Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.08.2012, 13:23   #1
huso
 
PC-gesperrt!  Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Hallo an alle,

habe mir soeben diesen trojaner eingefangen.Schade.
Brauche dringend hilfe und kenne mich nicht so gut damit aus, es zubeheben.
Bin im abgesicherten Modus und weiss echt nicht weiter.

Bitte um Hilfe...

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.08.2012 15:05:57 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Zorluokat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 5,10 Gb Available Physical Memory | 85,57% Memory free
11,92 Gb Paging File | 11,18 Gb Available in Paging File | 93,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,82 Gb Total Space | 820,30 Gb Free Space | 89,18% Space Free | Partition Type: NTFS
Drive D: | 11,59 Gb Total Space | 1,65 Gb Free Space | 14,24% Space Free | Partition Type: NTFS
Drive K: | 48,83 Gb Total Space | 27,80 Gb Free Space | 56,94% Space Free | Partition Type: NTFS
Drive L: | 184,05 Gb Total Space | 94,37 Gb Free Space | 51,27% Space Free | Partition Type: NTFS
 
Computer Name: ZORLUOKAT-PC | User Name: Zorluokat | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.12 14:57:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.03 18:17:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.08.23 02:26:38 | 000,141,848 | ---- | M] (Senstic) [Auto | Stopped] -- C:\Program Files (x86)\Senstic\PocketControl\SensticPocketServiceWin.exe -- (SensticPocketService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.21 02:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.01.06 20:49:54 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.09.30 23:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.05 23:50:56 | 000,031,560 | ---- | M] (Senstic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camsource64.sys -- (avshws)
DRV:64bit: - [2010.06.03 17:07:18 | 000,015,160 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi)
DRV:64bit: - [2010.03.02 23:57:06 | 000,037,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\senaudio64.sys -- (PocketAudio)
DRV:64bit: - [2009.10.02 14:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.21 02:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.06.23 13:46:10 | 000,308,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav303.sys -- (vvftav303)
DRV:64bit: - [2007.03.25 12:26:26 | 001,494,656 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM303.sys -- (ZSMC0303)
DRV - [2009.09.17 07:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE:64bit: - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKCU\..\SearchScopes\{6715A0D7-5598-4BF3-B5C8-E856527F1565}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
O1 HOSTS File: ([2011.03.30 20:14:56 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Programme\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [VMSnap3] C:\Windows\vmsnap3.exe (Vimicro)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [xwizard] C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\3800\xwizard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9C0FFB-46A1-43D0-B5DE-40102E2E5A35}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.11 13:00:16 | 000,000,000 | ---D | M] - L:\auto Touran -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.12 14:57:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
[2012.08.12 13:02:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.08.12 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto
[2012.08.12 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D5F7CD32-0B06-4520-9303-AAEB64324CD8}
[2012.08.12 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{52324117-765C-44D7-89A2-2003D3D64421}
[2012.08.11 10:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0BE896B3-9371-46CC-BACE-DF1F5A806F5C}
[2012.08.11 10:52:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4EDD5E7D-2E56-4871-8A8A-63AE2AF0E09A}
[2012.08.10 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BC5E4259-C07E-4E9B-A4ED-490962BCBF23}
[2012.08.10 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F67FEE5-4FB5-42B4-BF7C-3347FACFF959}
[2012.08.09 10:03:33 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7C7384C9-2DAF-4589-86F0-BFEB8A7129AE}
[2012.08.09 10:03:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CA3109EA-283A-4E0F-97DD-53305696381A}
[2012.08.08 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{04B1A48F-B026-4DE3-B273-C6B2BFF05603}
[2012.08.08 10:58:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BE24A8FF-9E07-4024-AD4D-A121E6CFB57C}
[2012.08.07 22:58:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{B21967D5-3668-4002-B4C1-FAB88BCDA845}
[2012.08.07 22:57:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EB1581F2-F014-419D-9C90-90737E46EDED}
[2012.08.07 07:41:06 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC3C5F2B-8FFF-4575-A82F-6FDCE7E2075B}
