Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Gefälschter Virus attackiert meinen PC! (https://www.trojaner-board.de/99531-gefaelschter-virus-attackiert-meinen-pc.html)

Virus123Hilf 24.05.2011 20:24
Gefälschter Virus attackiert meinen PC!
 
"Als ich gestern mit meinem Goolge Chrome im Internet unterwegs war,downloadete ich den Adobe Flash player 10.
In der Folge poppten Fenster von angeblicher Antiviren-Software auf [WIN7 Internet Security], die mich zur Installation und zum Kauf derselben verleiten wollten. Diesen Aufforderungen bin ich nicht nachgekommen.

Ich habe dann auf einer Seite herausgefunden ->
Das dieser ''Virus''(Trojan-BNK.Win32.Keylogger.gen)
eigentlich garkein Virus ist,und nur zur täuschung Dient um eben das Antivirus Programm win7 internet security zu downloaden.
Der eigentliche Virus soll/sollen eben diese Fenster sein,die immer zum Vorschein kommen.

Auch ins Web kann ich nicht mehr egal,mit welchem Browser. Da kommt immer die Meldung: Ein sehr gefährlicher Virus..blabla, installieren sie sofort WIN7 Internet Security um die Viren zu löschen.
Ich lasse den PC gerade mit Avira Antivir Personal - Free Antivirus scanen.
(Mache ich zum ersten mal jetzt,da wir den Laptop erst frisch gekauft haben)

Ich weiss,eigentlich sollte ich alle Schritte befolgen,aber ich habe wirklich keine Zeit und brauche sehr schnell eure Hilfe.
Ich binn erst 14 (!) Jahre alt,und wenn meine Eltern diesen ''Virus'' entdecken..dann gibts riesigen ärger. :(

Für Infos über diesen ''Virus'' -> Trojan-BNK.Win32.Keylogger.gen Entfernen | Faster, PC! Clean! Clean! in deutscher Sprache

Wenn der Link nicht gezeigt wird einfach Trojan-BNK.Win32.Keylogger.gen in Google eingeben,ist der allererste Link.

Bitte,hilft mir. Ich muss diesen ''Virus'' unbedingt weg kriegen bevor meine Eltern kommen.
Wenn ihr mir nicht helfen könnt muss ich wohl WIN7 von neu Installieren.

Es folgt der Log

[SPOILER]

