Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner - GVU/Bundespolizei/ PC-Sperrung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.07.2012, 14:37   #1
BigÖ
 
Trojaner - GVU/Bundespolizei/ PC-Sperrung - Unglücklich

Trojaner - GVU/Bundespolizei/ PC-Sperrung



Hallo Zusammen,

auch mich hat es erwischt.
Der Trojaner ist im Forum bereits bekannt, darum brauche ich nicht nochmal es schildern.

Vielen Dank im vorraus und viele Grüße

Code:
ATTFilter
OTL logfile created on: 7/15/2012 3:12:43 PM - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\yanlizkurt\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.48 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 81.64% Memory free
6.96 Gb Paging File | 6.41 Gb Available in Paging File | 92.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 41.01 Gb Free Space | 18.20% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 129.76 Gb Free Space | 57.58% Space Free | Partition Type: NTFS
 
Computer Name: YANLIZKURT-PC | User Name: yanlizkurt | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\yanlizkurt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (DynDNS Updater) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={3C241B0F-18BF-4DDE-9F37-6627498E763E}&mid=3406b9f5591c47d1a9aad16d12b9847a-f2a5a10bb3c5516acc246fa036eb063c9a5dc6c5&lang=de&ds=od011&pr=sa&d=2012-05-19 01:19:40&v=11.1.0.7&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE368
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={3C241B0F-18BF-4DDE-9F37-6627498E763E}&mid=3406b9f5591c47d1a9aad16d12b9847a-f2a5a10bb3c5516acc246fa036eb063c9a5dc6c5&lang=de&ds=od011&pr=sa&d=2012-05-19 01:19:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =  127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Be584a816-e922-4aaf-bae4-bcf1e5f26c57%7D&mid=3406b9f5591c47d1a9aad16d12b9847a-f2a5a10bb3c5516acc246fa036eb063c9a5dc6c5&ds=od011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-19%2001%3A19%3A40&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\yanlizkurt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/25 22:49:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/09 21:08:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\yanlizkurt\AppData\Roaming\IDM\idmmzcc5 [2012/01/22 00:24:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/25 22:49:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/09 21:08:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\yanlizkurt\AppData\Roaming\IDM\idmmzcc5 [2012/01/22 00:24:27 | 000,000,000 | ---D | M]
 