[2012.08.07 07:40:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{51129F57-A005-41F7-813E-40D9F4C98473}
[2012.08.05 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.08.05 17:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.08.05 14:41:44 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\türkei bilder 2012
[2012.08.05 13:29:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{A209EEE8-FBAA-4332-8506-964ECE41B1DA}
[2012.08.05 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F2FDE3A-9C05-4DDE-86BD-997E7AD7CDAD}
[2012.08.04 10:38:19 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{63C63464-322E-4F3D-B671-C4FF7F6ABF66}
[2012.08.04 10:38:08 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C9922DA6-3E68-444C-84B2-0A97E432A35D}
[2012.08.03 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BB16E1D4-0466-4B79-AF95-AE55C0B42286}
[2012.08.03 09:48:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{1C960E88-8F8E-40D2-BBB0-5FD79BD16221}
[2012.08.01 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{72780667-68F8-443B-BC05-0E16946D8FBF}
[2012.08.01 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0A82955C-4F0E-40C8-AF88-905177EEE545}
[2012.07.31 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F75A2985-1F6B-4C52-A87C-4F213A23FADE}
[2012.07.31 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{2133892B-43DA-406E-A607-30EC9536661C}
[2012.07.31 21:59:46 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{AA6CF83A-1DC4-496E-9189-C207368ED0A5}
[2012.07.31 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC51B752-85FE-4B6E-BB98-7B6F502B6C56}
[2012.07.30 22:30:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8D6CC450-B661-4C9F-947E-A63F3190BE53}
[2012.07.30 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94126CC9-1D2D-4DD3-88B1-8875A88A6C04}
[2012.07.29 13:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94CA4A87-97EA-43F3-BDAC-A07827F98A5A}
[2012.07.29 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{469ED139-A96D-40AF-BFB3-462F1FA1F69F}
[2012.07.28 15:56:59 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5313F3C4-634E-419F-AB87-56114A975E8A}
[2012.07.28 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D51F00FE-2787-47DF-B378-B39E3676A035}
[2012.07.27 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{372B661A-B8FB-401E-9721-1BCC9B54C160}
[2012.07.27 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5A802D33-71A8-47D0-9A13-2DCAF63F5662}
[2012.07.26 23:02:21 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EC9DA2A4-B7DF-4108-986E-9A33F6ADFA4F}
[2012.07.26 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F13F675-C4CD-4AC0-8D12-F8ACA16A372B}
[2012.07.25 07:53:54 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{260A54FD-1DFA-47B5-A080-6B8AD51BF8B4}
[2012.07.25 07:53:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{22DBC9C4-7EB3-4675-A5D1-3906E06B8FFC}
[2012.07.23 17:27:49 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{78D3A68E-2976-49AA-BE42-80336E4C6E1A}
[2012.07.23 17:27:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{502A2B5E-9D54-44EB-8C67-DAD812A8D202}
[2012.07.22 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C615687C-1F9E-418C-B129-A9A1CBAAD4A0}
[2012.07.22 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{084A1B7E-04BA-4625-8953-5348BA6153F8}
[2012.07.21 20:53:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{61C77AC9-5B41-4433-972E-8E1C2DAFD682}
[2012.07.21 20:53:24 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7D3D9F87-410E-4A63-B1E4-F8027461E128}
[2012.07.21 08:52:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{323BB2A1-1BFA-40A1-85CE-5581202B77AF}
[2012.07.21 08:52:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F1FF85A-85B5-43C6-BEE3-833FEE26C213}
[2012.07.18 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7523CCEE-1C8E-4BE0-BBE3-A431CD886D4F}
[2012.07.18 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{083C6E36-C8F1-4192-92BF-A4DE405EA38E}
[2012.07.17 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner (2)
[2012.07.17 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner
[2012.07.17 20:56:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0B848230-F4DC-4CE4-9536-4ACBC63E2C6A}
[2012.07.17 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{DC8A1F1C-3E6B-48E9-A569-A57AD89CC5B7}
[2012.07.16 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4BFC04CC-20F5-43D7-BC47-2F3B9ED613CB}
[2012.07.16 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{20B6A69A-6614-4C6C-9DE1-B9D318A9572F}
[2012.07.16 11:18:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F00AB6A4-65B8-41B9-8064-4C3E5516E7CE}
[2012.07.16 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8C222B6D-B973-4361-9C2E-A44B715134E7}
