Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner - GVU/Bundespolizei/ PC-Sperrung (https://www.trojaner-board.de/119553-trojaner-gvu-bundespolizei-pc-sperrung.html)

BigÖ 15.07.2012 14:37
Trojaner - GVU/Bundespolizei/ PC-Sperrung
 
Hallo Zusammen,

auch mich hat es erwischt. :headbang:
Der Trojaner ist im Forum bereits bekannt, darum brauche ich nicht nochmal es schildern.

Vielen Dank im vorraus und viele Grüße

Code:
OTL logfile created on: 7/15/2012 3:12:43 PM - Run 2
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\yanlizkurt\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.48 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 81.64% Memory free
6.96 Gb Paging File | 6.41 Gb Available in Paging File | 92.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 41.01 Gb Free Space | 18.20% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 129.76 Gb Free Space | 57.58% Space Free | Partition Type: NTFS
 
Computer Name: YANLIZKURT-PC | User Name: yanlizkurt | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\yanlizkurt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (DynDNS Updater) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={3C241B0F-18BF-4DDE-9F37-6627498E763E}&mid=3406b9f5591c47d1a9aad16d12b9847a-f2a5a10bb3c5516acc246fa036eb063c9a5dc6c5&lang=de&ds=od011&pr=sa&d=2012-05-19 01:19:40&v=11.1.0.7&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE368
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={3C241B0F-18BF-4DDE-9F37-6627498E763E}&mid=3406b9f5591c47d1a9aad16d12b9847a-f2a5a10bb3c5516acc246fa036eb063c9a5dc6c5&lang=de&ds=od011&pr=sa&d=2012-05-19 01:19:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =  127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Be584a816-e922-4aaf-bae4-bcf1e5f26c57%7D&mid=3406b9f5591c47d1a9aad16d12b9847a-f2a5a10bb3c5516acc246fa036eb063c9a5dc6c5&ds=od011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-19%2001%3A19%3A40&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\yanlizkurt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/25 22:49:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/09 21:08:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\yanlizkurt\AppData\Roaming\IDM\idmmzcc5 [2012/01/22 00:24:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/25 22:49:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/09 21:08:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\yanlizkurt\AppData\Roaming\IDM\idmmzcc5 [2012/01/22 00:24:27 | 000,000,000 | ---D | M]
 
