| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.08.2012, 13:23
| #1 |
| |  PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hallo an alle, habe mir soeben diesen trojaner eingefangen.Schade  . Brauche dringend hilfe und kenne mich nicht so gut damit aus, es zubeheben. Bin im abgesicherten Modus und weiss echt nicht weiter. Bitte um Hilfe... OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.08.2012 15:05:57 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Zorluokat\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 5,10 Gb Available Physical Memory | 85,57% Memory free 11,92 Gb Paging File | 11,18 Gb Available in Paging File | 93,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919,82 Gb Total Space | 820,30 Gb Free Space | 89,18% Space Free | Partition Type: NTFS Drive D: | 11,59 Gb Total Space | 1,65 Gb Free Space | 14,24% Space Free | Partition Type: NTFS Drive K: | 48,83 Gb Total Space | 27,80 Gb Free Space | 56,94% Space Free | Partition Type: NTFS Drive L: | 184,05 Gb Total Space | 94,37 Gb Free Space | 51,27% Space Free | Partition Type: NTFS Computer Name: ZORLUOKAT-PC | User Name: Zorluokat | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.12 14:57:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.08.03 18:17:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011.08.23 02:26:38 | 000,141,848 | ---- | M] (Senstic) [Auto | Stopped] -- C:\Program Files (x86)\Senstic\PocketControl\SensticPocketServiceWin.exe -- (SensticPocketService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.21 02:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service) SRV - [2011.01.06 20:49:54 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.09.30 23:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.05 23:50:56 | 000,031,560 | ---- | M] (Senstic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camsource64.sys -- (avshws) DRV:64bit: - [2010.06.03 17:07:18 | 000,015,160 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi) DRV:64bit: - [2010.03.02 23:57:06 | 000,037,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\senaudio64.sys -- (PocketAudio) DRV:64bit: - [2009.10.02 14:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.21 02:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2007.06.23 13:46:10 | 000,308,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav303.sys -- (vvftav303) DRV:64bit: - [2007.03.25 12:26:26 | 001,494,656 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM303.sys -- (ZSMC0303) DRV - [2009.09.17 07:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5} IE:64bit: - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5} IE - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5} IE - HKCU\..\SearchScopes\{6715A0D7-5598-4BF3-B5C8-E856527F1565}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) O1 HOSTS File: ([2011.03.30 20:14:56 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Programme\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [VMSnap3] C:\Windows\vmsnap3.exe (Vimicro) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [xwizard] C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\3800\xwizard.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9C0FFB-46A1-43D0-B5DE-40102E2E5A35}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.06.11 13:00:16 | 000,000,000 | ---D | M] - L:\auto Touran -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.12 14:57:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe [2012.08.12 13:02:26 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.08.12 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto [2012.08.12 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D5F7CD32-0B06-4520-9303-AAEB64324CD8} [2012.08.12 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{52324117-765C-44D7-89A2-2003D3D64421} [2012.08.11 10:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0BE896B3-9371-46CC-BACE-DF1F5A806F5C} [2012.08.11 10:52:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4EDD5E7D-2E56-4871-8A8A-63AE2AF0E09A} [2012.08.10 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BC5E4259-C07E-4E9B-A4ED-490962BCBF23} [2012.08.10 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F67FEE5-4FB5-42B4-BF7C-3347FACFF959} [2012.08.09 10:03:33 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7C7384C9-2DAF-4589-86F0-BFEB8A7129AE} [2012.08.09 10:03:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CA3109EA-283A-4E0F-97DD-53305696381A} [2012.08.08 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{04B1A48F-B026-4DE3-B273-C6B2BFF05603} [2012.08.08 10:58:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BE24A8FF-9E07-4024-AD4D-A121E6CFB57C} [2012.08.07 22:58:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{B21967D5-3668-4002-B4C1-FAB88BCDA845} [2012.08.07 22:57:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EB1581F2-F014-419D-9C90-90737E46EDED} [2012.08.07 07:41:06 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC3C5F2B-8FFF-4575-A82F-6FDCE7E2075B} [2012.08.07 07:40:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{51129F57-A005-41F7-813E-40D9F4C98473} [2012.08.05 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.08.05 17:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.08.05 14:41:44 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\türkei bilder 2012 [2012.08.05 13:29:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{A209EEE8-FBAA-4332-8506-964ECE41B1DA} [2012.08.05 