[2012.07.16 00:36:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.16 00:36:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.16 00:36:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.16 00:36:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.16 00:36:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.16 00:36:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.16 00:36:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.16 00:36:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.16 00:36:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.16 00:36:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.16 00:36:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.16 00:36:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.16 00:36:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.15 15:27:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.07.15 15:27:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.07.15 15:27:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.07.15 15:27:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.15 15:27:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.07.15 15:27:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.07.15 15:26:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.07.15 15:26:53 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.07.15 15:26:25 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.15 15:26:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.15 15:25:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.15 15:25:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.15 15:09:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.15 15:09:13 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.07.15 15:09:13 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.07.15 15:09:04 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.07.15 15:09:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.07.15 15:09:04 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.07.15 15:08:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.07.15 15:08:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.07.15 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{47EA696F-8DCE-4D90-A670-920A9D8A817D}
[2012.07.15 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{354652EF-97C0-4F34-83A2-CF8E84A217E4}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 14:57:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
[2012.08.12 14:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 14:51:50 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 14:46:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 13:29:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 13:29:52 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.12 13:29:52 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.12 13:29:52 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.12 13:29:52 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.12 13:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.12 13:04:12 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012.08.12 12:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 15:43:23 | 000,274,395 | ---- | M] () -- C:\Users\Zorluokat\Desktop\business paln.pdf
[2012.08.03 18:17:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 18:17:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 11:16:56 | 005,003,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.12 13:04:12 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012.08.05 15:43:23 | 000,274,395 | ---- | C] () -- C:\Users\Zorluokat\Desktop\business paln.pdf
[2012.04.26 15:51:55 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.04.26 15:51:15 | 000,000,113 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2012.04.26 15:47:01 | 000,000,114 | ---- | C] () -- C:\Windows\Startup.INI
[2012.02.22 00:20:14 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.02.24 18:00:36 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.01.18 19:27:58 | 000,001,456 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.01.01 20:24:17 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.16 20:09:39 | 000,005,120 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.13 01:05:13 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.10.05 22:39:40 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.09.28 19:25:11 | 000,000,118 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\wklnhst.dat
[2010.09.27 16:40:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.23 17:37:02 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2010.09.23 17:37:02 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.08.2012 15:27:09 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Zorluokat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 4,98 Gb Available Physical Memory | 83,54% Memory free
11,92 Gb Paging File | 11,09 Gb Available in Paging File | 93,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,82 Gb Total Space | 820,30 Gb Free Space | 89,18% Space Free | Partition Type: NTFS
Drive D: | 11,59 Gb Total Space | 1,65 Gb Free Space | 14,24% Space Free | Partition Type: NTFS
 