[2012/06/09 10:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Extensions
[2012/07/09 17:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Firefox\Profiles\q0395kdr.default\extensions
[2012/07/09 17:25:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Firefox\Profiles\q0395kdr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/19 20:24:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\yanlizkurt\AppData\Roaming\mozilla\Firefox\Profiles\q0395kdr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/25 12:23:57 | 000,002,101 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Mozilla\Firefox\Profiles\q0395kdr.default\searchplugins\googlede.xml
[2012/06/03 16:31:34 | 000,002,519 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Mozilla\Firefox\Profiles\q0395kdr.default\searchplugins\Search_Results.xml
[2012/06/09 10:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/09/19 01:42:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/06 11:58:28 | 000,004,404 | ---- | M] () (No name found) -- C:\USERS\YANLIZKURT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q0395KDR.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012/06/25 22:49:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/15 20:30:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2012/02/15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/06/25 22:49:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/19 01:19:37 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/25 22:49:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/25 22:49:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/25 22:49:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/03 16:31:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/25 22:49:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/25 22:49:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78822B92-53DD-4B3F-BDB0-A61922311C23}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C9125E-ABB3-4B4B-8C16-D91B52605446}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA5FFB13-942A-4BFE-8062-4E8F59AD1F02}: NameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1af43214-009a-11e1-8b29-0024545d6d89}\Shell - "" = AutoRun
O33 - MountPoints2\{1af43214-009a-11e1-8b29-0024545d6d89}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{341ec7a0-9db6-11e0-9629-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{341ec7a0-9db6-11e0-9629-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{56805564-13b8-11e0-9d4d-0024545d6d89}\Shell - "" = AutoRun
O33 - MountPoints2\{56805564-13b8-11e0-9d4d-0024545d6d89}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/15 15:07:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\yanlizkurt\Desktop\OTL.exe
[2012/07/15 12:13:04 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{DEAA88FE-43D9-4CFA-A0B9-CCA1D6894595}
[2012/07/15 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{81C31EBA-34AE-4B30-9749-8A6D6603915D}
[2012/07/14 22:26:32 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{06D7EB8D-0651-4F39-84B8-813B51874284}
[2012/07/14 22:26:21 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{41895321-2680-489A-81DD-393D512AFF8E}
[2012/07/14 11:17:52 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\Macromedia
[2012/07/14 10:26:58 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/07/14 10:25:52 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{A72A1ADC-2B62-4587-A803-DA11B5043C0C}
[2012/07/14 10:25:41 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{702BCE6F-B0C7-43D5-A083-79AB6719DD60}
[2012/07/13 12:30:12 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{FE6925B6-270E-4434-9DCE-22DF3907C73F}
[2012/07/13 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{5FC34DF3-AF9F-4F56-B84B-3B0DB4243144}
[2012/07/12 22:18:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{012F87EB-855E-4ABC-9422-B23F5E50116E}
[2012/07/12 22:18:11 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{C72DD0D8-638C-48A8-A191-2017DE7DF496}
[2012/07/12 15:39:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/07/12 15:39:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/07/12 15:39:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/07/12 15:39:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/07/12 15:39:51 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/07/12 15:39:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/07/12 15:39:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/07/12 15:34:53 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/07/11 13:32:53 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2012/07/11 13:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll
[2012/07/11 13:32:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2012/07/11 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{BFFF880E-A7C4-4CA0-8C84-CB0EACEF38A9}
[2012/07/11 13:25:34 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{FF99A628-037D-4BAC-BA71-429E3C77B50A}
[2012/07/10 12:28:36 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{197A8874-0566-40DE-AD8A-84875ED7AFEF}
[2012/07/10 12:28:25 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{70D7D413-19A1-4B36-9B07-F3CC663705E3}
[2012/07/09 18:16:01 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\windows\System32\Newtonsoft.Json.Net20.dll
[2012/07/09 18:15:11 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoft
[2012/07/09 12:33:34 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{2E6E986F-0CB5-43A9-B616-11379EE1D351}
[2012/07/09 12:33:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{78A3C4E4-60EC-417F-ACD5-9476D507386F}
[2012/07/08 18:33:17 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\Desktop\Neuer Ordner
[2012/07/08 15:11:27 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{A1107CDB-243F-4ACD-ADBE-0469E76D4AF6}
[2012/07/08 15:11:15 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{336CBDD7-E7EE-4A59-B9F8-7EDE7BB355BA}
[2012/07/07 11:53:33 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F87CA0B5-4E32-4E67-B5A9-78217C6B2F6E}
[2012/07/07 11:53:21 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{A1015CA5-B452-4DFB-B9E0-719CE589D3F9}
[2012/07/06 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{358006F2-89A3-46E2-93C7-4323DC1CE9E6}
[2012/07/06 11:32:28 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{1B7893DF-A2C2-446B-9260-479E67D5EF86}
[2012/07/05 09:50:46 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{2CE276D3-6A01-4332-B7EF-E33FEB5801F1}
[2012/07/05 09:50:35 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{54143BEA-B10B-4EE3-93E1-A49FCB1949D4}
[2012/07/04 13:07:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F35761BD-EA71-46DF-A278-02999C065898}
[2012/07/04 13:07:08 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{31922701-CE8F-46D7-B6CC-011F76F22281}
[2012/07/02 13:37:05 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F00FF05F-7D39-4FBA-BFED-CD9FB24BB296}
[2012/07/02 13:36:54 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{F75B457F-CA25-4B86-9156-25B51CC7040F}
[2012/07/01 02:56:58 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{2FACBC32-EE70-4A6F-9E7A-5C62ADC14C94}
[2012/07/01 02:56:47 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{E85EA0D8-FAFE-4997-B585-25AFC1789743}
[2012/06/30 14:56:24 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{CCE938A9-4029-4E04-BAE2-45C9E9E9D2FE}
[2012/06/30 14:56:02 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{D1CEA874-54DA-45EC-8306-DAFFCC18B88B}
[2012/06/29 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{AC8A0A75-F44C-41D9-8593-4E05731A3DE7}
[2012/06/29 11:47:37 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{6D41689C-7555-4872-B13E-99F15DB907D5}
[2012/06/28 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{AA6F73AA-3C84-4515-8BD5-B712D37F3466}
