| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Anti Malware Doctor endgültig entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.05.2011, 17:19
| #61 |
 |  Anti Malware Doctor endgültig entfernen All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. ========== FILES ========== c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp moved successfully. c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gökhan Gürel ->Temp folder emptied: 248831 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 87648940 bytes ->Flash cache emptied: 651 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 52718176 bytes Total Files Cleaned = 134,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05062011_152804 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
07.05.2011, 15:53
| #62 |
| | Anti Malware Doctor endgültig entfernen ESETSmartInstaller@High as CAB hook log:
__________________OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=81e50eca4ba81a4ab8cb2004c4c970ef # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-07 12:39:23 # local_time=2011-05-07 02:39:23 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 77180 41302114 126123 0 # compatibility_mode=5892 16776638 100 100 347082 142298065 0 0 # compatibility_mode=8192 67108863 100 0 213 213 0 0 # scanned=153054 # found=5 # cleaned=0 # scan_time=6669 C:\Qoobox\Quarantine\[4]-Submit_2011-05-04_22.48.14.zip multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe.vir a variant of Win32/Spy.Banker.VTW trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4986b9b8-6b786e51 a variant of Win32/Spy.Banker.VTW trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\04272011_195555\C_Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\04272011_195555\C_Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I |
|
08.05.2011, 11:33
| #63 |
| | Anti Malware Doctor endgültig entfernen OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 08.05.2011 11:38:37 - Run 8 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gökhan Gürel\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 952,00 Mb Total Physical Memory | 381,00 Mb Available Physical Memory | 40,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 12,18 Gb Free Space | 17,49% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\GKHANG~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\RouterControl\RouterControl.exe (Mirko Böer) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International) PRC - C:\Programme\Common Files\Megatech\MProtect\MPServ.exe () PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International) SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe () SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "spiegel-online.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 16:00:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 16:00:20 | 000,000,000 | ---D | M] [2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions [2011.05.07 12:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions [2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.07 12:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.06 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2011.05.06 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} [2011.05.06 18:24:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.04 23:03:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {17052482-DBDC-7730-7743-E53C20E965EB} - Browser Customizations ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {74A68C95-2811-BD6E-B680-24DD4A461C21} - Java (Sun) ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.07 12:44:40 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.05.06 18:25:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.05.06 18:24:36 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.05.05 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Fast and Furious 5 - Rio Heist [2011.05.05 17:38:40 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\faf [2011.05.05 17:38:24 | 000,124,416 | ---- | C] (SFT Loader und SFT Encrypter) -- C:\Users\Gökhan Gürel\Desktop\dsconn.dll [2011.05.04 23:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.05.04 23:34:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.05.04 23:34:04 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.05.04 23:34:04 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.05.04 23:34:00 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.05.04 23:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.05.04 23:13:47 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\temp [2011.05.04 23:10:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.04 23:01:35 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.04 22:44:47 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.05.04 22:44:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.05.04 21:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.04 21:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.04 21:52:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.04 21:52:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.04 21:52:01 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe [2011.05.04 18:39:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.04 18:39:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.04 18:39:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.04 18:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices [2011.05.03 20:57:03 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe [2011.05.01 23:02:32 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe [2011.04.28 19:17:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.04.28 15:09:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2011.04.27 19:55:55 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.27 18:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe [2011.04.27 18:59:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe [2011.04.27 18:59:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe [2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software [2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe [2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes [2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD [2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA [2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS [2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings [2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320) [2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.05.08 11:36:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.08 11:36:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.07 21:24:31 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job [2011.05.06 15:36:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.05.06 15:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.05 17:47:31 | 000,000,937 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\config.dat [2011.05.05 17:38:26 | 000,124,416 | ---- | M] (SFT Loader und SFT Encrypter) -- C:\Users\Gökhan Gürel\Desktop\dsconn.dll [2011.05.05 17:37:55 | 000,001,284 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\faf.sft [2011.05.04 23:42:56 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.05.04 23:03:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.05.04 22:41:47 | 004,337,362 | R--- | M] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe [2011.05.04 21:52:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.04 21:52:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe [2011.05.04 18:24:16 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.04 18:24:16 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.04 18:24:16 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.04 18:24:16 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.04 18:14:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.05.04 18:13:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.05.03 20:57:13 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe [2011.05.03 13:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat [2011.05.02 11:51:19 | 000,058,961 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg [2011.05.02 11:31:07 | 000,014,249 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar [2011.05.02 10:34:19 | 000,163,840 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.01 23:02:46 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe [2011.05.01 22:00:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.05.01 22:00:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.04.29 18:31:48 | 000,109,566 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg [2011.04.28 19:17:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.04.27 22:21:04 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe [2011.04.27 21:53:52 | 002,052,388 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG [2011.04.27 21:41:23 | 000,000,020 | ---- | M] () -- C:\Users\Gökhan Gürel\defogger_reenable [2011.04.27 21:37:18 | 000,050,477 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe [2011.04.27 19:36:29 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk [2011.04.27 19:36:29 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk [2011.04.27 19:00:03 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe [2011.04.27 19:00:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe [2011.04.27 19:00:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe [2011.04.27 18:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe [2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe [2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe [2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe [2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com [2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat [2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3 ========== Files Created - No Company Name ========== [2011.05.05 17:38:26 | 000,000,937 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\config.dat [2011.05.05 17:37:44 | 000,001,284 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\faf.sft [2011.05.04 22:41:25 | 004,337,362 | R--- | C] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe [2011.05.04 21:52:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.04 18:39:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.04 18:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.04 18:39:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.04 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.04 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.04 18:14:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.05.04 18:13:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.05.02 11:51:19 | 000,058,961 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg [2011.05.02 11:31:17 | 000,014,249 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar [2011.05.01 23:06:26 | 000,000,512 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat [2011.04.29 18:31:47 | 000,109,566 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg [2011.04.28 19:17:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.28 19:17:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.04.27 22:20:43 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe [2011.04.27 21:53:37 | 002,052,388 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG [2011.04.27 21:40:59 | 000,000,020 | ---- | C] () -- C:\Users\Gökhan Gürel\defogger_reenable [2011.04.27 21:37:05 | 000,050,477 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe [2011.04.27 18:59:49 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe [2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk [2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk [2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe [2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe [2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com [2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3 [2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat [2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini [2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat [2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI [2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL [2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini [2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss [2009.04.05 11:09:34 | 000,163,840 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.04.25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ashampoo [2009.06.03 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Buhl Data Service GmbH [2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools [2009.04.20 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Lite [2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Pro [2010.10.16 20:35:59 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers [2009.04.04 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\eSobi [2011.04.25 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\ICQ [2009.04.20 04:07:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\InterVideo [2011.03.31 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Karteikartentrainer [2009.10.14 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\LG Electronics [2009.04.17 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Mp3tag [2010.08.16 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\RouterControl [2009.07.01 13:26:14 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\soul.im [2010.10.18 19:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\TeamViewer [2010.03.15 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Vodafone [2011.03.31 19:49:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\WindSolutions [2011.05.06 15:30:21 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.05.07 21:24:31 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.04 23:10:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.04.03 21:38:11 | 000,000,000 | ---D | M] -- C:\Acer [2008.10.15 09:07:07 | 000,000,000 | ---D | M] -- C:\Book [2011.04.25 15:56:19 | 000,000,000 | ---D | M] -- C:\Boot [2011.05.04 23:13:51 | 000,000,000 | ---D | M] -- C:\ComboFix [2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.04.29 20:36:02 | 000,000,000 | ---D | M] -- C:\Downloads [2009.11.21 15:31:13 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2009.04.03 21:40:46 | 000,000,000 | ---D | M] -- C:\Elements [2008.05.14 09:39:56 | 000,000,000 | ---D | M] -- C:\Intel [2009.11.07 12:25:12 | 000,000,000 | ---D | M] -- C:\LG3G [2010.04.13 22:55:26 | 000,000,000 | R--D | M] -- C:\MSOCache [2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.07 12:44:40 | 000,000,000 | R--D | M] -- C:\Programme [2011.05.04 23:42:56 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.04 23:13:49 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.05.08 11:40:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.10.25 19:10:39 | 000,000,000 | ---D | M] -- C:\test [2009.04.03 21:36:48 | 000,000,000 | R--D | M] -- C:\Users [2010.02.13 22:43:51 | 000,000,000 | ---D | M] -- C:\WESTWOOD [2011.05.04 23:54:31 | 000,000,000 | ---D | M] -- C:\Windows [2011.04.27 19:55:55 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2009.04.03 21:39:32 | 000,000,000 | ---D | M] -- C:\Programme\Acer [2008.10.14 23:32:22 | 000,000,000 | ---D | M] -- C:\Programme\Acer Inc [2008.10.14 23:33:08 | 000,000,000 | ---D | M] -- C:\Programme\Acer Incorporated [2008.05.26 00:59:52 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites [2011.03.14 18:49:08 | 000,000,000 | ---D | M] -- C:\Programme\Adobe [2008.10.14 23:22:47 | 000,000,000 | ---D | M] -- C:\Programme\Apoint2K [2009.04.21 07:05:53 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update [2009.04.25 19:30:04 | 000,000,000 | ---D | M] -- C:\Programme\Ashampoo [2011.05.04 23:34:00 | 000,000,000 | ---D | M] -- C:\Programme\Avira [2010.11.08 01:15:41 | 000,000,000 | ---D | M] -- C:\Programme\AviSynth 2.5 [2008.05.14 09:42:55 | 000,000,000 | ---D | M] -- C:\Programme\Broadcom [2011.02.02 18:52:13 | 000,000,000 | ---D | M] -- C:\Programme\Buchungssatzpauker-B IKR 2.50 (Shareware) [2010.01.27 19:00:29 | 000,000,000 | ---D | M] -- C:\Programme\Canon [2010.01.27 18:53:56 | 000,000,000 | -H-D | M] -- C:\Programme\CanonBJ [2011.05.06 18:25:41 | 000,000,000 | ---D | M] -- C:\Programme\Common Files [2008.10.14 23:14:02 | 000,000,000 | ---D | M] -- C:\Programme\CONEXANT [2008.10.14 23:25:17 | 000,000,000 | ---D | M] -- C:\Programme\COREL [2009.04.20 01:07:14 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Lite [2009.04.20 00:59:10 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Pro [2009.05.11 08:46:54 | 000,000,000 | ---D | M] -- C:\Programme\DAMN NFO Viewer [2011.04.22 20:58:31 | 000,000,000 | ---D | M] -- C:\Programme\DivX [2011.05.02 11:20:33 | 000,000,000 | ---D | M] -- C:\Programme\DVDVideoSoft [2010.02.20 16:57:38 | 000,000,000 | ---D | M] -- C:\Programme\EA Games [2011.04.27 19:36:56 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT [2011.05.07 12:44:40 | 000,000,000 | ---D | M] -- C:\Programme\ESET [2009.04.04 16:34:27 | 000,000,000 | ---D | M] -- C:\Programme\eSobi [2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien [2010.03.17 00:25:34 | 000,000,000 | ---D | M] -- C:\Programme\Hornet Demo [2011.05.02 11:09:57 | 000,000,000 | ---D | M] -- C:\Programme\ICQ Away Reader [2011.04.15 21:12:28 | 000,000,000 | ---D | M] -- C:\Programme\ICQ7.2 [2011.05.02 14:28:26 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information [2008.05.14 09:40:01 | 000,000,000 | ---D | M] -- C:\Programme\Intel [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer [2008.10.14 23:28:16 | 000,000,000 | ---D | M] -- C:\Programme\InterVideo [2011.05.06 18:24:36 | 000,000,000 | ---D | M] -- C:\Programme\Java [2011.04.12 21:23:40 | 000,000,000 | ---D | M] -- C:\Programme\JDownloader [2008.10.14 23:24:52 | 000,000,000 | ---D | M] -- C:\Programme\Launch Manager [2011.05.04 21:52:50 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2010.01.31 15:42:51 | 000,000,000 | ---D | M] -- C:\Programme\Maxis [2009.09.17 21:38:02 | 000,000,000 | ---D | M] -- C:\Programme\MegaCAD_3D_2007 [2009.11.28 