Hab den Virus "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"

Babaschlumpf · 10.09.2012, 14:07

Hallo.
Mich hat es auch erwischt.

"Der Computer ist für die Verletzung der Gesetze der BRD wurde blockiert"

Jetzt bin ich im Abgesicherten Modus mit Netzwerk... online.

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-10 13:58:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_HD501LJ rev.CR100-12
Running: dsyky5n7.exe; Driver: C:\Users\Oezkan\AppData\Local\Temp\uxdiapoc.sys


---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Mozilla Firefox\firefox.exe[332] ntdll.dll!LdrLoadDll                          779F9378 5 Bytes  JMP 6C010C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[332] kernel32.dll!HeapSetInformation + 26          775DA84A 7 Bytes  JMP 6C013FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[332] kernel32.dll!LockResource + C                 775F68EB 7 Bytes  JMP 6C247B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[332] kernel32.dll!VirtualAllocEx + 54              775FAD50 7 Bytes  JMP 6C247B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[332] USER32.dll!GetWindowInfo                      7644428E 5 Bytes  JMP 6C16B77F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[332] GDI32.dll!SetStretchBltMode + 256             7631745C 7 Bytes  JMP 6C247AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1916] USER32.dll!GetWindowInfo            7644428E 5 Bytes  JMP 6C164536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1916] USER32.dll!SetMenuItemBitmaps + 71  764514EE 7 Bytes  JMP 6C164B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.09.2012 13:00:19 - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Oezkan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 80,73% Memory free
6,68 Gb Paging File | 6,26 Gb Available in Paging File | 93,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 349,86 Gb Free Space | 75,12% Space Free | Partition Type: NTFS
Drive D: | 383,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: OEZKAN-PC | User Name: Oezkan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.10 12:59:54 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Oezkan\Desktop\OTL.exe
PRC - [2012.09.10 10:41:03 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.10 10:41:02 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.12.12 08:30:30 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.06.12 01:10:08 | 000,016,768 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.09.10 10:41:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009.03.28 01:03:13 | 000,604,416 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.03.28 01:03:07 | 000,360,704 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2003.07.28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\WPRO_40_1340.sys -- (WPRO_40_1340)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmnsusbser.sys -- (cmnsusbser)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AF15BDA.sys -- (AF15BDA)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.09 19:43:16 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)
DRV - [2008.07.22 10:01:34 | 000,151,592 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mv61xx.sys -- (mv61xx)
DRV - [2008.07.01 02:28:00 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.01.31 12:30:32 | 000,599,040 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.12.17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 01:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2007.01.06 22:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2006.10.18 14:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={9045B249-CFC2-42A8-9F6C-F563DA0EE72E}&mid=90d2da50bc6347d0b46ad16b5310f5cc-0ccfcfd879739b436de2393a93b6dd8872057105&lang=de&ds=AVG&pr=fr&d=2012-04-19 22:44:22&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: welcome@toolmin.com:1.03
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oezkan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oezkan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.23 06:47:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.22 23:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.20 10:16:10 | 000,000,000 | ---D | M]
 