Computer Name: ZORLUOKAT-PC | User Name: Zorluokat | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zorluokat\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (SensticPocketService) -- C:\Program Files (x86)\Senstic\PocketControl\SensticPocketServiceWin.exe (Senstic)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (DATEV Update-Service) -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (avshws) -- C:\Windows\SysNative\drivers\camsource64.sys (Senstic)
DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (PocketAudio) -- C:\Windows\SysNative\drivers\senaudio64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (vvftav303) -- C:\Windows\SysNative\drivers\vvftav303.sys (Vimicro Corporation)
DRV:64bit: - (ZSMC0303) -- C:\Windows\SysNative\drivers\usbVM303.sys (Vimicro Corporation)
DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE:64bit: - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes\{6715A0D7-5598-4BF3-B5C8-E856527F1565}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
O1 HOSTS File: ([2011.03.30 20:14:56 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Programme\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [VMSnap3] C:\Windows\vmsnap3.exe (Vimicro)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [xwizard] C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\3800\xwizard.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9C0FFB-46A1-43D0-B5DE-40102E2E5A35}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.12 14:57:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
[2012.08.12 13:02:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.08.12 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto
[2012.08.12 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D5F7CD32-0B06-4520-9303-AAEB64324CD8}
[2012.08.12 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{52324117-765C-44D7-89A2-2003D3D64421}
[2012.08.11 10:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0BE896B3-9371-46CC-BACE-DF1F5A806F5C}
[2012.08.11 10:52:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4EDD5E7D-2E56-4871-8A8A-63AE2AF0E09A}
[2012.08.10 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BC5E4259-C07E-4E9B-A4ED-490962BCBF23}
[2012.08.10 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F67FEE5-4FB5-42B4-BF7C-3347FACFF959}
[2012.08.09 10:03:33 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7C7384C9-2DAF-4589-86F0-BFEB8A7129AE}
[2012.08.09 10:03:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CA3109EA-283A-4E0F-97DD-53305696381A}
[2012.08.08 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{04B1A48F-B026-4DE3-B273-C6B2BFF05603}
[2012.08.08 10:58:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BE24A8FF-9E07-4024-AD4D-A121E6CFB57C}
[2012.08.07 22:58:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{B21967D5-3668-4002-B4C1-FAB88BCDA845}
[2012.08.07 22:57:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EB1581F2-F014-419D-9C90-90737E46EDED}
[2012.08.07 07:41:06 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC3C5F2B-8FFF-4575-A82F-6FDCE7E2075B}
[2012.08.07 07:40:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{51129F57-A005-41F7-813E-40D9F4C98473}
[2012.08.05 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.08.05 17:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.08.05 14:41:44 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\türkei bilder 2012
[2012.08.05 13:29:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{A209EEE8-FBAA-4332-8506-964ECE41B1DA}
[2012.08.05 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F2FDE3A-9C05-4DDE-86BD-997E7AD7CDAD}
[2012.08.04 10:38:19 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{63C63464-322E-4F3D-B671-C4FF7F6ABF66}
[2012.08.04 10:38:08 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C9922DA6-3E68-444C-84B2-0A97E432A35D}
[2012.08.03 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BB16E1D4-0466-4B79-AF95-AE55C0B42286}
[2012.08.03 09:48:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{1C960E88-8F8E-40D2-BBB0-5FD79BD16221}
[2012.08.01 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{72780667-68F8-443B-BC05-0E16946D8FBF}
[2012.08.01 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0A82955C-4F0E-40C8-AF88-905177EEE545}
[2012.07.31 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F75A2985-1F6B-4C52-A87C-4F213A23FADE}
[2012.07.31 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{2133892B-43DA-406E-A607-30EC9536661C}
[2012.07.31 21:59:46 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{AA6CF83A-1DC4-496E-9189-C207368ED0A5}
[2012.07.31 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC51B752-85FE-4B6E-BB98-7B6F502B6C56}
[2012.07.30 22:30:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8D6CC450-B661-4C9F-947E-A63F3190BE53}
[2012.07.30 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94126CC9-1D2D-4DD3-88B1-8875A88A6C04}
[2012.07.29 13:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94CA4A87-97EA-43F3-BDAC-A07827F98A5A}
[2012.07.29 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{469ED139-A96D-40AF-BFB3-462F1FA1F69F}
[2012.07.28 15:56:59 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5313F3C4-634E-419F-AB87-56114A975E8A}
[2012.07.28 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D51F00FE-2787-47DF-B378-B39E3676A035}
[2012.07.27 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{372B661A-B8FB-401E-9721-1BCC9B54C160}
[2012.07.27 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5A802D33-71A8-47D0-9A13-2DCAF63F5662}
[2012.07.26 23:02:21 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EC9DA2A4-B7DF-4108-986E-9A33F6ADFA4F}
[2012.07.26 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F13F675-C4CD-4AC0-8D12-F8ACA16A372B}
[2012.07.25 07:53:54 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{260A54FD-1DFA-47B5-A080-6B8AD51BF8B4}
[2012.07.25 07:53:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{22DBC9C4-7EB3-4675-A5D1-3906E06B8FFC}
[2012.07.23 17:27:49 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{78D3A68E-2976-49AA-BE42-80336E4C6E1A}
[2012.07.23 17:27:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{502A2B5E-9D54-44EB-8C67-DAD812A8D202}
[2012.07.22 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C615687C-1F9E-418C-B129-A9A1CBAAD4A0}