[2012/06/09 10:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Extensions
[2012/07/09 17:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Firefox\Profiles\q0395kdr.default\extensions
[2012/07/09 17:25:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Firefox\Profiles\q0395kdr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/19 20:24:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Firefox\Profiles\q0395kdr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/25 12:23:57 | 000,002,101 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Mozilla\Firefox\Profiles\q0395kdr.default\searchplugins\googlede.xml
[2012/06/03 16:31:34 | 000,002,519 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Mozilla\Firefox\Profiles\q0395kdr.default\searchplugins\Search_Results.xml
[2012/06/09 10:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/09/19 01:42:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/06 11:58:28 | 000,004,404 | ---- | M] () (No name found) -- C:\USERS\YANLIZKURT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q0395KDR.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012/06/25 22:49:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/15 20:30:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2012/02/15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/06/25 22:49:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/19 01:19:37 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/25 22:49:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/25 22:49:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/25 22:49:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/03 16:31:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/25 22:49:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/25 22:49:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78822B92-53DD-4B3F-BDB0-A61922311C23}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C9125E-ABB3-4B4B-8C16-D91B52605446}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA5FFB13-942A-4BFE-8062-4E8F59AD1F02}: NameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1af43214-009a-11e1-8b29-0024545d6d89}\Shell - "" = AutoRun
O33 - MountPoints2\{1af43214-009a-11e1-8b29-0024545d6d89}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{341ec7a0-9db6-11e0-9629-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{341ec7a0-9db6-11e0-9629-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{56805564-13b8-11e0-9d4d-0024545d6d89}\Shell - "" = AutoRun
O33 - MountPoints2\{56805564-13b8-11e0-9d4d-0024545d6d89}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/15 15:07:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\yanlizkurt\Desktop\OTL.exe
[2012/07/15 12:13:04 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{DEAA88FE-43D9-4CFA-A0B9-CCA1D6894595}
[2012/07/15 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{81C31EBA-34AE-4B30-9749-8A6D6603915D}
[2012/07/14 22:26:32 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{06D7EB8D-0651-4F39-84B8-813B51874284}
[2012/07/14 22:26:21 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{41895321-2680-489A-81DD-393D512AFF8E}
[2012/07/14 11:17:52 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\Macromedia
[2012/07/14 10:26:58 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/07/14 10:25:52 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{A72A1ADC-2B62-4587-A803-DA11B5043C0C}
[2012/07/14 10:25:41 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{702BCE6F-B0C7-43D5-A083-79AB6719DD60}
[2012/07/13 12:30:12 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{FE6925B6-270E-4434-9DCE-22DF3907C73F}
[2012/07/13 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{5FC34DF3-AF9F-4F56-B84B-3B0DB4243144}
[2012/07/12 22:18:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{012F87EB-855E-4ABC-9422-B23F5E50116E}
[2012/07/12 22:18:11 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{C72DD0D8-638C-48A8-A191-2017DE7DF496}
[2012/07/12 15:39:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/07/12 15:39:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/07/12 15:39:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/07/12 15:39:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/07/12 15:39:51 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/07/12 15:39:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/07/12 15:39:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/07/12 15:34:53 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/07/11 13:32:53 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2012/07/11 13:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll
[2012/07/11 13:32:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2012/07/11 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{BFFF880E-A7C4-4CA0-8C84-CB0EACEF38A9}
[2012/07/11 13:25:34 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{FF99A628-037D-4BAC-BA71-429E3C77B50A}
[2012/07/10 12:28:36 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{197A8874-0566-40DE-AD8A-84875ED7AFEF}
[2012/07/10 12:28:25 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{70D7D413-19A1-4B36-9B07-F3CC663705E3}
[2012/07/09 18:16:01 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\windows\System32\Newtonsoft.Json.Net20.dll
[2012/07/09 18:15:11 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoft
[2012/07/09 12:33:34 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{2E6E986F-0CB5-43A9-B616-11379EE1D351}
[2012/07/09 12:33:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{78A3C4E4-60EC-417F-ACD5-9476D507386F}
[2012/07/08 18:33:17 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\Desktop\Neuer Ordner
[2012/07/08 15:11:27 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{A1107CDB-243F-4ACD-ADBE-0469E76D4AF6}
[2012/07/08 15:11:15 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{336CBDD7-E7EE-4A59-B9F8-7EDE7BB355BA}
[2012/07/07 11:53:33 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F87CA0B5-4E32-4E67-B5A9-78217C6B2F6E}
[2012/07/07 11:53:21 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{A1015CA5-B452-4DFB-B9E0-719CE589D3F9}
[2012/07/06 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{358006F2-89A3-46E2-93C7-4323DC1CE9E6}
[2012/07/06 11:32:28 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{1B7893DF-A2C2-446B-9260-479E67D5EF86}
[2012/07/05 09:50:46 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{2CE276D3-6A01-4332-B7EF-E33FEB5801F1}
[2012/07/05 09:50:35 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{54143BEA-B10B-4EE3-93E1-A49FCB1949D4}
[2012/07/04 13:07:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F35761BD-EA71-46DF-A278-02999C065898}
[2012/07/04 13:07:08 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{31922701-CE8F-46D7-B6CC-011F76F22281}
[2012/07/02 13:37:05 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F00FF05F-7D39-4FBA-BFED-CD9FB24BB296}
[2012/07/02 13:36:54 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F75B457F-CA25-4B86-9156-25B51CC7040F}
[2012/07/01 02:56:58 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{2FACBC32-EE70-4A6F-9E7A-5C62ADC14C94}
[2012/07/01 02:56:47 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{E85EA0D8-FAFE-4997-B585-25AFC1789743}
[2012/06/30 14:56:24 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{CCE938A9-4029-4E04-BAE2-45C9E9E9D2FE}
[2012/06/30 14:56:02 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{D1CEA874-54DA-45EC-8306-DAFFCC18B88B}
[2012/06/29 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{AC8A0A75-F44C-41D9-8593-4E05731A3DE7}
[2012/06/29 11:47:37 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{6D41689C-7555-4872-B13E-99F15DB907D5}
[2012/06/28 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{AA6F73AA-3C84-4515-8BD5-B712D37F3466}
[2012/06/28 22:24:11 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{29DA704F-974C-4418-B158-C88FB5ADC0CC}