OTL logfile created on: 5/24/2011 9:02:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Burcu\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.86 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 45.80% Memory free
7.73 Gb Paging File | 5.35 Gb Available in Paging File | 69.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 138.94 Gb Free Space | 77.62% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 266.37 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Computer Name: BURCU-PC | User Name: Burcu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 20:58:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Burcu\Desktop\OTL.exe
PRC - [2011/05/24 20:08:29 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Burcu\Desktop\HiJackThis204.exe
PRC - [2011/05/24 18:39:08 | 000,339,968 | -HS- | M] () -- C:\Users\Burcu\AppData\Local\ikx.exe
PRC - [2011/05/02 12:25:56 | 000,724,536 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/04/01 17:07:08 | 000,442,024 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2011/04/01 17:07:05 | 000,389,288 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011/03/31 16:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011/03/31 14:38:26 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 20:58:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Burcu\Desktop\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctgmhk.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:25 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:25 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/10 13:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/12/02 15:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/12/02 15:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/12/02 15:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 15:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/09/02 19:06:00 | 001,577,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/05/21 06:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/01/30 01:09:56 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/10/25 09:58:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/25 09:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/25 09:59:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/05/07 10:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/05/07 10:59:23 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Users\Burcu\AppData\Local\ikx.exe" -a "%1" %* ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Burcu\AppData\Local\ikx.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 20:58:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Burcu\Desktop\OTL.exe
[2011/05/24 20:08:33 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Burcu\Desktop\HiJackThis204.exe
[2011/05/24 20:03:53 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{77CB79F7-FE81-4C8E-830B-4D2C2FD36E00}
[2011/05/24 19:20:06 | 000,816,016 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctEFA64.sys
[2011/05/24 19:20:06 | 000,452,872 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctDS64.sys
[2011/05/24 19:20:06 | 000,334,976 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[2011/05/24 19:20:06 | 000,137,704 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2011/05/24 19:20:05 | 000,257,232 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys
[2011/05/24 19:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/05/24 19:19:56 | 000,092,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2011/05/24 19:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/05/24 19:19:30 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\PC Tools
[2011/05/24 19:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/05/24 19:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/23 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{3C27C661-AFE5-4D08-877D-8900F07BBA83}
[2011/05/22 08:56:37 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{5A5E2BCB-75C4-48F5-ACF9-CAAFE0C0DB59}
[2011/05/21 09:27:47 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{75DACF3D-FE30-49F3-A7FD-01E0AF2C6620}
[2011/05/20 17:57:10 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\PhotoScape
[2011/05/20 17:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2011/05/20 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{47CA2DB1-287B-4F8D-90EE-834D3EC0A8D5}
[2011/05/19 22:29:29 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{6FC39032-4416-4ADE-8832-EB8FB79F4030}
[2011/05/19 08:17:45 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{0D76E411-2E09-4C06-BE57-0A4543F2BAA1}
[2011/05/18 09:31:37 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{02F12435-AA79-4067-B962-1A886681D118}
[2011/05/17 20:35:01 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{E1A1DD95-4F79-4419-9FB1-32903F45ED9C}
[2011/05/16 13:06:05 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{D17D436B-3B47-4CED-BF7A-BA187F6F4F7A}
[2011/05/16 13:06:05 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{91E79AFD-4D95-4E91-8E29-72C1B266F9CB}
[2011/05/15 20:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon Online
[2011/05/15 20:48:10 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Pokemon Online
[2011/05/14 10:39:06 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{9346AE6D-161C-43D9-93CE-7BDCA1C7D2CC}
[2011/05/13 20:23:29 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{E2CAC261-EFD5-4172-A6A5-8E059E099238}
[2011/05/13 08:08:31 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{12BCA7DE-EE89-440F-AE20-6C6B812472D1}
[2011/05/12 18:08:41 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\picpick
[2011/05/12 13:01:22 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{03D6C9BE-0E7A-4AD4-AE8F-48805190770F}
[2011/05/11 21:26:45 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\WinRAR
[2011/05/11 21:26:45 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/11 21:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/11 21:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/05/11 21:24:38 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{E7D6D0B0-06CB-4051-85DC-0680E6A34DF6}
[2011/05/11 09:23:40 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{BAC5AD80-F214-4C44-A56C-1183A0C50BE2}
[2011/05/10 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{811C68D5-D5C0-450C-B8D5-93BEA6702487}
[2011/05/10 17:35:46 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\skypePM
[2011/05/10 17:35:20 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Skype
[2011/05/10 08:53:50 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{81D432E2-59BE-4E4D-920F-706BA973C4C7}
[2011/05/09 16:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011/05/09 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/05/09 14:04:48 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\SoftGrid Client
[2011/05/09 14:04:44 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\SoftGrid Client
[2011/05/09 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{F6CE127B-3DBC-4D68-8519-5E65C27486E4}
[2011/05/09 10:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/05/08 18:47:16 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/05/08 18:46:36 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Deployment