[2012.07.22 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{084A1B7E-04BA-4625-8953-5348BA6153F8}
[2012.07.21 20:53:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{61C77AC9-5B41-4433-972E-8E1C2DAFD682}
[2012.07.21 20:53:24 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7D3D9F87-410E-4A63-B1E4-F8027461E128}
[2012.07.21 08:52:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{323BB2A1-1BFA-40A1-85CE-5581202B77AF}
[2012.07.21 08:52:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F1FF85A-85B5-43C6-BEE3-833FEE26C213}
[2012.07.18 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7523CCEE-1C8E-4BE0-BBE3-A431CD886D4F}
[2012.07.18 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{083C6E36-C8F1-4192-92BF-A4DE405EA38E}
[2012.07.17 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner (2)
[2012.07.17 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner
[2012.07.17 20:56:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0B848230-F4DC-4CE4-9536-4ACBC63E2C6A}
[2012.07.17 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{DC8A1F1C-3E6B-48E9-A569-A57AD89CC5B7}
[2012.07.16 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4BFC04CC-20F5-43D7-BC47-2F3B9ED613CB}
[2012.07.16 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{20B6A69A-6614-4C6C-9DE1-B9D318A9572F}
[2012.07.16 11:18:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F00AB6A4-65B8-41B9-8064-4C3E5516E7CE}
[2012.07.16 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8C222B6D-B973-4361-9C2E-A44B715134E7}
[2012.07.16 00:36:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.16 00:36:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.16 00:36:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.16 00:36:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.16 00:36:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.16 00:36:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.16 00:36:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.16 00:36:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.16 00:36:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.16 00:36:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.16 00:36:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.16 00:36:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.16 00:36:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.15 15:27:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.07.15 15:27:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.07.15 15:27:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.07.15 15:27:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.15 15:27:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.07.15 15:27:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.07.15 15:26:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.07.15 15:26:53 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.07.15 15:26:25 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.15 15:26:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.15 15:25:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.15 15:25:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.15 15:09:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.15 15:09:13 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.07.15 15:09:13 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.07.15 15:09:04 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.07.15 15:09:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.07.15 15:09:04 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.07.15 15:08:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.07.15 15:08:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.07.15 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{47EA696F-8DCE-4D90-A670-920A9D8A817D}
[2012.07.15 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{354652EF-97C0-4F34-83A2-CF8E84A217E4}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 14:57:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe
[2012.08.12 14:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 14:51:50 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 14:46:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 13:29:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 13:29:52 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.12 13:29:52 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.12 13:29:52 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.12 13:29:52 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.12 13:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.12 13:04:12 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012.08.12 12:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 15:43:23 | 000,274,395 | ---- | M] () -- C:\Users\Zorluokat\Desktop\business paln.pdf
[2012.08.03 18:17:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 18:17:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 11:16:56 | 005,003,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.12 13:04:12 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012.08.05 15:43:23 | 000,274,395 | ---- | C] () -- C:\Users\Zorluokat\Desktop\business paln.pdf
[2012.04.26 15:51:55 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.04.26 15:51:15 | 000,000,113 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2012.04.26 15:47:01 | 000,000,114 | ---- | C] () -- C:\Windows\Startup.INI
[2012.02.22 00:20:14 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.02.24 18:00:36 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.01.18 19:27:58 | 000,001,456 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.01.01 20:24:17 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.16 20:09:39 | 000,005,120 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.13 01:05:13 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.10.05 22:39:40 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.09.28 19:25:11 | 000,000,118 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\wklnhst.dat
[2010.09.27 16:40:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.23 17:37:02 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2010.09.23 17:37:02 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
 
