23 19:45:50 | 000,076,888 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2010/09/19 01:44:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/12 20:09:08 | 000,000,650 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Roaming\wklnhst.dat
[2010/02/27 03:13:51 | 000,003,584 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 20:11:13 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/03/06 00:10:19 | 000,000,000 | -HSD | M] -- C:\Users\yanlizkurt\AppData\Roaming\.#
[2012/03/05 22:58:26 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\3v
[2012/07/15 14:55:03 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\DMCache
[2012/07/09 18:16:40 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoft
[2012/07/09 18:16:11 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/08 15:58:25 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\elsterformular
[2011/11/16 19:28:45 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\FileZilla
[2011/11/13 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\FlashFXP
[2010/05/02 00:35:44 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Flatcast
[2010/02/26 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\GameConsole
[2012/06/06 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Garmin
[2012/03/09 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\gema
[2011/06/23 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\GetRightToGo
[2011/03/30 16:08:00 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Go Go Gourmet
[2012/04/25 04:51:00 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\IDM
[2012/03/09 21:44:11 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\loadtbs
[2010/12/18 20:22:05 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\LolClient
[2012/05/24 18:08:06 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\LolClient2
[2010/09/10 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Nonoh
[2012/05/30 17:48:10 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Notepad++
[2012/05/19 01:19:15 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\OpenCandy
[2011/10/28 22:41:59 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Origin
[2010/03/06 00:05:44 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\PlayFirst
[2012/07/08 18:35:54 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Screaming Bee
[2011/12/20 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Secure-Soft Stealer
[2011/02/06 22:13:13 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\TeamViewer
[2010/03/12 20:09:10 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Template
[2012/07/10 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\TS3Client
[2010/02/27 03:12:54 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Win7codecs
[2012/04/11 16:10:25 | 000,000,926 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job
[2012/05/17 11:38:18 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >

markusg · 15.07.2012, 15:10

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
[2012/07/15 14:51:35 | 000,001,893 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 :Files
:Commands
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel

Trojaner - GVU/Bundespolizei/ PC-Sperrung

Plagegeister aller Art und deren Bekämpfung: Trojaner - GVU/Bundespolizei/ PC-Sperrung

Trojaner - GVU/Bundespolizei/ PC-Sperrung

Trojaner - GVU/Bundespolizei/ PC-Sperrung

Ähnliche Themen: Trojaner - GVU/Bundespolizei/ PC-Sperrung