[2009.01.28 00:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oezkan\AppData\Roaming\mozilla\Extensions
[2012.08.21 19:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oezkan\AppData\Roaming\mozilla\Firefox\Profiles\h6jagyc9.default\extensions
[2010.08.08 16:42:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Oezkan\AppData\Roaming\mozilla\Firefox\Profiles\h6jagyc9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.21 19:43:42 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Oezkan\AppData\Roaming\mozilla\Firefox\Profiles\h6jagyc9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.22 13:37:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Oezkan\AppData\Roaming\mozilla\Firefox\Profiles\h6jagyc9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.23 06:43:42 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Oezkan\AppData\Roaming\mozilla\Firefox\Profiles\h6jagyc9.default\extensions\welcome@toolmin.com
[2011.12.03 00:30:34 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Oezkan\AppData\Roaming\mozilla\firefox\profiles\h6jagyc9.default\extensions\personas@christopher.beard.xpi
[2012.07.24 23:34:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Oezkan\AppData\Roaming\mozilla\firefox\profiles\h6jagyc9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.27 13:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.10 10:41:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.08.14 21:00:38 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\mozilla firefox\plugins\NPOP7PlugIn.dll
[2012.04.21 19:38:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.23 13:19:06 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.10 10:40:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 19:38:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 19:38:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.23 06:43:42 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.04.21 19:38:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 19:38:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Oezkan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: No name found = C:\Users\Oezkan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: No name found = C:\Users\Oezkan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Oezkan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [VaultSysUi] C:\Users\Oezkan\AppData\Local\Microsoft\Windows\1644\VaultSysUi.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Free YouTube Download - C:\Users\Oezkan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Oezkan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AA91EAF-899E-4879-B992-F6B8B585C127}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6634491C-34B7-4083-AD11-B48B8E4932FB}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Oezkan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Oezkan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.10.11 03:31:02 | 000,000,049 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006.11.07 02:19:12 | 000,147,456 | R--- | M] () - D:\AutoPattern.exe -- [ CDFS ]
O33 - MountPoints2\{01d00f83-a887-11df-b316-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{01d00f83-a887-11df-b316-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{039ad260-a889-11df-bf35-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{039ad260-a889-11df-bf35-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{05b44dda-fe3d-11d5-bf3e-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{05b44dda-fe3d-11d5-bf3e-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{05b44ddb-fe3d-11d5-bf3e-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{05b44ddb-fe3d-11d5-bf3e-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{05b44fb5-fe3d-11d5-bf3e-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{05b44fb5-fe3d-11d5-bf3e-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{05b44fb7-fe3d-11d5-bf3e-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{05b44fb7-fe3d-11d5-bf3e-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{314ed99a-4b49-11e1-9897-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{314ed99a-4b49-11e1-9897-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{314ed99c-4b49-11e1-9897-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{314ed99c-4b49-11e1-9897-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{36f96098-c1c9-11df-b6a1-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{36f96098-c1c9-11df-b6a1-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{36f960a4-c1c9-11df-b6a1-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{36f960a4-c1c9-11df-b6a1-002215f41c3f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3a3aa147-ea5e-11dd-bec3-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{3a3aa147-ea5e-11dd-bec3-002215f41c3f}\Shell\AutoRun\command - "" = D:\Monsetup.exe -- [2006.10.11 03:28:07 | 002,957,774 