========== LOP Check ==========
 
[2012.01.18 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Air Cam Live Video - PC Control
[2011.01.08 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.21 00:43:01 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\DVDVideoSoft
[2011.11.04 19:45:54 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.12 12:51:09 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto
[2012.03.16 01:59:16 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\redsn0w
[2011.01.08 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.09.28 19:25:21 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Template
[2010.11.07 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Tific
[2010.09.15 23:11:39 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\WildTangent
[2010.09.15 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\WinBatch
[2010.12.16 00:07:24 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Windows Live Writer
[2012.05.31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.08.09 10:47:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

malware-log

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.12.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Zorluokat :: ZORLUOKAT-PC [Administrator]

Schutz: Deaktiviert

12.08.2012 15:40:08
mbam-log-2012-08-12 (15-40-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 424385
Laufzeit: 38 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

# AdwCleaner v1.800 - Logfile created 08/12/2012 at 16:50:37
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Zorluokat - ZORLUOKAT-PC
# Running from : C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DLY8HJ6Z\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Zorluokat\AppData\Local\Conduit
Folder Found : C:\Users\Zorluokat\AppData\Local\OpenCandy
Folder Found : C:\Users\Zorluokat\AppData\LocalLow\Conduit
Folder Found : C:\Users\Zorluokat\AppData\LocalLow\WiseConvert
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\WiseConvert

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar
Key Found : HKLM\SOFTWARE\WiseConvert
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C679A0BD-77B7-478D-B572-5A7ADBB92855}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29549967-39BA-414A-83B3-8BD91CCD4165}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716

*************************

AdwCleaner[R1].txt - [3017 octets] - [12/08/2012 16:50:37]

########## EOF - C:\AdwCleaner[R1].txt - [3145 octets] ##########

Alt 12.08.2012, 21:35   #2
t'john
/// Helfer-Team
 
PC-gesperrt!  Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5} 
IE:64bit: - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5} 
IE - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5} 
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes\{6715A0D7-5598-4BF3-B5C8-E856527F1565}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} 
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found 
O3 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe () 
O4 - HKLM..\Run: [] File not found 
O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [AdobeBridge] File not found 
O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [xwizard] C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\3800\xwizard.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 

[2012.08.12 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto 
[2012.08.12 14:46:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.12 13:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.08.12 12:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.05.31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 28.09.2012, 10:55   #3
t'john
/// Helfer-Team
 
PC-gesperrt!  Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Standard

PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Antwort

Themen zu PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
abgesicherte, abgesicherten, abgesicherten modus, adwcleaner, appdatalow, bingbar, blockiert, bundesrepublik, compu, computer, der computer ist für die verletzung, der computer ist für die verletzung der gesetze, deutschland, dringend, gesetze, google earth, modus, pc-gesperrt, troja, trojaner, verletzung, verletzung der gesetze, verletzung der gesetze der bundesrepublik deutschland wurde blockiert



Ähnliche Themen: PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert


  1. Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 29.10.2012 (7)
  2. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (4)
  3. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  4. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (21)
  5. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (4)
  6. ' Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert'
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (6)
  7. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 20.08.2012 (7)
  8. der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (47)
  9. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 14.08.2012 (5)
  10. der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert
    Log-Analyse und Auswertung - 12.08.2012 (2)
  11. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde gesperrt
    Log-Analyse und Auswertung - 09.08.2012 (8)
  12. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 08.08.2012 (16)
  13. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 08.08.2012 (3)
  14. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert 3
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (6)
  15. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (4)
  16. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Log-Analyse und Auswertung - 29.07.2012 (12)
  17. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)

Zum Thema PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert - Hallo an alle, habe mir soeben diesen trojaner eingefangen.Schade . Brauche dringend hilfe und kenne mich nicht so gut damit aus, es zubeheben. Bin im abgesicherten Modus und weiss echt - PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert...
Archiv
Du betrachtest: PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.