[2012/06/28 22:24:11 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{29DA704F-974C-4418-B158-C88FB5ADC0CC}
[2012/06/28 06:49:58 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{02CD61A8-D1AD-49C6-83D2-A89B0E32317E}
[2012/06/28 06:49:47 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{1683BC4F-0844-4452-88F4-14629C5286C2}
[2012/06/27 13:48:08 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{053ED358-BCBB-4692-ABA8-9A461B841D52}
[2012/06/27 13:47:57 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{55BD9951-AF89-4665-86D9-26E700084406}
[2012/06/26 15:04:23 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{EBA55469-8355-4ACA-A32D-5508A0BE959B}
[2012/06/26 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\{B0110DD4-A1D4-49CC-8919-6DEC9F336039}
[2012/06/26 14:53:38 | 000,000,000 | ---D | C] -- C:\windows\de
[2012/06/26 14:46:04 | 000,000,000 | ---D | C] -- C:\Users\yanlizkurt\AppData\Local\Windows Live
[2012/06/23 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2012/06/23 21:58:07 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/06/23 21:58:07 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/23 21:57:50 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/23 21:57:50 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2012/06/23 21:57:50 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/23 21:57:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2012/06/23 21:57:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/15 15:07:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\yanlizkurt\Desktop\OTL.exe
[2012/07/15 14:56:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/15 14:56:39 | 2804,121,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/15 14:54:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012/07/15 14:53:49 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cd062172871c2c.job
[2012/07/15 14:51:35 | 000,001,893 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/15 14:46:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/15 14:26:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/15 13:06:21 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 13:06:21 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 12:50:12 | 000,140,800 | ---- | M] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2012/07/15 12:50:05 | 000,283,304 | ---- | M] () -- C:\windows\System32\PnkBstrB.xtr
[2012/07/15 12:50:00 | 000,280,904 | ---- | M] () -- C:\windows\System32\PnkBstrB.ex0
[2012/07/14 11:26:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/07/14 11:26:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/07/14 10:33:58 | 000,003,584 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 15:49:34 | 000,683,390 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/07/13 15:49:34 | 000,624,572 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/07/13 15:49:34 | 000,139,118 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/07/13 15:49:34 | 000,114,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/07/12 22:16:28 | 000,429,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/07/10 14:50:28 | 000,138,056 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\PnkBstrK.sys
[2012/07/05 15:46:37 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/06/22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\windows\System32\Newtonsoft.Json.Net20.dll
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/15 14:51:35 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012/07/15 14:51:35 | 000,001,893 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/14 10:26:59 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/10 14:49:57 | 002,580,552 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2012/07/05 15:46:37 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/06/26 14:52:54 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/06/26 14:52:33 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/06/26 14:52:10 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/06/26 14:51:39 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/15 20:16:18 | 000,000,600 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Local\PUTTY.RND
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/08/14 17:30:09 | 000,007,605 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Local\Resmon.ResmonCfg
[2011/08/01 11:53:48 | 000,138,056 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Roaming\PnkBstrK.sys
[2011/08/01 11:53:26 | 002,434,856 | ---- | C] () -- C:\windows\System32\pbsvc_bc2.exe
[2011/06/24 11:04:27 | 000,140,800 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/06/23 19:45:51 | 000,283,304 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/06/23 19:45:50 | 002,601,752 | ---- | C] () -- C:\windows\System32\pbsvc_moh.exe
[2011/06/23 19:45:50 | 000,076,888 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2010/09/19 01:44:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/12 20:09:08 | 000,000,650 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Roaming\wklnhst.dat
[2010/02/27 03:13:51 | 000,003,584 | ---- | C] () -- C:\Users\yanlizkurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 20:11:13 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/03/06 00:10:19 | 000,000,000 | -HSD | M] -- C:\Users\yanlizkurt\AppData\Roaming\.#
[2012/03/05 22:58:26 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\3v
[2012/07/15 14:55:03 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\DMCache
[2012/07/09 18:16:40 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoft
[2012/07/09 18:16:11 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/08 15:58:25 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\elsterformular
[2011/11/16 19:28:45 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\FileZilla
[2011/11/13 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\FlashFXP
[2010/05/02 00:35:44 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Flatcast
[2010/02/26 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\GameConsole
[2012/06/06 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Garmin
[2012/03/09 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\gema
[2011/06/23 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\GetRightToGo
[2011/03/30 16:08:00 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Go Go Gourmet
[2012/04/25 04:51:00 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\IDM
[2012/03/09 21:44:11 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\loadtbs
[2010/12/18 20:22:05 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\LolClient
[2012/05/24 18:08:06 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\LolClient2
[2010/09/10 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Nonoh
[2012/05/30 17:48:10 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Notepad++
[2012/05/19 01:19:15 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\OpenCandy
[2011/10/28 22:41:59 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Origin
[2010/03/06 00:05:44 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\PlayFirst
[2012/07/08 18:35:54 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Screaming Bee
[2011/12/20 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Secure-Soft Stealer
[2011/02/06 22:13:13 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\TeamViewer
[2010/03/12 20:09:10 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Template
[2012/07/10 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\TS3Client
[2010/02/27 03:12:54 | 000,000,000 | ---D | M] -- C:\Users\yanlizkurt\AppData\Roaming\Win7codecs
[2012/04/11 16:10:25 | 000,000,926 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job
[2012/05/17 11:38:18 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
         