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F2FDE3A-9C05-4DDE-86BD-997E7AD7CDAD} [2012.08.04 10:38:19 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{63C63464-322E-4F3D-B671-C4FF7F6ABF66} [2012.08.04 10:38:08 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C9922DA6-3E68-444C-84B2-0A97E432A35D} [2012.08.03 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BB16E1D4-0466-4B79-AF95-AE55C0B42286} [2012.08.03 09:48:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{1C960E88-8F8E-40D2-BBB0-5FD79BD16221} [2012.08.01 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{72780667-68F8-443B-BC05-0E16946D8FBF} [2012.08.01 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0A82955C-4F0E-40C8-AF88-905177EEE545} [2012.07.31 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F75A2985-1F6B-4C52-A87C-4F213A23FADE} [2012.07.31 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{2133892B-43DA-406E-A607-30EC9536661C} [2012.07.31 21:59:46 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{AA6CF83A-1DC4-496E-9189-C207368ED0A5} [2012.07.31 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC51B752-85FE-4B6E-BB98-7B6F502B6C56} [2012.07.30 22:30:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8D6CC450-B661-4C9F-947E-A63F3190BE53} [2012.07.30 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94126CC9-1D2D-4DD3-88B1-8875A88A6C04} [2012.07.29 13:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94CA4A87-97EA-43F3-BDAC-A07827F98A5A} [2012.07.29 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{469ED139-A96D-40AF-BFB3-462F1FA1F69F} [2012.07.28 15:56:59 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5313F3C4-634E-419F-AB87-56114A975E8A} [2012.07.28 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D51F00FE-2787-47DF-B378-B39E3676A035} [2012.07.27 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{372B661A-B8FB-401E-9721-1BCC9B54C160} [2012.07.27 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5A802D33-71A8-47D0-9A13-2DCAF63F5662} [2012.07.26 23:02:21 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EC9DA2A4-B7DF-4108-986E-9A33F6ADFA4F} [2012.07.26 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F13F675-C4CD-4AC0-8D12-F8ACA16A372B} [2012.07.25 07:53:54 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{260A54FD-1DFA-47B5-A080-6B8AD51BF8B4} [2012.07.25 07:53:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{22DBC9C4-7EB3-4675-A5D1-3906E06B8FFC} [2012.07.23 17:27:49 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{78D3A68E-2976-49AA-BE42-80336E4C6E1A} [2012.07.23 17:27:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{502A2B5E-9D54-44EB-8C67-DAD812A8D202} [2012.07.22 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C615687C-1F9E-418C-B129-A9A1CBAAD4A0} [2012.07.22 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{084A1B7E-04BA-4625-8953-5348BA6153F8} [2012.07.21 20:53:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{61C77AC9-5B41-4433-972E-8E1C2DAFD682} [2012.07.21 20:53:24 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7D3D9F87-410E-4A63-B1E4-F8027461E128} [2012.07.21 08:52:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{323BB2A1-1BFA-40A1-85CE-5581202B77AF} [2012.07.21 08:52:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F1FF85A-85B5-43C6-BEE3-833FEE26C213} [2012.07.18 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7523CCEE-1C8E-4BE0-BBE3-A431CD886D4F} [2012.07.18 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{083C6E36-C8F1-4192-92BF-A4DE405EA38E} [2012.07.17 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner (2) [2012.07.17 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner [2012.07.17 20:56:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0B848230-F4DC-4CE4-9536-4ACBC63E2C6A} [2012.07.17 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{DC8A1F1C-3E6B-48E9-A569-A57AD89CC5B7} [2012.07.16 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4BFC04CC-20F5-43D7-BC47-2F3B9ED613CB} [2012.07.16 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{20B6A69A-6614-4C6C-9DE1-B9D318A9572F} [2012.07.16 11:18:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F00AB6A4-65B8-41B9-8064-4C3E5516E7CE} [2012.07.16 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8C222B6D-B973-4361-9C2E-A44B715134E7} [2012.07.16 00:36:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.16 00:36:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.16 00:36:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.16 00:36:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.16 00:36:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.16 00:36:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.16 00:36:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.16 00:36:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.16 00:36:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.16 00:36:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.16 00:36:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.16 00:36:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.16 00:36:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.15 15:27:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.07.15 15:27:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.07.15 15:27:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.07.15 