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{6c25b4d5-4e91-11e1-910c-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{6c25b4d5-4e91-11e1-910c-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6c25b4df-4e91-11e1-910c-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{6c25b4df-4e91-11e1-910c-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6d018e23-3f3f-11df-a7df-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{6d018e23-3f3f-11df-a7df-002215f41c3f}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{6e970828-9671-11de-bead-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{6e970828-9671-11de-bead-002215f41c3f}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{6fd6b7cc-f5d0-11e0-9f99-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6fd6b7cc-f5d0-11e0-9f99-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{780977c4-a978-11df-b9b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{780977c4-a978-11df-b9b9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7809780f-a978-11df-b9b9-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{7809780f-a978-11df-b9b9-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{78097828-a978-11df-b9b9-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{78097828-a978-11df-b9b9-002215f41c3f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7848ab26-e8ca-11dd-aef4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7848ab26-e8ca-11dd-aef4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CDSTART.EXE
O33 - MountPoints2\{7f772c21-a97b-11df-97fd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7f772c21-a97b-11df-97fd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{88a930f9-c27a-11df-af03-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{88a930f9-c27a-11df-af03-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{88a93103-c27a-11df-af03-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{88a93103-c27a-11df-af03-002215f41c3f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9667c884-bb58-11df-aeae-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{9667c884-bb58-11df-aeae-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9667c885-bb58-11df-aeae-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{9667c885-bb58-11df-aeae-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a1c2d41d-267e-11e1-9a4c-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{a1c2d41d-267e-11e1-9a4c-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a1c2d462-267e-11e1-9a4c-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{a1c2d462-267e-11e1-9a4c-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a70ac832-5500-11de-9a71-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{a70ac832-5500-11de-9a71-002215f41c3f}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{a70ac880-5500-11de-9a71-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{a70ac880-5500-11de-9a71-002215f41c3f}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{d928f6a8-4bbb-11df-9ff5-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{d928f6a8-4bbb-11df-9ff5-002215f41c3f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d928f6c9-4bbb-11df-9ff5-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{d928f6c9-4bbb-11df-9ff5-002215f41c3f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{fe2d2ccd-ea49-11dd-b931-002215f41c3f}\Shell - "" = AutoRun
O33 - MountPoints2\{fe2d2ccd-ea49-11dd-b931-002215f41c3f}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{fe2d2ccd-ea49-11dd-b931-002215f41c3f}\Shell\setup\command - "" = D:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 12:59:54 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Oezkan\Desktop\OTL.exe
[2012.08.28 16:20:37 | 000,000,000 | ---D | C] -- C:\Users\Oezkan\AppData\Roaming\hellomoto
[2012.08.27 13:47:33 | 000,000,000 | ---D | C] -- C:\Users\Oezkan\AppData\Roaming\Malwarebytes
[2012.08.27 13:47:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.27 13:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.27 13:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.27 13:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.23 11:12:49 | 000,000,000 | ---D | C] -- C:\Users\Oezkan\AppData\Roaming\dvdcss
[2012.08.19 01:59:01 | 000,000,000 | ---D | C] -- C:\Users\Oezkan\Desktop\fgfhgdhs-Dateien
[2012.08.19 01:52:59 | 000,000,000 | ---D | C] -- C:\Users\Oezkan\Desktop\6er EBAY-Dateien
[2012.08.17 12:11:15 | 000,000,000 | ---D | C] -- C:\Users\Oezkan\AppData\Roaming\AVG
[2012.08.17 12:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012.08.13 12:33:59 | 000,000,000 | ---D | C] -- C:\Users\Oezkan\AppData\Roaming\PhotoScape
[2012.08.13 12:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.08.13 12:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.10 12:59:54 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Oezkan\Desktop\OTL.exe
[2012.09.10 12:55:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.10 12:53:07 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.10 12:53:04 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 12:53:04 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 12:41:28 | 000,001,356 | ---- | M] () -- C:\Users\Oezkan\AppData\Local\d3d9caps.dat
[2012.09.10 12:35:39 | 000,000,000 | ---- | M] () -- C:\Users\Oezkan\defogger_reenable
[2012.09.10 10:36:03 | 094,137,248 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.09.10 10:34:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 13:40:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157794180-3385835679-2736439649-1000UA.job