10:45:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft [2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games [2010.04.13 23:06:24 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office [2010.01.05 00:56:17 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Small Business [2011.03.25 19:38:40 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server [2011.01.26 18:13:58 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET [2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker [2011.05.06 18:38:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox [2009.11.29 14:37:52 | 000,000,000 | ---D | M] -- C:\Programme\Mp3tag [2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild [2009.04.03 22:07:34 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0 [2011.05.02 11:15:30 | 000,000,000 | ---D | M] -- C:\Programme\NewTech Infosystems [2008.10.14 23:20:49 | 000,000,000 | ---D | M] -- C:\Programme\O2Micro Flash Memory Card Driver [2011.04.01 17:45:47 | 000,000,000 | ---D | M] -- C:\Programme\PokerStars.NET [2009.10.17 17:01:31 | 000,000,000 | ---D | M] -- C:\Programme\ProtectDisc Driver Installer [2009.12.13 14:41:13 | 000,000,000 | ---D | M] -- C:\Programme\QS [2011.05.02 11:13:59 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime [2008.10.14 23:19:39 | 000,000,000 | ---D | M] -- C:\Programme\Realtek [2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies [2010.11.03 15:52:17 | 000,000,000 | ---D | M] -- C:\Programme\RouterControl [2009.05.03 11:52:37 | 000,000,000 | ---D | M] -- C:\Programme\SCWA-Software [2010.02.24 18:08:04 | 000,000,000 | R--D | M] -- C:\Programme\Skype [2011.05.01 22:57:49 | 000,000,000 | ---D | M] -- C:\Programme\Spybot - Search & Destroy [2011.02.12 16:27:01 | 000,000,000 | ---D | M] -- C:\Programme\TeamViewer [2006.11.02 14:58:18 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information [2009.04.07 01:43:34 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN [2010.02.24 18:02:58 | 000,000,000 | ---D | M] -- C:\Programme\Warcraft III [2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration [2011.04.25 15:48:31 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender [2009.05.05 17:07:55 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live [2009.05.05 17:07:26 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive [2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player [2009.04.03 21:33:10 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery [2011.05.04 18:14:58 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar [2009.11.14 18:57:26 | 000,000,000 | ---D | M] -- C:\Programme\winklers [2009.04.04 20:14:03 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-06 13:29:51 < > < End of report > |
|
08.05.2011, 11:33
| #64 |
| | Anti Malware Doctor endgültig entfernen OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.05.2011 11:38:37 - Run 8 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gökhan Gürel\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 952,00 Mb Total Physical Memory | 381,00 Mb Available Physical Memory | 40,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 12,18 Gb Free Space | 17,49% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\GKHANG~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\RouterControl\RouterControl.exe (Mirko Böer) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International) PRC - C:\Programme\Common Files\Megatech\MProtect\MPServ.exe () PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International) SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe () SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "spiegel-online.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 16:00:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 16:00:20 | 000,000,000 | ---D | M] [2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions [2011.05.07 12:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions [2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.07 12:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.06 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2011.05.06 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} [2011.05.06 18:24:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.04 23:03:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {17052482-DBDC-7730-7743-E53C20E965EB} - Browser Customizations ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {74A68C95-2811-BD6E-B680-24DD4A461C21} - Java (Sun) ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.07 12:44:40 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.05.06 18:25:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.05.06 18:24:36 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.05.05 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Fast and Furious 5 - Rio Heist [2011.05.05 17:38:40 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\faf [2011.05.05 17:38:24 | 000,124,416 | ---- | C] (SFT Loader und SFT Encrypter) -- C:\Users\Gökhan Gürel\Desktop\dsconn.dll [2011.05.04 23:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.05.04 23:34:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.05.04 23:34:04 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.05.04 23:34:04 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.05.04 23:34:00 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.05.04 23:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.05.04 23:13:47 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\temp [2011.05.04 23:10:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.04 23:01:35 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.04 22:44:47 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.05.04 22:44:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.05.04 21:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.04 21:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.04 21:52:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.04 21:52:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.04 21:52:01 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe [2011.05.04 