15:27:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.15 15:27:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.07.15 15:27:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.07.15 15:26:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.07.15 15:26:53 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.07.15 15:26:25 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.07.15 15:26:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.07.15 15:25:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.15 15:25:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.15 15:09:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.07.15 15:09:13 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.07.15 15:09:13 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.07.15 15:09:04 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.07.15 15:09:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.07.15 15:09:04 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.07.15 15:08:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.07.15 15:08:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.07.15 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{47EA696F-8DCE-4D90-A670-920A9D8A817D} [2012.07.15 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{354652EF-97C0-4F34-83A2-CF8E84A217E4} ========== Files - Modified Within 30 Days ========== [2012.08.12 14:57:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe [2012.08.12 14:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.12 14:51:50 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys [2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 14:46:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.12 13:29:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.12 13:29:52 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.12 13:29:52 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.12 13:29:52 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.12 13:29:52 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.12 13:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.12 13:04:12 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat [2012.08.12 12:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.05 15:43:23 | 000,274,395 | ---- | M] () -- C:\Users\Zorluokat\Desktop\business paln.pdf [2012.08.03 18:17:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 18:17:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.16 11:16:56 | 005,003,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.12 13:04:12 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat [2012.08.05 15:43:23 | 000,274,395 | ---- | C] () -- C:\Users\Zorluokat\Desktop\business paln.pdf [2012.04.26 15:51:55 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2012.04.26 15:51:15 | 000,000,113 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2012.04.26 15:47:01 | 000,000,114 | ---- | C] () -- C:\Windows\Startup.INI [2012.02.22 00:20:14 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.02.24 18:00:36 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.01.18 19:27:58 | 000,001,456 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.01.01 20:24:17 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.16 20:09:39 | 000,005,120 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.13 01:05:13 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.10.05 22:39:40 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2010.09.28 19:25:11 | 000,000,118 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\wklnhst.dat [2010.09.27 16:40:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.09.23 17:37:02 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe [2010.09.23 17:37:02 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.08.2012 15:27:09 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Zorluokat\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 4,98 Gb Available Physical Memory | 83,54% Memory free 11,92 Gb Paging File | 11,09 Gb Available in Paging File | 93,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919,82 Gb Total Space | 820,30 Gb Free Space | 89,18% Space Free | Partition Type: NTFS Drive D: | 11,59 Gb Total Space | 1,65 Gb Free Space | 14,24% Space Free | Partition Type: NTFS Computer Name: ZORLUOKAT-PC | User Name: Zorluokat | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Zorluokat\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.) SRV - (SensticPocketService) -- C:\Program Files (x86)\Senstic\PocketControl\SensticPocketServiceWin.exe (Senstic) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DATEV Update-Service) -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (avshws) -- C:\Windows\SysNative\drivers\camsource64.sys (Senstic) DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (PocketAudio) -- C:\Windows\SysNative\drivers\senaudio64.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (vvftav303) -- C:\Windows\SysNative\drivers\vvftav303.sys (Vimicro Corporation) DRV:64bit: - (ZSMC0303) -- C:\Windows\SysNative\drivers\usbVM303.sys (Vimicro Corporation) DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5} IE:64bit: - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5} IE - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5} IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes\{6715A0D7-5598-4BF3-B5C8-E856527F1565}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) O1 HOSTS File: ([2011.03.30 20:14:56 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Programme\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [VMSnap3] C:\Windows\vmsnap3.exe (Vimicro) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [xwizard] C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\3800\xwizard.