[2012.08.28 12:37:49 | 000,248,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.27 13:47:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.27 12:17:38 | 000,023,552 | ---- | M] () -- C:\Users\Oezkan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.26 18:14:24 | 000,373,435 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.08.25 23:40:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157794180-3385835679-2736439649-1000Core.job
[2012.08.25 22:43:00 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\hpwebreg_xxxxxxxxxx.job
[2012.08.22 00:42:16 | 000,002,047 | ---- | M] () -- C:\Users\Oezkan\Desktop\Google Chrome.lnk
[2012.08.19 01:59:01 | 000,361,190 | ---- | M] () -- C:\Users\Oezkan\Desktop\fgfhgdhs.htm
[2012.08.19 01:52:59 | 000,071,900 | ---- | M] () -- C:\Users\Oezkan\Desktop\6er EBAY.htm
[2012.08.19 01:42:00 | 000,017,770 | ---- | M] () -- C:\Users\Oezkan\Desktop\552954_2906607191132_1846054454_n.jpg
[2012.08.13 12:52:59 | 000,035,668 | ---- | M] () -- C:\Users\Oezkan\Documents\testdaf_anmeldebestaetigung.pdf
[2012.08.13 12:34:28 | 000,071,680 | -H-- | M] () -- C:\Users\Oezkan\Desktop\photothumb.db
[2012.08.13 12:31:13 | 000,000,828 | ---- | M] () -- C:\Users\Oezkan\Desktop\PhotoScape.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.10 12:35:39 | 000,000,000 | ---- | C] () -- C:\Users\Oezkan\defogger_reenable
[2012.08.27 13:47:25 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.23 10:30:13 | 000,000,044 | ---- | C] () -- C:\Users\Oezkan\Desktop\Track01.cda
[2012.08.19 01:59:01 | 000,361,190 | ---- | C] () -- C:\Users\Oezkan\Desktop\fgfhgdhs.htm
[2012.08.19 01:52:59 | 000,071,900 | ---- | C] () -- C:\Users\Oezkan\Desktop\6er EBAY.htm
[2012.08.19 01:41:59 | 000,017,770 | ---- | C] () -- C:\Users\Oezkan\Desktop\552954_2906607191132_1846054454_n.jpg
[2012.08.13 12:52:58 | 000,035,668 | ---- | C] () -- C:\Users\Oezkan\Documents\testdaf_anmeldebestaetigung.pdf
[2012.08.13 12:34:26 | 000,071,680 | -H-- | C] () -- C:\Users\Oezkan\Desktop\photothumb.db
[2012.08.13 12:31:13 | 000,000,828 | ---- | C] () -- C:\Users\Oezkan\Desktop\PhotoScape.lnk
[2012.01.26 01:30:22 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012.01.26 01:30:22 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.12.23 06:02:19 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.12.23 06:02:19 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.12.03 00:29:34 | 000,006,142 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011.08.14 23:34:50 | 000,000,000 | ---- | C] () -- C:\ProgramData\ff1ddf2d35be913bcce3a224bac39279_c
[2009.07.22 23:02:46 | 000,024,064 | ---- | C] () -- C:\Users\Oezkan\AppData\Roaming\UserTile.png
[2009.02.23 14:02:57 | 000,023,552 | ---- | C] () -- C:\Users\Oezkan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.30 21:01:40 | 000,022,328 | ---- | C] () -- C:\Users\Oezkan\AppData\Roaming\PnkBstrK.sys
[2009.01.28 00:44:05 | 000,000,552 | ---- | C] () -- C:\Users\Oezkan\AppData\Local\d3d8caps.dat
[2009.01.22 23:35:19 | 000,001,356 | ---- | C] () -- C:\Users\Oezkan\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.01.14 10:35:56 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\Alle meine Passworte
[2012.08.17 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\AVG
[2009.02.14 23:08:39 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\Balabolka
[2009.01.31 21:10:50 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2010.07.22 13:37:38 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.03 00:24:42 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\Fighters
[2012.08.28 16:21:37 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\hellomoto
[2012.01.08 12:39:54 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\Leadertech
[2009.02.27 01:35:36 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\OpenOffice.org
[2009.07.22 23:02:45 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\PeerNetworking
[2012.08.13 12:42:24 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\PhotoScape
[2009.01.31 21:10:38 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\Raptr
[2012.01.22 18:50:20 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\TestApp
[2012.01.12 15:13:15 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\toolplugin
[2012.04.20 10:45:11 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\TuneUp Software
[2012.06.04 03:25:33 | 000,000,000 | ---D | M] -- C:\Users\Oezkan\AppData\Roaming\XSManager
[2012.08.31 00:34:50 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

--- --- ---

10.09.2012 14:04:08
text1

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 315038
Laufzeit: 30 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Oezkan\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\Users\Oezkan\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.
C:\Users\Oezkan\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.

(Ende)

Hab den Virus "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"

Plagegeister aller Art und deren Bekämpfung: Hab den Virus "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"

Hab den Virus "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"

Ähnliche Themen: Hab den Virus "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"