[2011/05/08 18:46:36 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Apps
[2011/05/08 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Windows Live
[2011/05/08 11:22:59 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Tracing
[2011/05/07 19:21:26 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\PokerStars
[2011/05/07 19:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2011/05/07 11:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaAccount
[2011/05/07 11:00:31 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Nokia
[2011/05/07 11:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011/05/07 11:00:27 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\PC Suite
[2011/05/07 11:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011/05/07 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2011/05/07 10:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/05/07 10:59:19 | 000,025,600 | ---- | C] (Nokia) -- C:\windows\SysNative\drivers\pccsmcfdx64.sys
[2011/05/07 10:59:18 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/05/07 10:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011/05/07 10:58:56 | 000,057,856 | ---- | C] (Nokia) -- C:\windows\SysNative\nmwcdclsX64.dll
[2011/05/07 10:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2011/05/07 10:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2011/05/06 08:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3SPLITTER
[2011/05/06 08:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Splitter
[2011/05/06 08:49:51 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\GetRightToGo
[2011/05/06 08:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/05 18:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/05 18:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/05/05 18:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/05/05 18:45:50 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\TP
[2011/05/04 13:16:48 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Avira
[2011/05/04 09:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/04 09:31:01 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2011/05/04 09:31:01 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2011/05/04 09:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/04 09:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/03 18:50:41 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Desktop\Neuer Ordner
[2011/05/03 18:45:26 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PicPick
[2011/05/03 18:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicPick
[2011/05/03 18:15:14 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\gtk-2.0
[2011/05/03 18:15:11 | 000,000,000 | ---D | C] -- C:\Users\Burcu\.thumbnails
[2011/05/03 18:12:44 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Documents\gegl-0.0
[2011/05/03 18:12:44 | 000,000,000 | ---D | C] -- C:\Users\Burcu\.gimp-2.6
[2011/05/03 18:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/05/03 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011/05/03 18:09:54 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\IrfanView
[2011/05/03 18:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2011/05/03 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\InstallShield
[2011/05/03 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Google
[2011/05/03 16:12:03 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Documents\Youcam
[2011/05/03 16:09:11 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Macromedia
[2011/05/03 16:09:09 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Adobe
[2011/05/03 16:08:03 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Power2Go
[2011/05/03 16:07:34 | 000,000,000 | R--D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/03 16:07:34 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Searches
[2011/05/03 16:07:34 | 000,000,000 | R--D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/03 16:07:25 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Identities
[2011/05/03 16:07:21 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Contacts
[2011/05/03 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\VirtualStore
[2011/05/03 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2011/05/03 16:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\OberonGameConsole
[2011/05/03 16:02:26 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Documents\My Pictures
[2011/05/03 15:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Pack
[2011/05/03 15:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[2011/05/03 15:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Pack
[2011/05/03 15:57:19 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Adobe
[2011/05/03 15:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/05/03 15:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/05/03 15:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/05/03 15:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/03 15:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/03 15:56:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/05/03 15:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Vorlagen
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\AppData\Local\Verlauf
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\AppData\Local\Temporary Internet Files
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Startmenü
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\SendTo
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Recent
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Netzwerkumgebung
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Lokale Einstellungen
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Documents\Eigene Videos
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Documents\Eigene Musik
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Eigene Dateien
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Documents\Eigene Bilder
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Druckumgebung
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Cookies
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\AppData\Local\Anwendungsdaten
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Anwendungsdaten
[2011/05/03 15:56:08 | 000,000,000 | --SD | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Videos
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Saved Games
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Pictures
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Music
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Links
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Favorites
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Downloads
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Documents
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Desktop
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/03 15:56:08 | 000,000,000 | -H-D | C] -- C:\Users\Burcu\AppData
[2011/05/03 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Temp
[2011/05/03 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Microsoft
[2011/05/03 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Media Center Programs