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9C0FFB-46A1-43D0-B5DE-40102E2E5A35}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.12 14:57:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe [2012.08.12 13:02:26 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.08.12 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto [2012.08.12 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D5F7CD32-0B06-4520-9303-AAEB64324CD8} [2012.08.12 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{52324117-765C-44D7-89A2-2003D3D64421} [2012.08.11 10:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0BE896B3-9371-46CC-BACE-DF1F5A806F5C} [2012.08.11 10:52:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4EDD5E7D-2E56-4871-8A8A-63AE2AF0E09A} [2012.08.10 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BC5E4259-C07E-4E9B-A4ED-490962BCBF23} [2012.08.10 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F67FEE5-4FB5-42B4-BF7C-3347FACFF959} [2012.08.09 10:03:33 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7C7384C9-2DAF-4589-86F0-BFEB8A7129AE} [2012.08.09 10:03:22 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CA3109EA-283A-4E0F-97DD-53305696381A} [2012.08.08 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{04B1A48F-B026-4DE3-B273-C6B2BFF05603} [2012.08.08 10:58:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BE24A8FF-9E07-4024-AD4D-A121E6CFB57C} [2012.08.07 22:58:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{B21967D5-3668-4002-B4C1-FAB88BCDA845} [2012.08.07 22:57:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EB1581F2-F014-419D-9C90-90737E46EDED} [2012.08.07 07:41:06 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC3C5F2B-8FFF-4575-A82F-6FDCE7E2075B} [2012.08.07 07:40:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{51129F57-A005-41F7-813E-40D9F4C98473} [2012.08.05 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.08.05 17:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.08.05 14:41:44 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\türkei bilder 2012 [2012.08.05 13:29:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{A209EEE8-FBAA-4332-8506-964ECE41B1DA} [2012.08.05 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4F2FDE3A-9C05-4DDE-86BD-997E7AD7CDAD} [2012.08.04 10:38:19 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{63C63464-322E-4F3D-B671-C4FF7F6ABF66} [2012.08.04 10:38:08 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C9922DA6-3E68-444C-84B2-0A97E432A35D} [2012.08.03 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{BB16E1D4-0466-4B79-AF95-AE55C0B42286} [2012.08.03 09:48:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{1C960E88-8F8E-40D2-BBB0-5FD79BD16221} [2012.08.01 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{72780667-68F8-443B-BC05-0E16946D8FBF} [2012.08.01 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0A82955C-4F0E-40C8-AF88-905177EEE545} [2012.07.31 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F75A2985-1F6B-4C52-A87C-4F213A23FADE} [2012.07.31 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{2133892B-43DA-406E-A607-30EC9536661C} [2012.07.31 21:59:46 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{AA6CF83A-1DC4-496E-9189-C207368ED0A5} [2012.07.31 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{CC51B752-85FE-4B6E-BB98-7B6F502B6C56} [2012.07.30 22:30:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8D6CC450-B661-4C9F-947E-A63F3190BE53} [2012.07.30 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94126CC9-1D2D-4DD3-88B1-8875A88A6C04} [2012.07.29 13:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{94CA4A87-97EA-43F3-BDAC-A07827F98A5A} [2012.07.29 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{469ED139-A96D-40AF-BFB3-462F1FA1F69F} [2012.07.28 15:56:59 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5313F3C4-634E-419F-AB87-56114A975E8A} [2012.07.28 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{D51F00FE-2787-47DF-B378-B39E3676A035} [2012.07.27 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{372B661A-B8FB-401E-9721-1BCC9B54C160} [2012.07.27 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{5A802D33-71A8-47D0-9A13-2DCAF63F5662} [2012.07.26 23:02:21 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{EC9DA2A4-B7DF-4108-986E-9A33F6ADFA4F} [2012.07.26 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F13F675-C4CD-4AC0-8D12-F8ACA16A372B} [2012.07.25 07:53:54 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{260A54FD-1DFA-47B5-A080-6B8AD51BF8B4} [2012.07.25 07:53:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{22DBC9C4-7EB3-4675-A5D1-3906E06B8FFC} [2012.07.23 17:27:49 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{78D3A68E-2976-49AA-BE42-80336E4C6E1A} [2012.07.23 17:27:37 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{502A2B5E-9D54-44EB-8C67-DAD812A8D202} [2012.07.22 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{C615687C-1F9E-418C-B129-A9A1CBAAD4A0} [2012.07.22 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{084A1B7E-04BA-4625-8953-5348BA6153F8} [2012.07.21 