18:39:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.04 18:39:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.04 18:39:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.04 18:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices [2011.05.03 20:57:03 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe [2011.05.01 23:02:32 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe [2011.04.28 19:17:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.04.28 15:09:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2011.04.27 19:55:55 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.27 18:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe [2011.04.27 18:59:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe [2011.04.27 18:59:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe [2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software [2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe [2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes [2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD [2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA [2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS [2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings [2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320) [2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.05.08 11:36:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.08 11:36:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.07 21:24:31 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job [2011.05.06 15:36:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.05.06 15:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.05 17:47:31 | 000,000,937 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\config.dat [2011.05.05 17:38:26 | 000,124,416 | ---- | M] (SFT Loader und SFT Encrypter) -- C:\Users\Gökhan Gürel\Desktop\dsconn.dll [2011.05.05 17:37:55 | 000,001,284 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\faf.sft [2011.05.04 23:42:56 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.05.04 23:03:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.05.04 22:41:47 | 004,337,362 | R--- | M] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe [2011.05.04 21:52:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.04 21:52:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe [2011.05.04 18:24:16 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.04 18:24:16 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.04 18:24:16 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.04 18:24:16 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.04 18:14:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.05.04 18:13:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.05.03 20:57:13 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe [2011.05.03 13:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat [2011.05.02 11:51:19 | 000,058,961 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg [2011.05.02 11:31:07 | 000,014,249 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar [2011.05.02 10:34:19 | 000,163,840 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.01 23:02:46 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe [2011.05.01 22:00:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.05.01 22:00:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.04.29 18:31:48 | 000,109,566 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg [2011.04.28 19:17:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.04.27 22:21:04 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe [2011.04.27 21:53:52 | 002,052,388 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG [2011.04.27 21:41:23 | 000,000,020 | ---- | M] () -- C:\Users\Gökhan Gürel\defogger_reenable [2011.04.27 21:37:18 | 000,050,477 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe [2011.04.27 19:36:29 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk [2011.04.27 19:36:29 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk [2011.04.27 19:00:03 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe [2011.04.27 19:00:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe [2011.04.27 19:00:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe [2011.04.27 18:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe [2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe [2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe [2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe [2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com [2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat [2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3 ========== Files Created - No Company Name ========== [2011.05.05 17:38:26 | 000,000,937 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\config.dat [2011.05.05 17:37:44 | 000,001,284 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\faf.sft [2011.05.04 22:41:25 | 004,337,362 | R--- | C] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe [2011.05.04 21:52:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.04 18:39:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.04 18:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.04 18:39:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.04 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.04 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.04 18:14:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.05.04 18:13:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.05.02 11:51:19 | 000,058,961 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg [2011.05.02 11:31:17 | 000,014,249 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar [2011.05.01 23:06:26 | 000,000,512 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat [2011.04.29 18:31:47 | 000,109,566 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg [2011.04.28 19:17:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.28 19:17:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.04.27 22:20:43 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe [2011.04.27 21:53:37 | 002,052,388 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG [2011.04.27 21:40:59 | 000,000,020 | ---- | C] () -- C:\Users\Gökhan Gürel\defogger_reenable [2011.04.27 21:37:05 | 000,050,477 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe [2011.04.27 18:59:49 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe [2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk [2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk [2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe [2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe [2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com [2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3 [2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat [2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini [2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat [2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI [2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL [2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini [2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss [2009.04.05 11:09:34 | 000,163,840 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.04.25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ashampoo [2009.06.03 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Buhl Data Service GmbH [2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools [2009.04.20 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Lite [2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Pro [2010.10.16 20:35:59 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers [2009.04.04 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\eSobi [2011.04.25 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\ICQ [2009.04.20 04:07:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\InterVideo [2011.03.31 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Karteikartentrainer [2009.10.14 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\LG Electronics [2009.04.17 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Mp3tag [2010.08.16 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\RouterControl [2009.07.01 13:26:14 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\soul.im [2010.10.18 19:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\TeamViewer [2010.03.15 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Vodafone [2011.03.31 19:49:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\WindSolutions [2011.05.06 15:30:21 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.05.07 21:24:31 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.04 23:10:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.04.03 21:38:11 | 000,000,000 | ---D | M] -- C:\Acer [2008.10.15 09:07:07 | 000,000,000 | ---D | M] -- C:\Book [2011.04.25 15:56:19 | 000,000,000 | ---D | M] -- C:\Boot [2011.05.04 23:13:51 | 000,000,000 | ---D | M] -- C:\ComboFix [2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.04.29 20:36:02 | 000,000,000 | ---D | M] -- C:\Downloads [2009.11.21 15:31:13 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2009.04.03 21:40:46 | 000,000,000 | ---D | M] -- C:\Elements [2008.05.14 09:39:56 | 000,000,000 | ---D | M] -- C:\Intel [2009.11.07 12:25:12 | 000,000,000 | ---D | M] -- C:\LG3G [2010.04.13 22:55:26 | 000,000,000 | R--D | M] -- C:\MSOCache [2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.07 12:44:40 | 000,000,000 | R--D | M] -- C:\Programme [2011.05.04 23:42:56 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.04 23:13:49 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.05.08 11:40:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.10.25 19:10:39 | 000,000,000 | ---D | M] -- C:\test [2009.04.03 21:36:48 | 000,000,000 | R--D | M] -- C:\Users [2010.02.13 22:43:51 | 000,000,000 | ---D | M] -- C:\WESTWOOD [2011.05.04 23:54:31 | 000,000,000 | ---D | M] -- C:\Windows [2011.04.27 19:55:55 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2009.04.03 21:39:32 | 000,000,000 | ---D | M] -- C:\Programme\Acer [2008.10.14 23:32:22 | 000,000,000 | ---D | M] -- C:\Programme\Acer Inc [2008.10.14 23:33:08 | 000,000,000 | ---D | M] -- C:\Programme\Acer Incorporated [2008.05.26 00:59:52 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites [2011.03.14 18:49:08 | 000,000,000 | ---D | M] -- C:\Programme\Adobe [2008.10.14 23:22:47 | 000,000,000 | ---D | M] -- C:\Programme\Apoint2K [2009.04.21 07:05:53 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update [2009.04.25 19:30:04 | 000,000,000 | ---D | M] -- C:\Programme\Ashampoo [2011.05.04 23:34:00 | 000,000,000 | ---D | M] -- C:\Programme\Avira [2010.11.08 01:15:41 | 000,000,000 | ---D | M] -- C:\Programme\AviSynth 2.5 [2008.05.14 09:42:55 | 000,000,000 | ---D | M] -- C:\Programme\Broadcom [2011.02.02 18:52:13 | 000,000,000 | ---D | M] -- C:\Programme\Buchungssatzpauker-B IKR 2.50 (Shareware) [2010.01.27 19:00:29 | 000,000,000 | ---D | M] -- C:\Programme\Canon [2010.01.27 18:53:56 | 000,000,000 | -H-D | M] -- C:\Programme\CanonBJ [2011.05.06 18:25:41 | 000,000,000 | ---D | M] -- C:\Programme\Common Files [2008.10.14 23:14:02 | 000,000,000 | ---D | M] -- C:\Programme\CONEXANT [2008.10.14 23:25:17 | 000,000,000 | ---D | M] -- C:\Programme\COREL [2009.04.20 01:07:14 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Lite [2009.04.20 00:59:10 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Pro [2009.05.11 08:46:54 | 000,000,000 | ---D | M] -- C:\Programme\DAMN NFO Viewer [2011.04.22 20:58:31 | 000,000,000 | ---D | M] -- C:\Programme\DivX [2011.05.02 11:20:33 | 000,000,000 | ---D | M] -- C:\Programme\DVDVideoSoft [2010.02.20 16:57:38 | 000,000,000 | ---D | M] -- C:\Programme\EA Games [2011.04.27 19:36:56 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT [2011.05.07 12:44:40 | 000,000,000 | ---D | M] -- C:\Programme\ESET [2009.04.04 16:34:27 | 000,000,000 | ---D | M] -- C:\Programme\eSobi [2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien [2010.03.17 00:25:34 | 000,000,000 | ---D | M] -- C:\Programme\Hornet Demo [2011.05.02 11:09:57 | 000,000,000 | ---D | M] -- C:\Programme\ICQ Away Reader [2011.04.15 21:12:28 | 000,000,000 | ---D | M] -- C:\Programme\ICQ7.2 [2011.05.02 14:28:26 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information [2008.05.14 09:40:01 | 000,000,000 | ---D | M] -- C:\Programme\Intel [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer [2008.10.14 23:28:16 | 000,000,000 | ---D | M] -- C:\Programme\InterVideo [2011.05.06 18:24:36 | 000,000,000 | ---D | M] -- C:\Programme\Java [2011.04.12 21:23:40 | 000,000,000 | ---D | M] -- C:\Programme\JDownloader [2008.10.14 23:24:52 | 000,000,000 | ---D | M] -- C:\Programme\Launch Manager [2011.05.04 21:52:50 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2010.01.31 15:42:51 | 000,000,000 | ---D | M] -- C:\Programme\Maxis [2009.09.17 21:38:02 | 000,000,000 | ---D | M] -- C:\Programme\MegaCAD_3D_2007 [2009.11.28 10:45:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft [2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games [2010.04.13 23:06:24 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office [2010.01.05 00:56:17 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Small Business [2011.03.25 19:38:40 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server [2011.01.26 18:13:58 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET [2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker [2011.05.06 18:38:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox [2009.11.29 14:37:52 | 000,000,000 | ---D | M] -- C:\Programme\Mp3tag [2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild [2009.04.03 22:07:34 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0 [2011.05.02 11:15:30 | 000,000,000 | ---D | M] -- C:\Programme\NewTech Infosystems [2008.10.14 23:20:49 | 000,000,000 | ---D | M] -- C:\Programme\O2Micro Flash Memory Card Driver [2011.04.01 17:45:47 | 000,000,000 | ---D | M] -- C:\Programme\PokerStars.NET [2009.10.17 17:01:31 | 000,000,000 | ---D | M] -- C:\Programme\ProtectDisc Driver Installer [2009.12.13 14:41:13 | 000,000,000 | ---D | M] -- C:\Programme\QS [2011.05.02 11:13:59 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime [2008.10.14 23:19:39 | 000,000,000 | ---D | M] -- C:\Programme\Realtek [2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies [2010.11.03 15:52:17 | 000,000,000 | ---D | M] -- C:\Programme\RouterControl [2009.05.03 11:52:37 | 000,000,000 | ---D | M] -- C:\Programme\SCWA-Software [2010.02.24 18:08:04 | 000,000,000 | R--D | M] -- C:\Programme\Skype [2011.05.01 22:57:49 | 000,000,000 | ---D | M] -- C:\Programme\Spybot - Search & Destroy [2011.02.12 16:27:01 | 000,000,000 | ---D | M] -- C:\Programme\TeamViewer [2006.11.02 14:58:18 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information [2009.04.07 01:43:34 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN [2010.02.24 18:02:58 | 000,000,000 | ---D | M] -- C:\Programme\Warcraft III [2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration [2011.04.25 15:48:31 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender [2009.05.05 17:07:55 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live [2009.05.05 17:07:26 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive [2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player [2009.04.03 21:33:10 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery [2011.05.04 18:14:58 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices [2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar [2009.11.14 18:57:26 | 000,000,000 | ---D | M] -- C:\Programme\winklers [2009.04.04 20:14:03 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-06 13:29:51 < > < End of report > |
|
08.05.2011, 11:47
| #65 |
| | Anti Malware Doctor endgültig entfernen Ich habe nix installiert. Nur die Programme die ich von dir aus installieren sollte. |
|
08.05.2011, 12:39
| #66 |
| /// TB-Ausbilder   | Anti Malware Doctor endgültig entfernen Hallo xRaptoRxGG, poste mir bitte noch das Logfile von SecurityCheck. Vielen Dank.  Sollte dann alles passen, dann kommt meine Abschlussantwort. |
|
08.05.2011, 21:02
| #67 |
| | Anti Malware Doctor endgültig entfernen Results of screen317's Security Check version 0.99.10 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java(TM) 6 Update 25 Out of date Java installed! Adobe Flash Player 10.2.152.32 Adobe Reader X (10.0.1) - Deutsch Mozilla Firefox (3.6.17) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe ``````````End of Log```````````` |
|
08.05.2011, 21:13
| #68 |
| /// TB-Ausbilder | Anti Malware Doctor endgültig entfernen Hallo xRaptoRxGG, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Dein Rechner ist sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt # 1: Java Cache leeren
Schritt # 2: ComboFix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt # 3: Systembereinigung mit OTL Als nächstes müssen wir alle Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
Schritt # 4: Programme deinstallieren/löschen
Schritt # 5: Systemwiederherstellungspunkte löschen Es ist nicht auszuschließen, dass durch die Malware auch Wiederherstellungspunkte infiziert sind. Dieses Problem behebst du wie folgt:
Schritt # 6: Windows Update aktivieren Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.
Schritt # 7: Schutz vor weiteren Infektionen Damit du in Zukunft vor ähnlichen Infektionen geschützt bist, empfehle ich dir noch ein paar nützliche Programme inklusive ein paar Tipps.
Schritt # 8: Passwörter ändern
Schritt # 9: Deine Rückmeldung Bitte gib mir kurz Bescheid, wenn alles erledigt ist und du keine Fragen mehr hast, damit ich das Thema aus meinen Abos löschen kann. |
|
10.05.2011, 20:54
| #69 |
| /// TB-Ausbilder | Anti Malware Doctor endgültig entfernen Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Anti Malware Doctor endgültig entfernen |
| .html, ander, anleitung, anti, anti malware doctor, beschäftigt, boardregeln, brauche, doctor, endgültig, entferne, entfernen, fehlermeldungen, gen, glaube, hoffe, immernoch, laptop, leitung, logfiles, malware, miteinander, thema, verhalten |
Linear-Darstellung