Alt 15.07.2012, 15:10   #2
markusg
/// Malware-holic
 
Trojaner - GVU/Bundespolizei/ PC-Sperrung - Standard

Trojaner - GVU/Bundespolizei/ PC-Sperrung



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012/07/15 14:51:35 | 000,001,893 | ---- | M] () -- C:\Users\yanlizkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
__________________

__________________

Antwort

Themen zu Trojaner - GVU/Bundespolizei/ PC-Sperrung
alternate, autorun, avira, bho, cid, converter, defender, error, explorer, firefox, flash player, format, google earth, helper, home, launch, limited.com/facebook, logfile, mozilla, mp3, nvidia, object, plug-in, registry, scan, searchscopes, senden, software, trojaner, usb, windows




Ähnliche Themen: Trojaner - GVU/Bundespolizei/ PC-Sperrung


  1. Windows 7 x64: Sperrung durch Interpol-Trojaner / scramware
    Log-Analyse und Auswertung - 03.09.2014 (9)
  2. Windows 7 Trojaner führt zur Sperrung von Online Banking
    Log-Analyse und Auswertung - 29.06.2014 (16)
  3. Bundespolizei Virus-ohne Sperrung
    Plagegeister aller Art und deren Bekämpfung - 19.02.2014 (13)
  4. Trojaner-Problem durch Sperrung meiner E-Mailadresse aufgefallen
    Plagegeister aller Art und deren Bekämpfung - 03.11.2013 (1)
  5. BSI Mitteilung über Sperrung der Daten! (bekannter Trojaner) Alles läuft weiterhin problemlos. Trojaner ja oder nein?
    Log-Analyse und Auswertung - 27.10.2013 (5)
  6. BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (39)
  7. GVU Trojaner mit Sperrung im abgesicherten Modus, runctf im Autostart
    Log-Analyse und Auswertung - 08.02.2013 (11)
  8. Rechner Sperrung durch Trojaner Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 06.01.2013 (11)
  9. UKash/BKA Trojaner - Sperrung bei Netzwerkverbindung
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (21)
  10. GVU Trojaner - PC Sperrung
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (11)
  11. Bundespolizei-Informationskontrolle-Sperrung
    Log-Analyse und Auswertung - 30.08.2012 (5)
  12. Kleiner Tipp: Sperrung durch Ukash Trojaner verhindern!
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (4)
  13. Bundespolizei Trojaner (Computer-Sperrung) - CH Version
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (51)
  14. Trojaner - GVU/Bundespolizei/ PC-Sperrung
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (24)
  15. Trojaner mit Zahlungsaufforderung, Computer-Sperrung und Spam-Mail
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (11)
  16. Sperrung durch Bundespolizei (Cyber Crimes Unit)
    Log-Analyse und Auswertung - 10.04.2012 (13)
  17. Sperrung Onlinebankung und wahrsch. Trojaner infiziert
    Log-Analyse und Auswertung - 21.09.2010 (2)

Zum Thema Trojaner - GVU/Bundespolizei/ PC-Sperrung - Hallo Zusammen, auch mich hat es erwischt. Der Trojaner ist im Forum bereits bekannt, darum brauche ich nicht nochmal es schildern. Vielen Dank im vorraus und viele Grüße Code: Alles - Trojaner - GVU/Bundespolizei/ PC-Sperrung...

Alle Zeitangaben in WEZ +1. Es ist jetzt 15:50 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: Trojaner - GVU/Bundespolizei/ PC-Sperrung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.