20:53:35 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{61C77AC9-5B41-4433-972E-8E1C2DAFD682} [2012.07.21 20:53:24 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7D3D9F87-410E-4A63-B1E4-F8027461E128} [2012.07.21 08:52:58 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{323BB2A1-1BFA-40A1-85CE-5581202B77AF} [2012.07.21 08:52:47 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{3F1FF85A-85B5-43C6-BEE3-833FEE26C213} [2012.07.18 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{7523CCEE-1C8E-4BE0-BBE3-A431CD886D4F} [2012.07.18 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{083C6E36-C8F1-4192-92BF-A4DE405EA38E} [2012.07.17 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner (2) [2012.07.17 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\Desktop\Neuer Ordner [2012.07.17 20:56:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{0B848230-F4DC-4CE4-9536-4ACBC63E2C6A} [2012.07.17 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{DC8A1F1C-3E6B-48E9-A569-A57AD89CC5B7} [2012.07.16 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{4BFC04CC-20F5-43D7-BC47-2F3B9ED613CB} [2012.07.16 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{20B6A69A-6614-4C6C-9DE1-B9D318A9572F} [2012.07.16 11:18:10 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{F00AB6A4-65B8-41B9-8064-4C3E5516E7CE} [2012.07.16 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{8C222B6D-B973-4361-9C2E-A44B715134E7} [2012.07.16 00:36:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.16 00:36:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.16 00:36:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.16 00:36:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.16 00:36:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.16 00:36:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.16 00:36:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.16 00:36:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.16 00:36:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.16 00:36:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.16 00:36:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.16 00:36:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.16 00:36:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.15 15:27:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.15 15:27:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.07.15 15:27:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.07.15 15:27:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.07.15 15:27:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.15 15:27:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.07.15 15:27:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.07.15 15:26:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.07.15 15:26:53 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.07.15 15:26:25 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.07.15 15:26:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.07.15 15:25:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.15 15:25:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.15 15:09:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.07.15 15:09:13 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.07.15 15:09:13 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.07.15 15:09:04 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.07.15 15:09:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.07.15 15:09:04 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.07.15 15:08:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.07.15 15:08:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.07.15 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{47EA696F-8DCE-4D90-A670-920A9D8A817D} [2012.07.15 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Local\{354652EF-97C0-4F34-83A2-CF8E84A217E4} ========== Files - Modified Within 30 Days ========== [2012.08.12 14:57:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Zorluokat\Desktop\OTL.exe [2012.08.12 14:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.12 14:51:50 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys [2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 14:50:32 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 14:46:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.12 13:29:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.12 13:29:52 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.12 13:29:52 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.12 13:29:52 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.12 13:29:52 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.12 13:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.12 13:04:12 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat [2012.08.12 12:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.05 15:43:23 | 000,274,395 | ---- | M] () -- C:\Users\Zorluokat\Desktop\business paln.pdf [2012.08.03 18:17:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 18:17:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.16 11:16:56 | 005,003,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.12 13:04:12 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat [2012.08.05 15:43:23 | 000,274,395 | ---- | C] () -- C:\Users\Zorluokat\Desktop\business paln.pdf [2012.04.26 15:51:55 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2012.04.26 