[2012/06/28 06:49:58 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{02CD61A8-D1AD-49C6-83D2-A89B0E32317E}
[2012/06/28 06:49:47 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{1683BC4F-0844-4452-88F4-14629C5286C2}
[2012/06/27 13:48:08 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{053ED358-BCBB-4692-ABA8-9A461B841D52}
[2012/06/27 13:47:57 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{55BD9951-AF89-4665-86D9-26E700084406}
[2012/06/26 15:04:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{EBA55469-8355-4ACA-A32D-5508A0BE959B}
[2012/06/26 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{B0110DD4-A1D4-49CC-8919-6DEC9F336039}
[2012/06/26 14:53:38 | 000,000,000 | ---D | C] -- C:\windows\de
[2012/06/26 14:46:04 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\Windows Live
[2012/06/23 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2012/06/23 21:58:07 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/06/23 21:58:07 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/23 21:57:50 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/23 21:57:50 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2012/06/23 21:57:50 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/23 21:57:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2012/06/23 21:57:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/15 15:07:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\yanlizkurt\Desktop\OTL.exe
[2012/07/15 14:56:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/15 14:56:39 | 2804,121,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/15 14:54:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012/07/15 14:53:49 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cd062172871c2c.job
[2012/07/15 14:51:35 | 000,001,893 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/15 14:46:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/15 14:26:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/15 13:06:21 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 13:06:21 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 12:50:12 | 000,140,800 | ---- | M] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2012/07/15 12:50:05 | 000,283,304 | ---- | M] () -- C:\windows\System32\PnkBstrB.xtr
[2012/07/15 12:50:00 | 000,280,904 | ---- | M] () -- C:\windows\System32\PnkBstrB.ex0
[2012/07/14 11:26:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/07/14 11:26:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/07/14 10:33:58 | 000,003,584 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 15:49:34 | 000,683,390 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/07/13 15:49:34 | 000,624,572 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/07/13 15:49:34 | 000,139,118 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/07/13 15:49:34 | 000,114,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/07/12 22:16:28 | 000,429,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/07/10 14:50:28 | 000,138,056 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\PnkBstrK.sys
[2012/07/05 15:46:37 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/06/22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\windows\System32\Newtonsoft.Json.Net20.dll
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/15 14:51:35 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012/07/15 14:51:35 | 000,001,893 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/14 10:26:59 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/10 14:49:57 | 002,580,552 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2012/07/05 15:46:37 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/06/26 14:52:54 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/06/26 14:52:33 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/06/26 14:52:10 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/06/26 14:51:39 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/15 20:16:18 | 000,000,600 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Local\PUTTY.RND
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/08/14 17:30:09 | 000,007,605 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Local\Resmon.ResmonCfg
[2011/08/01 11:53:48 | 000,138,056 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Roaming\PnkBstrK.sys
[2011/08/01 11:53:26 | 002,434,856 | ---- | C] () -- C:\windows\System32\pbsvc_bc2.exe
[2011/06/24 11:04:27 | 000,140,800 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/06/23 19:45:51 | 000,283,304 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/06/23 19:45:50 | 002,601,752 | ---- | C] () -- C:\windows\System32\pbsvc_moh.exe
[2011/06/23 19:45:50 | 000,076,888 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2010/09/19 01:44:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/12 20:09:08 | 000,000,650 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Roaming\wklnhst.dat
[2010/02/27 03:13:51 | 000,003,584 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 20:11:13 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/03/06 00:10:19 | 000,000,000 | -HSD | M] -- C:\Users\yanlizkurt\AppData\Roaming\.#
[2012/03/05 22:58:26 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\3v
[2012/07/15 14:55:03 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\DMCache
[2012/07/09 18:16:40 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoft
[2012/07/09 18:16:11 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/08 15:58:25 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\elsterformular
[2011/11/16 19:28:45 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\FileZilla
[2011/11/13 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\FlashFXP
[2010/05/02 00:35:44 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Flatcast
[2010/02/26 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\GameConsole
[2012/06/06 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Garmin
[2012/03/09 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\gema
[2011/06/23 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\GetRightToGo
[2011/03/30 16:08:00 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Go Go Gourmet
[2012/04/25 04:51:00 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\IDM
[2012/03/09 21:44:11 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\loadtbs
[2010/12/18 20:22:05 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\LolClient
[2012/05/24 18:08:06 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\LolClient2
[2010/09/10 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Nonoh
[2012/05/30 17:48:10 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Notepad++
[2012/05/19 01:19:15 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\OpenCandy
[2011/10/28 22:41:59 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Origin
[2010/03/06 00:05:44 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\PlayFirst
[2012/07/08 18:35:54 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Screaming Bee
[2011/12/20 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Secure-Soft Stealer
[2011/02/06 22:13:13 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\TeamViewer
[2010/03/12 20:09:10 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Template
[2012/07/10 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\TS3Client
[2010/02/27 03:12:54 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Win7codecs
[2012/04/11 16:10:25 | 000,000,926 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job
[2012/05/17 11:38:18 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >

markusg 15.07.2012 15:10
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2012/07/15 14:51:35 | 000,001,893 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 :Files
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131