[2011/05/03 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2011/05/03 15:53:59 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/05/24 21:06:56 | 000,011,448 | -HS- | M] () -- C:\Users\Burcu\AppData\Local\m6nm8l04a0467wlw85784my6158l8irl783u13ni
[2011/05/24 20:58:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Burcu\Desktop\OTL.exe
[2011/05/24 20:51:03 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1125036280-3562319748-3601731155-1001UA.job
[2011/05/24 20:11:42 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/24 20:11:42 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/24 20:08:29 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Burcu\Desktop\HiJackThis204.exe
[2011/05/24 20:02:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/24 20:02:23 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 19:41:47 | 000,011,448 | -HS- | M] () -- C:\ProgramData\m6nm8l04a0467wlw85784my6158l8irl783u13ni
[2011/05/24 19:20:27 | 001,311,236 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/05/24 19:20:03 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/05/24 19:14:01 | 000,512,992 | ---- | M] () -- C:\Users\Burcu\Desktop\sdasetup_revwire207.exe
[2011/05/24 18:51:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1125036280-3562319748-3601731155-1001Core.job
[2011/05/24 18:39:08 | 000,339,968 | -HS- | M] () -- C:\Users\Burcu\AppData\Local\ikx.exe
[2011/05/24 18:39:07 | 000,339,968 | -HS- | M] () -- C:\Users\Burcu\AppData\Local\byq.exe
[2011/05/20 21:19:14 | 000,026,486 | ---- | M] () -- C:\Users\Burcu\.recently-used.xbel
[2011/05/15 21:52:10 | 000,002,401 | ---- | M] () -- C:\Users\Burcu\Desktop\Google Chrome.lnk
[2011/05/11 22:03:19 | 001,513,694 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/05/11 22:03:19 | 000,659,448 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011/05/11 22:03:19 | 000,620,594 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/05/11 22:03:19 | 000,132,728 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011/05/11 22:03:19 | 000,108,518 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/05/10 17:35:46 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/05/09 10:11:17 | 001,540,624 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/08 22:40:46 | 000,002,534 | ---- | M] () -- C:\Users\Burcu\Desktop\Windows Live Messenger.lnk
[2011/05/08 20:52:49 | 000,012,526 | ---- | M] () -- C:\Users\Burcu\Desktop\Burcu.lnk
[2011/05/07 11:03:30 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/07 11:03:24 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011/05/04 13:04:38 | 000,276,976 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/05/04 09:31:03 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 16:08:18 | 000,001,172 | ---- | M] () -- C:\Users\Burcu\Desktop\CyberLink DVD Suite.lnk
[2011/05/03 16:08:14 | 000,001,121 | ---- | M] () -- C:\Users\Burcu\Desktop\CyberLink YouCam.lnk
[2011/05/03 16:02:45 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Game Pack.lnk
[2011/05/03 16:02:45 | 000,000,033 | ---- | M] () -- C:\windows\0
[2011/05/03 15:57:09 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/03 15:56:49 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/03 15:56:32 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_R530_04KQ.mrk
[2011/05/03 14:52:40 | 000,052,870 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/05/03 14:52:40 | 000,052,870 | ---- | M] () -- C:\windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2011/05/24 19:20:07 | 001,311,236 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/05/24 19:20:03 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/05/24 19:14:02 | 000,512,992 | ---- | C] () -- C:\Users\Burcu\Desktop\sdasetup_revwire207.exe
[2011/05/24 18:39:13 | 000,011,448 | -HS- | C] () -- C:\ProgramData\m6nm8l04a0467wlw85784my6158l8irl783u13ni
[2011/05/24 18:39:13 | 000,011,444 | -HS- | C] () -- C:\Users\Burcu\AppData\Local\m6nm8l04a0467wlw85784my6158l8irl783u13ni
[2011/05/24 18:39:08 | 000,339,968 | -HS- | C] () -- C:\Users\Burcu\AppData\Local\ikx.exe
[2011/05/24 18:39:07 | 000,339,968 | -HS- | C] () -- C:\Users\Burcu\AppData\Local\byq.exe
[2011/05/20 21:19:14 | 000,026,486 | ---- | C] () -- C:\Users\Burcu\.recently-used.xbel
[2011/05/10 17:35:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/08 20:52:49 | 000,012,526 | ---- | C] () -- C:\Users\Burcu\Desktop\Burcu.lnk
[2011/05/08 18:47:17 | 000,002,401 | ---- | C] () -- C:\Users\Burcu\Desktop\Google Chrome.lnk
[2011/05/08 18:46:59 | 000,001,120 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1125036280-3562319748-3601731155-1001UA.job
[2011/05/08 18:46:59 | 000,001,068 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1125036280-3562319748-3601731155-1001Core.job
[2011/05/07 11:03:30 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/07 11:03:24 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011/05/05 18:46:28 | 001,540,624 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/04 09:31:03 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 16:07:50 | 000,001,409 | ---- | C] () -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/05/03 16:07:44 | 000,001,443 | ---- | C] () -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/03 16:03:58 | 000,001,121 | ---- | C] () -- C:\Users\Burcu\Desktop\CyberLink YouCam.lnk
[2011/05/03 16:02:45 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Game Pack.lnk
[2011/05/03 16:02:45 | 000,000,033 | ---- | C] () -- C:\windows\0
[2011/05/03 15:57:45 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/05/03 15:57:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/03 15:57:09 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/03 15:56:49 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/03 15:56:32 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_R530_04KQ.mrk
[2011/05/03 15:56:08 | 000,001,172 | ---- | C] () -- C:\Users\Burcu\Desktop\CyberLink DVD Suite.lnk
[2010/10/25 09:59:18 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/10/25 08:55:15 | 000,001,238 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/10/25 08:27:26 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\Rezip.exe
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini

========== LOP Check ==========

[2011/05/06 08:50:22 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\GetRightToGo
[2011/05/20 21:19:09 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\gtk-2.0
[2011/05/03 18:09:54 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\IrfanView
[2011/05/07 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\PC Suite
[2011/05/21 21:14:09 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\PhotoScape
[2011/05/12 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\picpick
[2011/05/24 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\SoftGrid Client
[2011/05/09 14:04:55 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\TP
[2011/05/16 20:51:53 | 000,019,270 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:268F887D

< End of report >
[/SPOILER]

cosinus 25.05.2011 12:16
Zitat:
,downloadete ich den Adobe Flash player 10.
Von welcher Seite (Quelle)?

Malwarebytes hast du schon ausgeführt? Wenn ja, wo sind die Logs?


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131