15:51:15 | 000,000,113 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2012.04.26 15:47:01 | 000,000,114 | ---- | C] () -- C:\Windows\Startup.INI [2012.02.22 00:20:14 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.02.24 18:00:36 | 000,000,132 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.01.18 19:27:58 | 000,001,456 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.01.01 20:24:17 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.16 20:09:39 | 000,005,120 | ---- | C] () -- C:\Users\Zorluokat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.13 01:05:13 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.10.05 22:39:40 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2010.09.28 19:25:11 | 000,000,118 | ---- | C] () -- C:\Users\Zorluokat\AppData\Roaming\wklnhst.dat [2010.09.27 16:40:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.09.23 17:37:02 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe [2010.09.23 17:37:02 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe ========== LOP Check ========== [2012.01.18 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Air Cam Live Video - PC Control [2011.01.08 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.03.21 00:43:01 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\DVDVideoSoft [2011.11.04 19:45:54 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.12 12:51:09 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto [2012.03.16 01:59:16 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\redsn0w [2011.01.08 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.09.28 19:25:21 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Template [2010.11.07 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Tific [2010.09.15 23:11:39 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\WildTangent [2010.09.15 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\WinBatch [2010.12.16 00:07:24 | 000,000,000 | ---D | M] -- C:\Users\Zorluokat\AppData\Roaming\Windows Live Writer [2012.05.31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012.08.09 10:47:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > malware-log Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.12.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Zorluokat :: ZORLUOKAT-PC [Administrator] Schutz: Deaktiviert 12.08.2012 15:40:08 mbam-log-2012-08-12 (15-40-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 424385 Laufzeit: 38 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) # AdwCleaner v1.800 - Logfile created 08/12/2012 at 16:50:37 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Zorluokat - ZORLUOKAT-PC # Running from : C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DLY8HJ6Z\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Zorluokat\AppData\Local\Conduit Folder Found : C:\Users\Zorluokat\AppData\Local\OpenCandy Folder Found : C:\Users\Zorluokat\AppData\LocalLow\Conduit Folder Found : C:\Users\Zorluokat\AppData\LocalLow\WiseConvert Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\WiseConvert ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar Key Found : HKLM\SOFTWARE\WiseConvert [x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit [x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar [x64] Key Found : HKCU\Software\AppDataLow\Toolbar [x64] Key Found : HKCU\Software\Softonic ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C679A0BD-77B7-478D-B572-5A7ADBB92855} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29549967-39BA-414A-83B3-8BD91CCD4165} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716 ************************* AdwCleaner[R1].txt - [3017 octets] - [12/08/2012 16:50:37] ########## EOF - C:\AdwCleaner[R1].txt - [3145 octets] ########## |
|
12.08.2012, 21:35
| #2 |
| /// Helfer-Team  | PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE:64bit: - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKLM\..\SearchScopes\{0901452B-111D-4DF0-8BD4-9940C98958C5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes,DefaultScope = {0901452B-111D-4DF0-8BD4-9940C98958C5}
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\SearchScopes\{6715A0D7-5598-4BF3-B5C8-E856527F1565}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
O3 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2941282259-881980756-2608785510-1001..\Run: [xwizard] C:\Users\Zorluokat\AppData\Local\Microsoft\Windows\3800\xwizard.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2012.08.12 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\Zorluokat\AppData\Roaming\hellomoto
[2012.08.12 14:46:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 13:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.12 12:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
28.09.2012, 10:55
| #3 |
| /// Helfer-Team | PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
|
| Themen zu PC-gesperrt! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert |
| abgesicherte, abgesicherten, abgesicherten modus, adwcleaner, appdatalow, bingbar, blockiert, bundesrepublik, compu, computer, der computer ist für die verletzung, der computer ist für die verletzung der gesetze, deutschland, dringend, gesetze, google earth, modus, pc-gesperrt, plug-in, troja, trojaner, verletzung, verletzung der gesetze, verletzung der gesetze der bundesrepublik deutschland wurde blockiert |
Linear-Darstellung
